diff --git a/.gitmodules b/.gitmodules index 5236001..e69de29 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +0,0 @@ -[submodule "csaf-validator-lib/csaf"] - path = csaf-validator-lib/csaf - url = https://github.com/oasis-tcs/csaf.git diff --git a/backend/lib/app.js b/backend/lib/app.js index 107b5ef..cf7397e 100644 --- a/backend/lib/app.js +++ b/backend/lib/app.js @@ -1,5 +1,5 @@ import config from 'config' -import { getHunspellAvailableLangs } from '../../csaf-validator-lib/hunspell.js' +import { getHunspellAvailableLangs } from '@secvisogram/csaf-validator-lib/hunspell.js' import { openApiInfo } from './openApiInfo.js' /** diff --git a/backend/lib/app/getTests.js b/backend/lib/app/getTests.js index 718a55f..9bba443 100644 --- a/backend/lib/app/getTests.js +++ b/backend/lib/app/getTests.js @@ -1,7 +1,7 @@ -import * as schemaTests from '../../../csaf-validator-lib/schemaTests.js' -import * as mandatoryTests from '../../../csaf-validator-lib/mandatoryTests.js' -import * as optionalTests from '../../../csaf-validator-lib/optionalTests.js' -import * as informativeTests from '../../../csaf-validator-lib/informativeTests.js' +import * as schemaTests from '@secvisogram/csaf-validator-lib/schemaTests.js' +import * as mandatoryTests from '@secvisogram/csaf-validator-lib/mandatoryTests.js' +import * as optionalTests from '@secvisogram/csaf-validator-lib/optionalTests.js' +import * as informativeTests from '@secvisogram/csaf-validator-lib/informativeTests.js' const swaggerInfo = { description: diff --git a/backend/lib/app/validate.js b/backend/lib/app/validate.js index 7d8a01c..ba9d583 100644 --- a/backend/lib/app/validate.js +++ b/backend/lib/app/validate.js @@ -1,11 +1,11 @@ -import * as schemaTests from '../../../csaf-validator-lib/schemaTests.js' -import * as mandatoryTests from '../../../csaf-validator-lib/mandatoryTests.js' -import * as optionalTests from '../../../csaf-validator-lib/optionalTests.js' -import * as informativeTests from '../../../csaf-validator-lib/informativeTests.js' -import * as basic from '../../../csaf-validator-lib/basic.js' -import * as extended from '../../../csaf-validator-lib/extended.js' -import * as full from '../../../csaf-validator-lib/full.js' -import validateStrict from '../../../csaf-validator-lib/validateStrict.js' +import * as schemaTests from '@secvisogram/csaf-validator-lib/schemaTests.js' +import * as mandatoryTests from '@secvisogram/csaf-validator-lib/mandatoryTests.js' +import * as optionalTests from '@secvisogram/csaf-validator-lib/optionalTests.js' +import * as informativeTests from '@secvisogram/csaf-validator-lib/informativeTests.js' +import * as basic from '@secvisogram/csaf-validator-lib/basic.js' +import * as extended from '@secvisogram/csaf-validator-lib/extended.js' +import * as full from '@secvisogram/csaf-validator-lib/full.js' +import validateStrict from '@secvisogram/csaf-validator-lib/validateStrict.js' /** @type {Record[0][number] | undefined>} */ const tests = Object.fromEntries( @@ -30,7 +30,7 @@ const presets = { const swaggerInfo = { description: - 'This endpoint is intended to validate a document against the specified tests. In the list of tests provide at least one object, where each object is used to run either a single test or an entire preset. For \'name\' provide the test\'s or the preset\'s name, and as \'type\' provide accordingly either \'test\' or \'preset\'. For the value of the property \'document\' just provide the json of your CSAF document.', + "This endpoint is intended to validate a document against the specified tests. In the list of tests provide at least one object, where each object is used to run either a single test or an entire preset. For 'name' provide the test's or the preset's name, and as 'type' provide accordingly either 'test' or 'preset'. For the value of the property 'document' just provide the json of your CSAF document.", summary: 'Validate document.', } diff --git a/backend/package-lock.json b/backend/package-lock.json index f91b884..1f7c712 100644 --- a/backend/package-lock.json +++ b/backend/package-lock.json @@ -9,6 +9,7 @@ "@fastify/cors": "^11.0.0", "@fastify/swagger": "^9.4.2", "@fastify/swagger-ui": "^5.2.2", + "@secvisogram/csaf-validator-lib": "^2.0.23", "close-with-grace": "^1.2.0", "config": "^3.3.8", "fastify": "^5.3.2" @@ -265,6 +266,21 @@ "yaml": "^2.4.1" } }, + "node_modules/@js-joda/core": { + "version": "5.7.0", + "resolved": "https://registry.npmjs.org/@js-joda/core/-/core-5.7.0.tgz", + "integrity": "sha512-WBu4ULVVxySLLzK1Ppq+OdfP+adRS4ntmDQT915rzDJ++i95gc2jZkM5B6LWEAwN3lGXpfie3yPABozdD3K3Vg==", + "license": "BSD-3-Clause" + }, + "node_modules/@js-joda/timezone": { + "version": "2.25.1", + "resolved": "https://registry.npmjs.org/@js-joda/timezone/-/timezone-2.25.1.tgz", + "integrity": "sha512-s79ts8bXrWqM9dIBKc0AdgGuAUFpu9gmzYhOCPHJlks/Sf7FSbJHRauWlFYUwjSTZevimqthEvJycrwrVz5m4g==", + "license": "BSD-3-Clause", + "peerDependencies": { + "@js-joda/core": ">=5.7.0" + } + }, "node_modules/@lukeed/ms": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/@lukeed/ms/-/ms-2.0.2.tgz", @@ -280,6 +296,26 @@ "integrity": "sha512-k2ENnmBugE/rzQfEcdWHcCY+/FM3VLzH9cYEsbdsoqrvzAKRhUZeRNhAZvB8OitQJ1TBed3yqWtdjzS6wJKBwg==", "license": "MIT" }, + "node_modules/@secvisogram/csaf-validator-lib": { + "version": "2.0.23", + "resolved": "https://registry.npmjs.org/@secvisogram/csaf-validator-lib/-/csaf-validator-lib-2.0.23.tgz", + "integrity": "sha512-kScIOPJng0yrdTzb8OsfxwKvVtEYYSPt9q3yWiIqTMi0DR+XTQi8+3wzCpaC0QrMask7lUoK5q/uA/gNEBjBKw==", + "license": "MIT", + "dependencies": { + "@js-joda/core": "^5.6.1", + "@js-joda/timezone": "^2.18.2", + "ajv": "^8.11.2", + "ajv-formats": "^3.0.1", + "bcp47": "^1.1.2", + "cvss2js": "^1.1.0", + "json-pointer": "^0.6.1", + "lodash": "^4.17.21", + "packageurl-js": "^2.0.1", + "semver": "^7.5.4", + "temporal-polyfill": "^0.3.0", + "undici": "^6.23.0" + } + }, "node_modules/@types/chai": { "version": "4.3.20", "resolved": "https://registry.npmjs.org/@types/chai/-/chai-4.3.20.tgz", @@ -445,6 +481,15 @@ "node": "18 || 20 || >=22" } }, + "node_modules/bcp47": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/bcp47/-/bcp47-1.1.2.tgz", + "integrity": "sha512-JnkkL4GUpOvvanH9AZPX38CxhiLsXMBicBY2IAtqiVN8YulGDQybUydWA4W6yAMtw6iShtw+8HEF6cfrTHU+UQ==", + "license": "MIT", + "engines": { + "node": ">=0.10" + } + }, "node_modules/binary-extensions": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", @@ -630,6 +675,12 @@ "url": "https://opencollective.com/express" } }, + "node_modules/cvss2js": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/cvss2js/-/cvss2js-1.1.0.tgz", + "integrity": "sha512-ssH3uw7jcxZgp1rbsUoYUbVlvQghAgPKDUQafapMhNvr4N/MvrXr217KOTHJZHDjT6hxOlOqvCLbC/JxL1T8Tg==", + "license": "MIT" + }, "node_modules/debug": { "version": "4.4.3", "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", @@ -897,6 +948,12 @@ "flat": "cli.js" } }, + "node_modules/foreach": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/foreach/-/foreach-2.0.6.tgz", + "integrity": "sha512-k6GAGDyqLe9JaebCsFCoudPPWfihKu8pylYXRlqP1J7ms39iPoTtk2fviNglIeQEwdh0bQeKJ01ZPyuyQvKzwg==", + "license": "MIT" + }, "node_modules/fsevents": { "version": "2.3.3", "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", @@ -1126,6 +1183,15 @@ "js-yaml": "bin/js-yaml.js" } }, + "node_modules/json-pointer": { + "version": "0.6.2", + "resolved": "https://registry.npmjs.org/json-pointer/-/json-pointer-0.6.2.tgz", + "integrity": "sha512-vLWcKbOaXlO+jvRy4qNd+TI1QUPZzfJj1tpJ3vAXDych5XJf93ftpUKe5pKCrzyIIwgBJcOcCVRUfqQP25afBw==", + "license": "MIT", + "dependencies": { + "foreach": "^2.0.4" + } + }, "node_modules/json-schema-ref-resolver": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/json-schema-ref-resolver/-/json-schema-ref-resolver-3.0.0.tgz", @@ -1233,6 +1299,12 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/lodash": { + "version": "4.18.1", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz", + "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==", + "license": "MIT" + }, "node_modules/loupe": { "version": "2.3.7", "resolved": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", @@ -1477,6 +1549,12 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/packageurl-js": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-2.0.1.tgz", + "integrity": "sha512-N5ixXjzTy4QDQH0Q9YFjqIWd6zH6936Djpl2m9QNFmDv5Fum8q8BjkpAcHNMzOFE0IwQrFhJWex3AN6kS0OSwg==", + "license": "MIT" + }, "node_modules/path-exists": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", @@ -1844,6 +1922,21 @@ "url": "https://github.com/chalk/supports-color?sponsor=1" } }, + "node_modules/temporal-polyfill": { + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/temporal-polyfill/-/temporal-polyfill-0.3.2.tgz", + "integrity": "sha512-TzHthD/heRK947GNiSu3Y5gSPpeUDH34+LESnfsq8bqpFhsB79HFBX8+Z834IVX68P3EUyRPZK5bL/1fh437Eg==", + "license": "MIT", + "dependencies": { + "temporal-spec": "0.3.1" + } + }, + "node_modules/temporal-spec": { + "version": "0.3.1", + "resolved": "https://registry.npmjs.org/temporal-spec/-/temporal-spec-0.3.1.tgz", + "integrity": "sha512-B4TUhezh9knfSIMwt7RVggApDRJZo73uZdj8AacL2mZ8RP5KtLianh2MXxL06GN9ESYiIsiuoLQhgVfwe55Yhw==", + "license": "ISC" + }, "node_modules/thread-stream": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/thread-stream/-/thread-stream-4.0.0.tgz", @@ -1918,7 +2011,6 @@ "version": "6.25.0", "resolved": "https://registry.npmjs.org/undici/-/undici-6.25.0.tgz", "integrity": "sha512-ZgpWDC5gmNiuY9CnLVXEH8rl50xhRCuLNA97fAUnKi8RRuV4E6KG31pDTsLVUKnohJE0I3XDrTeEydAXRw47xg==", - "dev": true, "license": "MIT", "engines": { "node": ">=18.17" diff --git a/backend/package.json b/backend/package.json index 30d9c46..76b0cba 100644 --- a/backend/package.json +++ b/backend/package.json @@ -11,6 +11,7 @@ "@fastify/cors": "^11.0.0", "@fastify/swagger": "^9.4.2", "@fastify/swagger-ui": "^5.2.2", + "@secvisogram/csaf-validator-lib": "^2.0.23", "close-with-grace": "^1.2.0", "config": "^3.3.8", "fastify": "^5.3.2" diff --git a/backend/tests/api.js b/backend/tests/api.js index 643e417..1ee39f3 100644 --- a/backend/tests/api.js +++ b/backend/tests/api.js @@ -1,13 +1,13 @@ import { expect } from 'chai' import { Agent, request, setGlobalDispatcher } from 'undici' -import * as schemaTests from '../../csaf-validator-lib/schemaTests.js' -import * as mandatoryTests from '../../csaf-validator-lib/mandatoryTests.js' -import * as optionalTests from '../../csaf-validator-lib/optionalTests.js' -import * as informativeTests from '../../csaf-validator-lib/informativeTests.js' -import * as basic from '../../csaf-validator-lib/basic.js' -import * as extended from '../../csaf-validator-lib/extended.js' -import * as full from '../../csaf-validator-lib/full.js' -import validate from '../../csaf-validator-lib/validate.js' +import * as schemaTests from '@secvisogram/csaf-validator-lib/schemaTests.js' +import * as mandatoryTests from '@secvisogram/csaf-validator-lib/mandatoryTests.js' +import * as optionalTests from '@secvisogram/csaf-validator-lib/optionalTests.js' +import * as informativeTests from '@secvisogram/csaf-validator-lib/informativeTests.js' +import * as basic from '@secvisogram/csaf-validator-lib/basic.js' +import * as extended from '@secvisogram/csaf-validator-lib/extended.js' +import * as full from '@secvisogram/csaf-validator-lib/full.js' +import validate from '@secvisogram/csaf-validator-lib/validate.js' import { getConfig } from './shared/configData.js' import { getValidSampleDocuments } from './shared/sampleDocumentsData.js' @@ -73,35 +73,35 @@ describe('API', function () { describe('OPTIONS /api/v1/tests', function () { it('returns valid CORS information', async function () { - const res = await request( - 'http://localhost:' + getConfig().port + '/api/v1/tests', - { - method: 'OPTIONS', - headers: { - 'Origin': 'http://localhost', - 'Access-Control-Request-Method': 'GET', - 'Access-Control-Request-Headers': 'content-type' - } - } - ) - expect(res.statusCode).to.equal(204) + const res = await request( + 'http://localhost:' + getConfig().port + '/api/v1/tests', + { + method: 'OPTIONS', + headers: { + Origin: 'http://localhost', + 'Access-Control-Request-Method': 'GET', + 'Access-Control-Request-Headers': 'content-type', + }, + } + ) + expect(res.statusCode).to.equal(204) }) }) describe('OPTIONS /api/v1/validate', function () { it('returns valid CORS information', async function () { - const res = await request( - 'http://localhost:' + getConfig().port + '/api/v1/validate', - { - method: 'OPTIONS', - headers: { - 'Origin': 'http://localhost', - 'Access-Control-Request-Method': 'POST', - 'Access-Control-Request-Headers': 'content-type' - } - } - ) - expect(res.statusCode).to.equal(204) + const res = await request( + 'http://localhost:' + getConfig().port + '/api/v1/validate', + { + method: 'OPTIONS', + headers: { + Origin: 'http://localhost', + 'Access-Control-Request-Method': 'POST', + 'Access-Control-Request-Headers': 'content-type', + }, + } + ) + expect(res.statusCode).to.equal(204) }) }) diff --git a/backend/tsconfig.json b/backend/tsconfig.json index badc4c3..6a07eef 100644 --- a/backend/tsconfig.json +++ b/backend/tsconfig.json @@ -24,9 +24,9 @@ // "useDefineForClassFields": true, /* Emit ECMAScript-standard-compliant class fields. */ /* Modules */ - "module": "ES2020" /* Specify what module code is generated. */, + "module": "nodenext" /* Specify what module code is generated. */, // "rootDir": "./", /* Specify the root folder within your source files. */ - "moduleResolution": "node" /* Specify how TypeScript looks up a file from a given module specifier. */, + // "moduleResolution": "node" /* Specify how TypeScript looks up a file from a given module specifier. */, // "baseUrl": "./", /* Specify the base directory to resolve non-relative module names. */ // "paths": {}, /* Specify a set of entries that re-map imports to additional lookup locations. */ // "rootDirs": [], /* Allow multiple folders to be treated as one when resolving modules. */ @@ -97,6 +97,5 @@ /* Completeness */ // "skipDefaultLibCheck": true, /* Skip type checking .d.ts files that are included with TypeScript. */ "skipLibCheck": true /* Skip type checking all .d.ts files. */ - }, - "references": [{ "path": "../csaf-validator-lib" }] + } } diff --git a/csaf-validator-lib/.c8rc.json b/csaf-validator-lib/.c8rc.json deleted file mode 100644 index c2c90bb..0000000 --- a/csaf-validator-lib/.c8rc.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "exclude": [ - "coverage/**", - "packages/*/test{,s}/**", - "**/*.d.ts", - "test{,s}/**", - "test{,-*}.{js,cjs,mjs,ts,tsx,jsx}", - "**/*{.,-}test.{js,cjs,mjs,ts,tsx,jsx}", - "**/__tests__/**", - "**/{ava,babel,nyc}.config.{js,cjs,mjs}", - "**/jest.config.{js,cjs,mjs,ts}", - "**/{karma,rollup,webpack}.config.js", - "**/.{eslint,mocha}rc.{js,cjs}", - "scripts", - "lib/shared/first" - ] -} diff --git a/csaf-validator-lib/.github/dependabot.yml b/csaf-validator-lib/.github/dependabot.yml deleted file mode 100644 index 550bf3a..0000000 --- a/csaf-validator-lib/.github/dependabot.yml +++ /dev/null @@ -1,13 +0,0 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates - -version: 2 -updates: - - package-ecosystem: "npm" # See documentation for possible values - directory: "/" # Location of package manifests - schedule: - interval: "weekly" - allow: - - dependency-type: "production" diff --git a/csaf-validator-lib/.github/workflows/npm-publish.yml b/csaf-validator-lib/.github/workflows/npm-publish.yml deleted file mode 100644 index ef59e91..0000000 --- a/csaf-validator-lib/.github/workflows/npm-publish.yml +++ /dev/null @@ -1,37 +0,0 @@ -# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created -# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages - -name: NPM Package - -on: - release: - types: [created] - -permissions: - id-token: write - contents: read - actions: read - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 - with: - node-version: 20 - - run: npm ci - - run: npm test - - publish-npm: - needs: build - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 - with: - node-version: 20 - registry-url: https://registry.npmjs.org/ - - run: npm i -g npm@11 - - run: npm ci - - run: npm publish diff --git a/csaf-validator-lib/.github/workflows/publish-report.yml b/csaf-validator-lib/.github/workflows/publish-report.yml deleted file mode 100644 index 2d7a095..0000000 --- a/csaf-validator-lib/.github/workflows/publish-report.yml +++ /dev/null @@ -1,58 +0,0 @@ -name: 'Test Report' -on: - workflow_run: - workflows: ['Run Tests'] - types: - - completed -permissions: - contents: read - actions: read - checks: write - pull-requests: write -jobs: - report: - runs-on: ubuntu-latest - - strategy: - matrix: - - # - # The test report is published for every supported nodejs version. But the - # coverage information is reported for the latest nodejs version only. When - # changing this array here make sure to update the latest version below - # (next comment). - # - - node-version: [20.x, 22.x] - - steps: - - name: Download workflow artifact - uses: actions/download-artifact@v4 - with: - name: test-results-${{ matrix.node-version }} - run-id: ${{ github.event.workflow_run.id }} - github-token: ${{ secrets.GITHUB_TOKEN }} - - name: Set pr number env - run: | - PR_NUMBER=$(cat pr_number) - echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV - - name: Test Report - uses: phoenix-actions/test-reporting@v15 - id: test-report - with: - artifact: test-results-${{ matrix.node-version }} - name: Mocha Tests (node v${{ matrix.node-version }}) - path: test-results.json - reporter: mocha-json - - name: c8 coverage report - - # - # The coverage report is generated for the latest node version only. - # Make sure, to update this when changing the matrix above. - # - - if: ${{ matrix.node-version == '22.x' }} - uses: Nef10/lcov-reporter-action@v0.4.0 - with: - pr-number: ${{ env.PR_NUMBER }} - github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/csaf-validator-lib/.github/workflows/run-tests.yml b/csaf-validator-lib/.github/workflows/run-tests.yml deleted file mode 100644 index a479fd2..0000000 --- a/csaf-validator-lib/.github/workflows/run-tests.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: Run Tests -on: - pull_request: - branches: - - '**' - push: - branches: - - main -permissions: - contents: read - actions: read -jobs: - test: - runs-on: ubuntu-latest - - strategy: - matrix: - node-version: [20.x, 22.x] - - steps: - - run: sudo apt-get install hunspell - - uses: actions/checkout@v4 - with: - submodules: recursive - - uses: actions/setup-node@v4 - with: - node-version: ${{ matrix.node-version }} - - run: npm ci - - run: npm run test-report - env: - NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt - - run: npm run test-coverage-lcov - env: - NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt - - name: Save PR number - env: - PR_NUMBER: ${{ github.event.number }} - run: | - echo $PR_NUMBER > ./pr_number - - uses: actions/upload-artifact@v4 - if: success() || failure() - with: - name: test-results-${{ matrix.node-version }} - path: | - test-results.json - coverage - pr_number diff --git a/csaf-validator-lib/.gitignore b/csaf-validator-lib/.gitignore deleted file mode 100644 index 9a008e6..0000000 --- a/csaf-validator-lib/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -/node_modules -/build -/.nyc_output diff --git a/csaf-validator-lib/.gitmodules b/csaf-validator-lib/.gitmodules deleted file mode 100644 index b79294f..0000000 --- a/csaf-validator-lib/.gitmodules +++ /dev/null @@ -1,3 +0,0 @@ -[submodule "csaf"] - path = csaf - url = https://github.com/oasis-tcs/csaf.git diff --git a/csaf-validator-lib/.prettierignore b/csaf-validator-lib/.prettierignore deleted file mode 100644 index 8dec2a8..0000000 --- a/csaf-validator-lib/.prettierignore +++ /dev/null @@ -1,11 +0,0 @@ -/.github -/.gitlab-ci.yml - -/build -/.nyc_output -/coverage -/.venv -/csaf -**/*.json -!package.json -/lib/shared/first diff --git a/csaf-validator-lib/DEVELOPMENT.md b/csaf-validator-lib/DEVELOPMENT.md deleted file mode 100644 index 3718d04..0000000 --- a/csaf-validator-lib/DEVELOPMENT.md +++ /dev/null @@ -1,51 +0,0 @@ -# Developing CSAF Validator Lib - -## Table of Contents - -- [Code Style](#code-style) - - [Formatting with prettier](#formatting-with-prettier) - - [Quoting Strings](#quoting-strings) - -## Code Style - -### Formatting with prettier - -JavaScript code must be formatted with Prettier before it can be pushed to the repository. -A prettier.config.cjs is provided. - -### Quoting Strings - -Strings have to be quoted in the following way: - -- **Single quotes ''** - - - We use `''` (single quotes) when the string has no expressions inside. - -- **Template literals (backticks)** - - - We use ` `` ` (template literals) when there is an expression to resolve in the string, e.g. ${metricIndex} - -- **Quotation mark in string** - - We use `""` (double quotation marks) in strings to mark text in messages - -**Examples:** - -Simple Message: - -``` -message: 'value is not consistent with the vector string', -``` - -Message with expression inside - -``` -message: `branch structure nesting exceeds "${MAX_DEPTH}" branches (it is ${count} levels deep)` -``` - -Message with "" inside - -``` -message: - 'the ssvc id does neither match the "cve" nor it '+ - 'matches the "text" of any item in the "ids" array', -``` diff --git a/csaf-validator-lib/LICENSE b/csaf-validator-lib/LICENSE deleted file mode 100644 index 1a17d16..0000000 --- a/csaf-validator-lib/LICENSE +++ /dev/null @@ -1,18 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2022-present Bundesamt für Sicherheit in der Informationstechnik (BSI) - -Permission is hereby granted, free of charge, to any person obtaining a copy of this software -and associated documentation files (the "Software"), to deal in the Software without -restriction, including without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the -Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or -substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, -DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/csaf-validator-lib/README.md b/csaf-validator-lib/README.md deleted file mode 100644 index 8ed4873..0000000 --- a/csaf-validator-lib/README.md +++ /dev/null @@ -1,622 +0,0 @@ -# BSI CSAF Validator Lib - -- [About The Project](#about-the-project) -- [Getting Started](#getting-started) -- [How to use](#how-to-use) - - [Strict Mode](#strict-mode) - - [API](#api) - - [Interfaces](#interfaces) - - CSAF 2.0 - - [Module `schemaTests.js`](#module-schematestsjs) - - [Module `mandatoryTests.js`](#module-mandatorytestsjs) - - [Module `optionalTests.js`](#module-optionaltestsjs) - - [Module `informativeTests.js`](#module-informativetestsjs) - - [Module `basic.js`](#module-basicjs) - - [Module `extended.js`](#module-extendedjs) - - [Module `full.js`](#module-fulljs) - - CSAF 2.1 (experimental) - - [Known Issues](#known-issues) - - [Module `csaf_2_1/schemaTests.js`](#module-csaf_2_1schematestsjs) - - [Module `csaf_2_1/mandatoryTests.js`](#module-csaf_2_1mandatorytestsjs) - - [Module `csaf_2_1/recommendedTests.js`](#module-csaf_2_1recommendedtestsjs) - - [Module `csaf_2_1/informativeTests.js`](#module-csaf_2_1informativetestsjs) - - [Module `csaf_2_1/basic.js`](#module-csaf_2_1basicjs) - - [Module `csaf_2_1/extended.js`](#module-csaf_2_1extendedjs) - - [Module `csaf_2_1/full.js`](#module-csaf_2_1fulljs) - - [Module `validate.js`](#module-validatejs) - - [Module `validateStrict.js`](#module-validatestrictjs) - - [Module `strip.js`](#module-stripjs) - - [Module `cwe.js`](#module-cwejs) -- [Testing](#testing) -- [Contributing](#contributing) -- [Dependencies](#dependencies) - -## About The Project - -This JavaScript library is intended to include logic that can be shared across application working with CSAF. - -[(back to top)](#bsi-csaf-validator-lib) - -## Getting Started - -Add the library to your project by using one of the following methods. -After that you can reference the modules from within your JavaScript application. - -### Using the official npm package - -There is an [official package](https://www.npmjs.com/package/@secvisogram/csaf-validator-lib) in the npm registry. - -You can add it to your project using the following command: - -```sh -npm install @secvisogram/csaf-validator-lib -``` - -### Using a git subtree - -You can also include this library as a subtree in your repository. - -- include as git subtree - - ```sh - git subtree add --prefix csaf-validator-lib https://github.com/secvisogram/csaf-validator-lib.git main --squash - ``` - -- install dependencies - - ```sh - cd csaf-validator-lib && npm ci --prod - ``` - -- This repository includes git submodules. Make sure to initialize and update - the submodules before you start working with the repository. - - ```sh - git submodule update --init --recursive - ``` - -- For test 6.3.8 an installation of hunspell as well as all languages that - you want to spell check is required. - -### Managing Hunspell languages - -A CSAF Document can contain a [language](https://docs.oasis-open.org/csaf/csaf/v2.0/cs02/csaf-v2.0-cs02.html#3216-document-property---language). -For example, valid entries could be `en` or `en-US`. When running test 6.3.8 we -try to match this language to the list of installed hunspell languages. If the -region is specified (like in `en-US`) and the corresponding language is -installed the test will run. If you want/need to check a `en` language -specifically with `en-US` (or any other variant) you need to make sure that you -link `en` to `en-US` using a symlink. - -Example of linking `en` to `en-US`: - -```sh -ln -s /usr/share/hunspell/en_US.aff /usr/share/hunspell/en.aff -ln -s /usr/share/hunspell/en_US.dic /usr/share/hunspell/en.dic -``` - -You can find out what languages you have installed by running `hunspell -D`. - -If you need additional languages they are most likely available in the -repository of your distribution. If you have a custom dictionary -copy them in the directory provided by the command above. Hunspell should -automatically recognize them. - -[(back to top)](#bsi-csaf-validator-lib) - -## How to use - -- example usage - - ```js - import validateStrict from '../csaf-validator-lib/validateStrict.js' - import * as mandatory from '../csaf-validator-lib/mandatoryTests.js' - import { optionalTest_6_2_1 } from '../csaf-validator-lib/optionalTests.js' - import { csaf_2_0_strict } from './schemaTests.js' - - const document = {} - const tests = [ - csaf_2_0_strict, - ...Object.values(mandatory), - optionalTest_6_2_1, - ] - - const result = await validateStrict(tests, document) - ``` - -[(back to top)](#bsi-csaf-validator-lib) - -### Strict Mode - -The library has two validate functions, `validate` and `validateStrict`. -`validateStrict` checks whether the test that should be executed was defined in -the library. Otherwise, it throws an error. To extend the library you can use -the `validate` function instead. In such case, **the calling function is -responsible for checking** whether the test function passed to the -`csaf-validator-lib` is benign. **Calling arbitrary** functions (especially -those resulting from user input) may result in a **code execution -vulnerability**. Therefore, the check of the test function to determine whether -it is benign **MUST be done before calling** it. -To proceed this dangerous path, use the `validate` function. - -[(back to top)](#bsi-csaf-validator-lib) - -## API - -### Interfaces - -```typescript -interface Result { - isValid: boolean - warnings: Array<{ message: string; instancePath: string }> - errors: Array<{ message: string; instancePath: string }> - infos: Array<{ message: string; instancePath: string }> -} -``` - -```typescript -interface TestResult { - isValid?: boolean - warnings?: Array<{ message: string; instancePath: string }> - errors?: Array<{ message: string; instancePath: string }> - infos?: Array<{ message: string; instancePath: string }> -} -``` - -```typescript -/** - * Every document test has its identifier set as the functions name. You can access - * it using `.name` - */ -type DocumentTest = (doc: any) => TestResult | Promise -``` - -[(back to top)](#bsi-csaf-validator-lib) - -### CSAF 2.0 - -#### Module `schemaTests.js` - -```typescript -export const csaf_2_0_strict: DocumentTest -export const csaf_2_0: DocumentTest -``` - -[(back to top)](#bsi-csaf-validator-lib) - -#### Module `mandatoryTests.js` - -```typescript -export const mandatoryTest_6_1_1: DocumentTest -export const mandatoryTest_6_1_2: DocumentTest -export const mandatoryTest_6_1_3: DocumentTest -export const mandatoryTest_6_1_4: DocumentTest -export const mandatoryTest_6_1_5: DocumentTest -export const mandatoryTest_6_1_6: DocumentTest -export const mandatoryTest_6_1_7: DocumentTest -export const mandatoryTest_6_1_8: DocumentTest -export const mandatoryTest_6_1_9: DocumentTest -export const mandatoryTest_6_1_10: DocumentTest -export const mandatoryTest_6_1_11: DocumentTest -export const mandatoryTest_6_1_12: DocumentTest -export const mandatoryTest_6_1_13: DocumentTest -export const mandatoryTest_6_1_14: DocumentTest -export const mandatoryTest_6_1_15: DocumentTest -export const mandatoryTest_6_1_16: DocumentTest -export const mandatoryTest_6_1_17: DocumentTest -export const mandatoryTest_6_1_18: DocumentTest -export const mandatoryTest_6_1_19: DocumentTest -export const mandatoryTest_6_1_20: DocumentTest -export const mandatoryTest_6_1_21: DocumentTest -export const mandatoryTest_6_1_22: DocumentTest -export const mandatoryTest_6_1_23: DocumentTest -export const mandatoryTest_6_1_24: DocumentTest -export const mandatoryTest_6_1_25: DocumentTest -export const mandatoryTest_6_1_26: DocumentTest -export const mandatoryTest_6_1_27_1: DocumentTest -export const mandatoryTest_6_1_27_2: DocumentTest -export const mandatoryTest_6_1_27_3: DocumentTest -export const mandatoryTest_6_1_27_4: DocumentTest -export const mandatoryTest_6_1_27_5: DocumentTest -export const mandatoryTest_6_1_27_6: DocumentTest -export const mandatoryTest_6_1_27_7: DocumentTest -export const mandatoryTest_6_1_27_8: DocumentTest -export const mandatoryTest_6_1_27_9: DocumentTest -export const mandatoryTest_6_1_27_10: DocumentTest -export const mandatoryTest_6_1_27_11: DocumentTest -export const mandatoryTest_6_1_28: DocumentTest -export const mandatoryTest_6_1_29: DocumentTest -export const mandatoryTest_6_1_30: DocumentTest -export const mandatoryTest_6_1_31: DocumentTest -export const mandatoryTest_6_1_32: DocumentTest -export const mandatoryTest_6_1_33: DocumentTest -``` - -[(back to top)](#bsi-csaf-validator-lib) - -#### Module `optionalTests.js` - -```typescript -export const optionalTest_6_2_1: DocumentTest -export const optionalTest_6_2_2: DocumentTest -export const optionalTest_6_2_3: DocumentTest -export const optionalTest_6_2_4: DocumentTest -export const optionalTest_6_2_5: DocumentTest -export const optionalTest_6_2_6: DocumentTest -export const optionalTest_6_2_7: DocumentTest -export const optionalTest_6_2_8: DocumentTest -export const optionalTest_6_2_9: DocumentTest -export const optionalTest_6_2_10: DocumentTest -export const optionalTest_6_2_11: DocumentTest -export const optionalTest_6_2_12: DocumentTest -export const optionalTest_6_2_13: DocumentTest -export const optionalTest_6_2_14: DocumentTest -export const optionalTest_6_2_15: DocumentTest -export const optionalTest_6_2_16: DocumentTest -export const optionalTest_6_2_17: DocumentTest -export const optionalTest_6_2_18: DocumentTest -export const optionalTest_6_2_19: DocumentTest -export const optionalTest_6_2_20: DocumentTest -``` - -[(back to top)](#bsi-csaf-validator-lib) - -#### Module `informativeTests.js` - -```typescript -export const informativeTest_6_3_1: DocumentTest -export const informativeTest_6_3_2: DocumentTest -export const informativeTest_6_3_3: DocumentTest -export const informativeTest_6_3_4: DocumentTest -export const informativeTest_6_3_5: DocumentTest -export const informativeTest_6_3_6: DocumentTest -export const informativeTest_6_3_7: DocumentTest -export const informativeTest_6_3_8: DocumentTest -export const informativeTest_6_3_9: DocumentTest -export const informativeTest_6_3_10: DocumentTest -export const informativeTest_6_3_11: DocumentTest -``` - -[(back to top)](#bsi-csaf-validator-lib) - -#### Module `basic.js` - -This module exports the strict schema test and all mandatory tests except `6.1.8`. - -[(back to top)](#bsi-csaf-validator-lib) - -#### Module `extended.js` - -This module exports all tests included in `basic.js` and all optional tests. - -[(back to top)](#bsi-csaf-validator-lib) - -#### Module `full.js` - -This module exports all tests included in `extended.js` and all informative tests. - -[(back to top)](#bsi-csaf-validator-lib) - -### CSAF 2.1 (experimental) - -**HEADS UP**: The feature set in this section is not stable nor complete yet and changes without introducing a major version update. Please use it with caution! As soon as it becomes stable this README will be updated. - -In CSAF 2.1 the "optional tests" have been renamed to "recommended tests". - -#### Known Issues - -The CVSS 4.0 computation is still under debate as it it unclear from the specification how to compute threatScore and environmentalScore. - -The following tests are not yet implemented and therefore missing: - -**Mandatory Tests** - -- Mandatory Test 6.1.26 -- Mandatory Test 6.1.27.13 -- Mandatory Test 6.1.46 -- Mandatory Test 6.1.47 -- Mandatory Test 6.1.48 -- Mandatory Test 6.1.49 -- Mandatory Test 6.1.50 -- Mandatory Test 6.1.53 -- Mandatory Test 6.1.54 -- Mandatory Test 6.1.55 -- Mandatory Test 6.1.57 -- Mandatory Test 6.1.59 -- Mandatory Test 6.1.60.1 -- Mandatory Test 6.1.60.2 -- Mandatory Test 6.1.60.3 -- Mandatory Test 6.1.61 - -**Recommended Tests** - -- Recommended Test 6.2.11 -- Recommended Test 6.2.19 -- Recommended Test 6.2.20 -- Recommended Test 6.2.24 -- Recommended Test 6.2.26 -- Recommended Test 6.2.31 -- Recommended Test 6.2.32 -- Recommended Test 6.2.33 -- Recommended Test 6.2.34 -- Recommended Test 6.2.35 -- Recommended Test 6.2.36 -- Recommended Test 6.2.37 -- Recommended Test 6.2.38 -- Recommended Test 6.2.39.1 -- Recommended Test 6.2.39.3 -- Recommended Test 6.2.39.4 -- Recommended Test 6.2.39.5 -- Recommended Test 6.2.42 -- Recommended Test 6.2.44 -- Recommended Test 6.2.45 -- Recommended Test 6.2.46 -- Recommended Test 6.2.49 -- Recommended Test 6.2.50.1 -- Recommended Test 6.2.50.2 -- Recommended Test 6.2.50.3 -- Recommended Test 6.2.51 -- Recommended Test 6.2.52 -- Recommended Test 6.2.53 -- Recommended Test 6.2.54.1 -- Recommended Test 6.2.54.2 -- Recommended Test 6.2.54.3 -- Recommended Test 6.2.54.4 - -**Informative Tests** - -- Informative Test 6.2.13 -- Informative Test 6.2.14 -- Informative Test 6.2.15 -- Informative Test 6.2.16 -- Informative Test 6.2.17 -- Informative Test 6.2.19.1 -- Informative Test 6.2.19.2 -- Informative Test 6.2.19.3 -- Informative Test 6.2.19.4 -- Informative Test 6.2.19.5 -- Informative Test 6.2.20 -- Informative Test 6.2.21.1 -- Informative Test 6.2.21.2 -- Informative Test 6.2.21.3 -- Informative Test 6.2.21.4 -- Informative Test 6.2.21.5 -- Informative Test 6.2.21.6 -- Informative Test 6.2.21.7 -- Informative Test 6.2.21.8 -- Informative Test 6.2.21.9 -- Informative Test 6.2.22 - -#### Module `csaf_2_1/schemaTests.js` - -```typescript -export const csaf_2_0_strict: DocumentTest -export const csaf_2_0: DocumentTest -``` - -[(back to top)](#bsi-csaf-validator-lib) - -#### Module `csaf_2_1/mandatoryTests.js` - -```typescript -export const mandatoryTest_6_1_1: DocumentTest -export const mandatoryTest_6_1_2: DocumentTest -export const mandatoryTest_6_1_3: DocumentTest -export const mandatoryTest_6_1_4: DocumentTest -export const mandatoryTest_6_1_5: DocumentTest -export const mandatoryTest_6_1_6: DocumentTest -export const mandatoryTest_6_1_7: DocumentTest -export const mandatoryTest_6_1_8: DocumentTest -export const mandatoryTest_6_1_9: DocumentTest -export const mandatoryTest_6_1_10: DocumentTest -export const mandatoryTest_6_1_11: DocumentTest -export const mandatoryTest_6_1_12: DocumentTest -export const mandatoryTest_6_1_13: DocumentTest -export const mandatoryTest_6_1_14: DocumentTest -export const mandatoryTest_6_1_15: DocumentTest -export const mandatoryTest_6_1_16: DocumentTest -export const mandatoryTest_6_1_17: DocumentTest -export const mandatoryTest_6_1_18: DocumentTest -export const mandatoryTest_6_1_19: DocumentTest -export const mandatoryTest_6_1_20: DocumentTest -export const mandatoryTest_6_1_21: DocumentTest -export const mandatoryTest_6_1_22: DocumentTest -export const mandatoryTest_6_1_23: DocumentTest -export const mandatoryTest_6_1_24: DocumentTest -export const mandatoryTest_6_1_25: DocumentTest -export const mandatoryTest_6_1_27_1: DocumentTest -export const mandatoryTest_6_1_27_2: DocumentTest -export const mandatoryTest_6_1_27_3: DocumentTest -export const mandatoryTest_6_1_27_4: DocumentTest -export const mandatoryTest_6_1_27_5: DocumentTest -export const mandatoryTest_6_1_27_6: DocumentTest -export const mandatoryTest_6_1_27_7: DocumentTest -export const mandatoryTest_6_1_27_8: DocumentTest -export const mandatoryTest_6_1_27_9: DocumentTest -export const mandatoryTest_6_1_27_10: DocumentTest -export const mandatoryTest_6_1_27_11: DocumentTest -export const mandatoryTest_6_1_27_12: DocumentTest -export const mandatoryTest_6_1_27_14: DocumentTest -export const mandatoryTest_6_1_27_15: DocumentTest -export const mandatoryTest_6_1_27_16: DocumentTest -export const mandatoryTest_6_1_27_17: DocumentTest -export const mandatoryTest_6_1_27_18: DocumentTest -export const mandatoryTest_6_1_27_19: DocumentTest -export const mandatoryTest_6_1_28: DocumentTest -export const mandatoryTest_6_1_29: DocumentTest -export const mandatoryTest_6_1_30: DocumentTest -export const mandatoryTest_6_1_31: DocumentTest -export const mandatoryTest_6_1_32: DocumentTest -export const mandatoryTest_6_1_33: DocumentTest -export const mandatoryTest_6_1_34: DocumentTest -export const mandatoryTest_6_1_35: DocumentTest -export const mandatoryTest_6_1_36: DocumentTest -export const mandatoryTest_6_1_37: DocumentTest -export const mandatoryTest_6_1_38: DocumentTest -export const mandatoryTest_6_1_39: DocumentTest -export const mandatoryTest_6_1_40: DocumentTest -export const mandatoryTest_6_1_41: DocumentTest -export const mandatoryTest_6_1_42: DocumentTest -export const mandatoryTest_6_1_43: DocumentTest -export const mandatoryTest_6_1_44: DocumentTest -export const mandatoryTest_6_1_45: DocumentTest -export const mandatoryTest_6_1_51: DocumentTest -export const mandatoryTest_6_1_52: DocumentTest -export const mandatoryTest_6_1_58: DocumentTest -``` - -[(back to top)](#bsi-csaf-validator-lib) - -#### Module `csaf_2_1/recommendedTests.js` - -```typescript -export const recommendedTest_6_2_1: DocumentTest -export const recommendedTest_6_2_2: DocumentTest -export const recommendedTest_6_2_3: DocumentTest -export const recommendedTest_6_2_4: DocumentTest -export const recommendedTest_6_2_5: DocumentTest -export const recommendedTest_6_2_6: DocumentTest -export const recommendedTest_6_2_7: DocumentTest -export const recommendedTest_6_2_8: DocumentTest -export const recommendedTest_6_2_9: DocumentTest -export const recommendedTest_6_2_10: DocumentTest -export const recommendedTest_6_2_12: DocumentTest -export const recommendedTest_6_2_13: DocumentTest -export const recommendedTest_6_2_14: DocumentTest -export const recommendedTest_6_2_15: DocumentTest -export const recommendedTest_6_2_16: DocumentTest -export const recommendedTest_6_2_17: DocumentTest -export const recommendedTest_6_2_18: DocumentTest -export const recommendedTest_6_2_21: DocumentTest -export const recommendedTest_6_2_22: DocumentTest -export const recommendedTest_6_2_23: DocumentTest -export const recommendedTest_6_2_25: DocumentTest -export const recommendedTest_6_2_27: DocumentTest -export const recommendedTest_6_2_28: DocumentTest -export const recommendedTest_6_2_29: DocumentTest -export const recommendedTest_6_2_30: DocumentTest -export const recommendedTest_6_2_39_2: DocumentTest -export const recommendedTest_6_2_39_4: DocumentTest -export const recommendedTest_6_2_40: DocumentTest -export const recommendedTest_6_2_41: DocumentTest -export const recommendedTest_6_2_43: DocumentTest -export const recommendedTest_6_2_47: DocumentTest -export const recommendedTest_6_2_48: DocumentTest -``` - -[(back to top)](#bsi-csaf-validator-lib) - -#### Module `csaf_2_1/informativeTests.js` - -```typescript -export const informativeTest_6_3_1: DocumentTest -export const informativeTest_6_3_2: DocumentTest -export const informativeTest_6_3_3: DocumentTest -export const informativeTest_6_3_4: DocumentTest -export const informativeTest_6_3_5: DocumentTest -export const informativeTest_6_3_6: DocumentTest -export const informativeTest_6_3_7: DocumentTest -export const informativeTest_6_3_8: DocumentTest -export const informativeTest_6_3_9: DocumentTest -export const informativeTest_6_3_10: DocumentTest -export const informativeTest_6_3_11: DocumentTest -export const informativeTest_6_3_12: DocumentTest -export const informativeTest_6_3_18: DocumentTest -``` - -[(back to top)](#bsi-csaf-validator-lib) - -#### Module `csaf_2_1/basic.js` - -This module exports the strict schema test and all mandatory tests except `6.1.8`. - -[(back to top)](#bsi-csaf-validator-lib) - -#### Module `csaf_2_1/extended.js` - -This module exports all tests included in `basic.js` and all optional tests. - -[(back to top)](#bsi-csaf-validator-lib) - -#### Module `csaf_2_1/full.js` - -This module exports all tests included in `extended.js` and all informative tests. - -[(back to top)](#bsi-csaf-validator-lib) - -### Module `validate.js` - -This function validates the given document against the given tests. - -### Module `validateStrict.js` - -This function validates the given document against the given tests. It throws -an error if an unknown test function was passed. See [Strict Mode](#strict-mode) -for more details. - -[(back to top)](#bsi-csaf-validator-lib) - -### Module `strip.js` - -This function strips empty nodes and nodes with errors. The `strict` option (default `true`) throws an error if an unknown test function was passed. See [Strict Mode](#strict-mode) for more details. - -```typescript -type StripFn = ( - tests: DocumentTest[], - document: any, - options?: { strict?: boolean } -) => Promise<{ - document: any - strippedPaths: { - instancePath: string - message: string - error: boolean - }[] -}> - -export default StripFn -``` - -[(back to top)](#bsi-csaf-validator-lib) - -### Module `cwe.js` - -```typescript -export const weaknesses: Array<{ id: string; name: string }> -``` - -[(back to top)](#bsi-csaf-validator-lib) - -## Testing - -Tests are implemented using [mocha](https://mochajs.org/). The minimal supported Node.js version is **20**. They can be run using the following command: - -```sh -npm test -``` - -[(back to top)](#bsi-csaf-validator-lib) - -## Contributing - -You can find our guidelines here [CONTRIBUTING.md](https://github.com/secvisogram/secvisogram/blob/main/CONTRIBUTING.md) - -[(back to top)](#bsi-csaf-validator-lib) - -## Dependencies - -For the complete list of dependencies please take a look at [package.json](https://github.com/secvisogram/csaf-validator-lib/blob/main/package.json) - -- [Ajv JSON schema validator](https://github.com/ajv-validator/ajv) -- [JSON Schema formats for Ajv](https://github.com/ajv-validator/ajv-formats) -- [bcp47](https://github.com/gagle/node-bcp47) -- [cvss2js](https://github.com/sparticvs/cvss2js) -- [json-pointer](https://github.com/manuelstofer/json-pointer) -- [lodash](https://lodash.com/) -- [packageurl-js](https://github.com/package-url/packageurl-js) -- [semver](https://github.com/npm/node-semver) -- [undici](https://undici.nodejs.org) -- [@js-joda/core](https://js-joda.github.io/js-joda/) -- [@js-joda/timezone](https://js-joda.github.io/js-joda/) - -[(back to top)](#bsi-csaf-validator-lib) diff --git a/csaf-validator-lib/basic.js b/csaf-validator-lib/basic.js deleted file mode 100644 index 4f6195f..0000000 --- a/csaf-validator-lib/basic.js +++ /dev/null @@ -1,46 +0,0 @@ -export { csaf_2_0_strict } from './lib/schemaTests.js' -export { - mandatoryTest_6_1_1, - mandatoryTest_6_1_2, - mandatoryTest_6_1_3, - mandatoryTest_6_1_4, - mandatoryTest_6_1_5, - mandatoryTest_6_1_6, - mandatoryTest_6_1_7, - // Mandatory Test 6.1.8 skipped since included in schema tests - mandatoryTest_6_1_9, - mandatoryTest_6_1_10, - mandatoryTest_6_1_11, - mandatoryTest_6_1_12, - mandatoryTest_6_1_13, - mandatoryTest_6_1_14, - mandatoryTest_6_1_15, - mandatoryTest_6_1_16, - mandatoryTest_6_1_17, - mandatoryTest_6_1_18, - mandatoryTest_6_1_19, - mandatoryTest_6_1_20, - mandatoryTest_6_1_21, - mandatoryTest_6_1_22, - mandatoryTest_6_1_23, - mandatoryTest_6_1_24, - mandatoryTest_6_1_25, - mandatoryTest_6_1_26, - mandatoryTest_6_1_27_1, - mandatoryTest_6_1_27_2, - mandatoryTest_6_1_27_3, - mandatoryTest_6_1_27_4, - mandatoryTest_6_1_27_5, - mandatoryTest_6_1_27_6, - mandatoryTest_6_1_27_7, - mandatoryTest_6_1_27_8, - mandatoryTest_6_1_27_9, - mandatoryTest_6_1_27_10, - mandatoryTest_6_1_27_11, - mandatoryTest_6_1_28, - mandatoryTest_6_1_29, - mandatoryTest_6_1_30, - mandatoryTest_6_1_31, - mandatoryTest_6_1_32, - mandatoryTest_6_1_33, -} from './lib/mandatoryTests.js' diff --git a/csaf-validator-lib/csaf b/csaf-validator-lib/csaf deleted file mode 160000 index 51d5aab..0000000 --- a/csaf-validator-lib/csaf +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 51d5aaba0d48678fcd13c03be6be137b022d8f96 diff --git a/csaf-validator-lib/csaf_2_1/basic.js b/csaf-validator-lib/csaf_2_1/basic.js deleted file mode 100644 index c8bfaaa..0000000 --- a/csaf-validator-lib/csaf_2_1/basic.js +++ /dev/null @@ -1,46 +0,0 @@ -export { csaf_2_1_strict } from './schemaTests.js' -export { - mandatoryTest_6_1_1, - mandatoryTest_6_1_2, - mandatoryTest_6_1_3, - mandatoryTest_6_1_4, - mandatoryTest_6_1_5, - mandatoryTest_6_1_6, - mandatoryTest_6_1_7, - // Mandatory Test 6.1.8 skipped since included in schema tests - mandatoryTest_6_1_9, - mandatoryTest_6_1_10, - mandatoryTest_6_1_11, - mandatoryTest_6_1_12, - mandatoryTest_6_1_13, - mandatoryTest_6_1_14, - mandatoryTest_6_1_15, - mandatoryTest_6_1_16, - mandatoryTest_6_1_17, - mandatoryTest_6_1_18, - mandatoryTest_6_1_19, - mandatoryTest_6_1_20, - mandatoryTest_6_1_21, - mandatoryTest_6_1_22, - mandatoryTest_6_1_23, - mandatoryTest_6_1_24, - mandatoryTest_6_1_25, - mandatoryTest_6_1_26, - mandatoryTest_6_1_27_1, - mandatoryTest_6_1_27_2, - mandatoryTest_6_1_27_3, - mandatoryTest_6_1_27_4, - mandatoryTest_6_1_27_5, - mandatoryTest_6_1_27_6, - mandatoryTest_6_1_27_7, - mandatoryTest_6_1_27_8, - mandatoryTest_6_1_27_9, - mandatoryTest_6_1_27_10, - mandatoryTest_6_1_27_11, - mandatoryTest_6_1_28, - mandatoryTest_6_1_29, - mandatoryTest_6_1_30, - mandatoryTest_6_1_31, - mandatoryTest_6_1_32, - mandatoryTest_6_1_33, -} from '../mandatoryTests.js' diff --git a/csaf-validator-lib/csaf_2_1/csafAjv.js b/csaf-validator-lib/csaf_2_1/csafAjv.js deleted file mode 100644 index bec7d0a..0000000 --- a/csaf-validator-lib/csaf_2_1/csafAjv.js +++ /dev/null @@ -1,43 +0,0 @@ -import addFormats from 'ajv-formats' -import { Ajv2020 } from 'ajv/dist/2020.js' -import cvss_v2_0 from '../schemas/cvss-v2.0.js' -import cvss_v3_0 from '../schemas/cvss-v3.0.js' -import cvss_v3_1 from '../schemas/cvss-v3.1.js' -import cvss_v4_0_1 from './csafAjv/cvss-v4.0.1.js' -import meta from './csafAjv/meta.js' -import draft_07_schema from './csafAjv/draft-07-schema.js' -import formatAssertion from './csafAjv/format-assertion.js' -import ssvcDecisionPointValueSelection from './csafAjv/Decision_Point_Value_Selection-2-0-0.js' -import { timestampRegex, validateTimestamp } from './dateHelper.js' - -const csafAjv = new Ajv2020({ strict: false, allErrors: true }) -addFormats.default(csafAjv) -csafAjv.addMetaSchema( - draft_07_schema, - 'http://json-schema.org/draft-07/schema#' -) -csafAjv.addSchema(cvss_v2_0, 'https://www.first.org/cvss/cvss-v2.0.json') -csafAjv.addSchema(cvss_v3_0, 'https://www.first.org/cvss/cvss-v3.0.json') -csafAjv.addSchema(cvss_v3_1, 'https://www.first.org/cvss/cvss-v3.1.json') -csafAjv.addSchema(cvss_v4_0_1, 'https://www.first.org/cvss/cvss-v4.0.1.json') -csafAjv.addSchema( - meta, - 'https://docs.oasis-open.org/csaf/csaf/v2.1/schema/meta.json' -) -csafAjv.addSchema( - formatAssertion, - 'https://json-schema.org/draft/2020-12/meta/format-assertion' -) -csafAjv.addSchema( - ssvcDecisionPointValueSelection, - 'https://certcc.github.io/SSVC/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json' -) - -csafAjv.addFormat('date-time', { - type: 'string', - validate: (v) => { - return timestampRegex.test(v) && validateTimestamp(v) - }, -}) - -export default csafAjv diff --git a/csaf-validator-lib/csaf_2_1/csafAjv/Decision_Point_Value_Selection-2-0-0.js b/csaf-validator-lib/csaf_2_1/csafAjv/Decision_Point_Value_Selection-2-0-0.js deleted file mode 100644 index a5b0686..0000000 --- a/csaf-validator-lib/csaf_2_1/csafAjv/Decision_Point_Value_Selection-2-0-0.js +++ /dev/null @@ -1,250 +0,0 @@ -// schema from https://github.com/CERTCC/SSVC/blob/main/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json -// which is a soft link to https://github.com/CERTCC/SSVC/blob/8ea19675f13d77216d2e2f3845d1286042130d93/data/schema/v2/SelectionList_2_0_0.schema.json -export default { - title: 'SelectionList', - $schema: 'https://json-schema.org/draft/2020-12/schema', - $id: 'https://certcc.github.io/SSVC/data/schema/v2/SelectionList_2_0_0.schema.json', - description: - 'This schema defines the structure to represent an SSVC SelectionList object.', - type: 'object', - $defs: { - MinimalDecisionPointValue: { - title: 'MinimalDecisionPointValue', - additionalProperties: false, - description: - 'A minimal representation of a decision point value.\nIntended to parallel the DecisionPointValue object, but with fewer required fields.\nA decision point value is uniquely identified within a decision point by its key.\nGlobally, the combination of Decision Point namespace, key, and version coupled with the value key\nuniquely identifies a value across all decision points and values.\nOther required fields in the DecisionPointValue object, such as name and description, are optional here.', - properties: { - name: { - title: 'Name', - minLength: 1, - type: 'string', - }, - definition: { - title: 'Definition', - minLength: 1, - type: 'string', - }, - key: { - title: 'Key', - description: - 'A short, non-empty string identifier for the object. Keys must start with an alphanumeric, contain only alphanumerics and `_`, and end with an alphanumeric.(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)', - examples: [ - 'E', - 'A', - 'SI', - 'L', - 'M', - 'H', - 'Mixed_case_OK', - 'alph4num3ric', - ], - minLength: 1, - pattern: - '^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\\*))$', - type: 'string', - }, - }, - required: ['key'], - type: 'object', - }, - Reference: { - title: 'Reference', - additionalProperties: false, - description: - 'A reference to a resource that provides additional context about the decision points or selections.\nThis object is intentionally minimal and contains only the URL and an optional description.', - properties: { - uri: { - title: 'Uri', - format: 'uri', - minLength: 1, - type: 'string', - }, - summary: { - title: 'Summary', - type: 'string', - }, - }, - required: ['uri', 'summary'], - type: 'object', - }, - Selection: { - title: 'Selection', - additionalProperties: false, - description: - 'A minimal selection object that contains the decision point ID and the selected values.\nWhile the Selection object parallels the DecisionPoint object, it is intentionally minimal, with\nfewer required fields and no additional metadata, as it is meant to represent a selection made from a\npreviously defined decision point. The expectation is that a Selection object will usually have\nfewer values than the original decision point, as it represents a specific evaluation\nat a specific time and may therefore rule out some values that were previously considered.\nOther fields like name and description may be copied from the decision point, but are not required.', - properties: { - namespace: { - title: 'Namespace', - description: 'The namespace of the SSVC object.', - examples: [ - 'ssvc', - 'cisa', - 'x_example.test#test//.example.test#private-extension', - 'ssvc/de-DE/.example.organization#reference-arch-1', - ], - maxLength: 1000, - minLength: 3, - pattern: - '^(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])(((\\.|-))?(([a-z]|[0-9]))+)+(#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$', - type: 'string', - }, - key: { - title: 'Key', - description: - 'A short, non-empty string identifier for the object. Keys must start with an alphanumeric, contain only alphanumerics and `_`, and end with an alphanumeric.(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)', - examples: [ - 'E', - 'A', - 'SI', - 'L', - 'M', - 'H', - 'Mixed_case_OK', - 'alph4num3ric', - ], - minLength: 1, - pattern: - '^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\\*))$', - type: 'string', - }, - version: { - title: 'Version', - description: - 'The version of the SSVC object. This must be a valid semantic version string.', - examples: ['1.0.0', '2.1.3'], - minLength: 5, - pattern: - '^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$', - type: 'string', - }, - name: { - title: 'Name', - minLength: 1, - type: 'string', - }, - definition: { - title: 'Definition', - minLength: 1, - type: 'string', - }, - values: { - title: 'Values', - description: - 'A list of selected value keys from the decision point values.', - examples: [ - [ - { - key: 'N', - }, - { - key: 'Y', - }, - ], - [ - { - key: 'A', - }, - { - key: 'B', - }, - { - key: 'C', - }, - ], - ], - items: { - $ref: '#/$defs/MinimalDecisionPointValue', - }, - minItems: 1, - type: 'array', - }, - }, - required: ['namespace', 'key', 'version', 'values'], - type: 'object', - }, - }, - properties: { - timestamp: { - title: 'Timestamp', - description: 'Timestamp of the selections, in RFC 3339 format.', - examples: ['2025-01-01T12:00:00Z', '2025-01-02T15:30:45-04:00'], - format: 'date-time', - type: 'string', - }, - schemaVersion: { - title: 'Schemaversion', - const: '2.0.0', - description: 'The schema version of this selection list.', - type: 'string', - }, - target_ids: { - title: 'Target Ids', - description: - 'Optional list of identifiers for the item or items (vulnerabilities, reports, advisories, systems, assets, etc.) being evaluated by these selections.', - examples: [['CVE-1900-0000'], ['VU#999999', 'GHSA-0123-4567-89ab']], - items: { - type: 'string', - }, - minItems: 1, - type: 'array', - uniqueItems: true, - }, - selections: { - title: 'Selections', - description: - 'List of selections made from decision points. Each selection item corresponds to value keys contained in a specific decision point identified by its namespace, key, and version. Note that selection objects are deliberately minimal objects and do not contain the full decision point details.', - items: { - $ref: '#/$defs/Selection', - }, - minItems: 1, - type: 'array', - }, - decision_point_resources: { - title: 'Decision Point Resources', - description: - 'A list of resources that provide additional context about the decision points found in this selection.', - examples: [ - [ - { - summary: 'Documentation for a set of decision points', - uri: 'https://example.com/decision_points', - }, - { - summary: 'JSON representation of decision point 2', - uri: 'https://example.org/definitions/dp2.json', - }, - { - summary: - 'A JSON file containing extension decision points in the x_com.example namespace', - uri: 'https://example.com/ssvc/x_com.example/decision_points.json', - }, - ], - ], - items: { - $ref: '#/$defs/Reference', - }, - minItems: 1, - type: 'array', - }, - references: { - title: 'References', - description: - 'A list of references that provide additional context about the specific values selected.', - examples: [ - [ - { - summary: 'A report on which the selections were based', - uri: 'https://example.com/report', - }, - ], - ], - items: { - $ref: '#/$defs/Reference', - }, - minItems: 1, - type: 'array', - }, - }, - required: ['timestamp', 'schemaVersion', 'selections'], - additionalProperties: false, -} diff --git a/csaf-validator-lib/csaf_2_1/csafAjv/cvss-v2.0.js b/csaf-validator-lib/csaf_2_1/csafAjv/cvss-v2.0.js deleted file mode 100644 index cf79113..0000000 --- a/csaf-validator-lib/csaf_2_1/csafAjv/cvss-v2.0.js +++ /dev/null @@ -1,120 +0,0 @@ -export default { - license: [ - 'Copyright (c) 2017, FIRST.ORG, INC.', - 'All rights reserved.', - '', - 'Redistribution and use in source and binary forms, with or without modification, are permitted provided that the ', - 'following conditions are met:', - '1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following ', - ' disclaimer.', - '2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the ', - ' following disclaimer in the documentation and/or other materials provided with the distribution.', - '3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote ', - ' products derived from this software without specific prior written permission.', - '', - "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, ", - 'INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ', - 'DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ', - 'SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ', - 'SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ', - 'WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ', - 'OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.', - ], - $schema: 'https://json-schema.org/draft/2020-12/schema', - title: 'JSON Schema for Common Vulnerability Scoring System version 2.0', - $id: 'https://www.first.org/cvss/cvss-v2.0.json?20170531', - type: 'object', - $defs: { - accessVectorType: { - type: 'string', - enum: ['NETWORK', 'ADJACENT_NETWORK', 'LOCAL'], - }, - accessComplexityType: { - type: 'string', - enum: ['HIGH', 'MEDIUM', 'LOW'], - }, - authenticationType: { - type: 'string', - enum: ['MULTIPLE', 'SINGLE', 'NONE'], - }, - ciaType: { - type: 'string', - enum: ['NONE', 'PARTIAL', 'COMPLETE'], - }, - exploitabilityType: { - type: 'string', - enum: [ - 'UNPROVEN', - 'PROOF_OF_CONCEPT', - 'FUNCTIONAL', - 'HIGH', - 'NOT_DEFINED', - ], - }, - remediationLevelType: { - type: 'string', - enum: [ - 'OFFICIAL_FIX', - 'TEMPORARY_FIX', - 'WORKAROUND', - 'UNAVAILABLE', - 'NOT_DEFINED', - ], - }, - reportConfidenceType: { - type: 'string', - enum: ['UNCONFIRMED', 'UNCORROBORATED', 'CONFIRMED', 'NOT_DEFINED'], - }, - collateralDamagePotentialType: { - type: 'string', - enum: ['NONE', 'LOW', 'LOW_MEDIUM', 'MEDIUM_HIGH', 'HIGH', 'NOT_DEFINED'], - }, - targetDistributionType: { - type: 'string', - enum: ['NONE', 'LOW', 'MEDIUM', 'HIGH', 'NOT_DEFINED'], - }, - ciaRequirementType: { - type: 'string', - enum: ['LOW', 'MEDIUM', 'HIGH', 'NOT_DEFINED'], - }, - scoreType: { - type: 'number', - minimum: 0, - maximum: 10, - }, - }, - properties: { - version: { - description: 'CVSS Version', - type: 'string', - enum: ['2.0'], - }, - vectorString: { - type: 'string', - pattern: - '^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))$', - }, - accessVector: { $ref: '#/$defs/accessVectorType' }, - accessComplexity: { $ref: '#/$defs/accessComplexityType' }, - authentication: { $ref: '#/$defs/authenticationType' }, - confidentialityImpact: { $ref: '#/$defs/ciaType' }, - integrityImpact: { $ref: '#/$defs/ciaType' }, - availabilityImpact: { $ref: '#/$defs/ciaType' }, - baseScore: { $ref: '#/$defs/scoreType' }, - exploitability: { $ref: '#/$defs/exploitabilityType' }, - remediationLevel: { $ref: '#/$defs/remediationLevelType' }, - reportConfidence: { $ref: '#/$defs/reportConfidenceType' }, - temporalScore: { $ref: '#/$defs/scoreType' }, - collateralDamagePotential: { - $ref: '#/$defs/collateralDamagePotentialType', - }, - targetDistribution: { $ref: '#/$defs/targetDistributionType' }, - confidentialityRequirement: { - $ref: '#/$defs/ciaRequirementType', - }, - integrityRequirement: { $ref: '#/$defs/ciaRequirementType' }, - availabilityRequirement: { $ref: '#/$defs/ciaRequirementType' }, - environmentalScore: { $ref: '#/$defs/scoreType' }, - }, - required: ['version', 'vectorString', 'baseScore'], -} diff --git a/csaf-validator-lib/csaf_2_1/csafAjv/cvss-v3.0.js b/csaf-validator-lib/csaf_2_1/csafAjv/cvss-v3.0.js deleted file mode 100644 index c46f4ef..0000000 --- a/csaf-validator-lib/csaf_2_1/csafAjv/cvss-v3.0.js +++ /dev/null @@ -1,167 +0,0 @@ -export default { - license: [ - 'Copyright (c) 2017, FIRST.ORG, INC.', - 'All rights reserved.', - '', - 'Redistribution and use in source and binary forms, with or without modification, are permitted provided that the ', - 'following conditions are met:', - '1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following ', - ' disclaimer.', - '2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the ', - ' following disclaimer in the documentation and/or other materials provided with the distribution.', - '3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote ', - ' products derived from this software without specific prior written permission.', - '', - "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, ", - 'INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ', - 'DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ', - 'SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ', - 'SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ', - 'WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ', - 'OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.', - ], - $schema: 'https://json-schema.org/draft/2020-12/schema', - title: 'JSON Schema for Common Vulnerability Scoring System version 3.0', - $id: 'https://www.first.org/cvss/cvss-v3.0.json?20170531', - type: 'object', - $defs: { - attackVectorType: { - type: 'string', - enum: ['NETWORK', 'ADJACENT_NETWORK', 'LOCAL', 'PHYSICAL'], - }, - modifiedAttackVectorType: { - type: 'string', - enum: ['NETWORK', 'ADJACENT_NETWORK', 'LOCAL', 'PHYSICAL', 'NOT_DEFINED'], - }, - attackComplexityType: { - type: 'string', - enum: ['HIGH', 'LOW'], - }, - modifiedAttackComplexityType: { - type: 'string', - enum: ['HIGH', 'LOW', 'NOT_DEFINED'], - }, - privilegesRequiredType: { - type: 'string', - enum: ['HIGH', 'LOW', 'NONE'], - }, - modifiedPrivilegesRequiredType: { - type: 'string', - enum: ['HIGH', 'LOW', 'NONE', 'NOT_DEFINED'], - }, - userInteractionType: { - type: 'string', - enum: ['NONE', 'REQUIRED'], - }, - modifiedUserInteractionType: { - type: 'string', - enum: ['NONE', 'REQUIRED', 'NOT_DEFINED'], - }, - scopeType: { - type: 'string', - enum: ['UNCHANGED', 'CHANGED'], - }, - modifiedScopeType: { - type: 'string', - enum: ['UNCHANGED', 'CHANGED', 'NOT_DEFINED'], - }, - ciaType: { - type: 'string', - enum: ['NONE', 'LOW', 'HIGH'], - }, - modifiedCiaType: { - type: 'string', - enum: ['NONE', 'LOW', 'HIGH', 'NOT_DEFINED'], - }, - exploitCodeMaturityType: { - type: 'string', - enum: [ - 'UNPROVEN', - 'PROOF_OF_CONCEPT', - 'FUNCTIONAL', - 'HIGH', - 'NOT_DEFINED', - ], - }, - remediationLevelType: { - type: 'string', - enum: [ - 'OFFICIAL_FIX', - 'TEMPORARY_FIX', - 'WORKAROUND', - 'UNAVAILABLE', - 'NOT_DEFINED', - ], - }, - confidenceType: { - type: 'string', - enum: ['UNKNOWN', 'REASONABLE', 'CONFIRMED', 'NOT_DEFINED'], - }, - ciaRequirementType: { - type: 'string', - enum: ['LOW', 'MEDIUM', 'HIGH', 'NOT_DEFINED'], - }, - scoreType: { - type: 'number', - minimum: 0, - maximum: 10, - }, - severityType: { - type: 'string', - enum: ['NONE', 'LOW', 'MEDIUM', 'HIGH', 'CRITICAL'], - }, - }, - properties: { - version: { - description: 'CVSS Version', - type: 'string', - enum: ['3.0'], - }, - vectorString: { - type: 'string', - pattern: - '^CVSS:3.0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$', - }, - attackVector: { $ref: '#/$defs/attackVectorType' }, - attackComplexity: { $ref: '#/$defs/attackComplexityType' }, - privilegesRequired: { $ref: '#/$defs/privilegesRequiredType' }, - userInteraction: { $ref: '#/$defs/userInteractionType' }, - scope: { $ref: '#/$defs/scopeType' }, - confidentialityImpact: { $ref: '#/$defs/ciaType' }, - integrityImpact: { $ref: '#/$defs/ciaType' }, - availabilityImpact: { $ref: '#/$defs/ciaType' }, - baseScore: { $ref: '#/$defs/scoreType' }, - baseSeverity: { $ref: '#/$defs/severityType' }, - exploitCodeMaturity: { $ref: '#/$defs/exploitCodeMaturityType' }, - remediationLevel: { $ref: '#/$defs/remediationLevelType' }, - reportConfidence: { $ref: '#/$defs/confidenceType' }, - temporalScore: { $ref: '#/$defs/scoreType' }, - temporalSeverity: { $ref: '#/$defs/severityType' }, - confidentialityRequirement: { - $ref: '#/$defs/ciaRequirementType', - }, - integrityRequirement: { $ref: '#/$defs/ciaRequirementType' }, - availabilityRequirement: { $ref: '#/$defs/ciaRequirementType' }, - modifiedAttackVector: { - $ref: '#/$defs/modifiedAttackVectorType', - }, - modifiedAttackComplexity: { - $ref: '#/$defs/modifiedAttackComplexityType', - }, - modifiedPrivilegesRequired: { - $ref: '#/$defs/modifiedPrivilegesRequiredType', - }, - modifiedUserInteraction: { - $ref: '#/$defs/modifiedUserInteractionType', - }, - modifiedScope: { $ref: '#/$defs/modifiedScopeType' }, - modifiedConfidentialityImpact: { - $ref: '#/$defs/modifiedCiaType', - }, - modifiedIntegrityImpact: { $ref: '#/$defs/modifiedCiaType' }, - modifiedAvailabilityImpact: { $ref: '#/$defs/modifiedCiaType' }, - environmentalScore: { $ref: '#/$defs/scoreType' }, - environmentalSeverity: { $ref: '#/$defs/severityType' }, - }, - required: ['version', 'vectorString', 'baseScore', 'baseSeverity'], -} diff --git a/csaf-validator-lib/csaf_2_1/csafAjv/cvss-v3.1.js b/csaf-validator-lib/csaf_2_1/csafAjv/cvss-v3.1.js deleted file mode 100644 index d4b86ce..0000000 --- a/csaf-validator-lib/csaf_2_1/csafAjv/cvss-v3.1.js +++ /dev/null @@ -1,168 +0,0 @@ -export default { - license: [ - 'Copyright (c) 2019, FIRST.ORG, INC.', - 'All rights reserved.', - '', - 'Redistribution and use in source and binary forms, with or without modification, are permitted provided that the ', - 'following conditions are met:', - '1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following ', - ' disclaimer.', - '2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the ', - ' following disclaimer in the documentation and/or other materials provided with the distribution.', - '3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote ', - ' products derived from this software without specific prior written permission.', - '', - "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, ", - 'INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ', - 'DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ', - 'SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ', - 'SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ', - 'WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ', - 'OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.', - ], - - $schema: 'https://json-schema.org/draft/2020-12/schema', - title: 'JSON Schema for Common Vulnerability Scoring System version 3.1', - $id: 'https://www.first.org/cvss/cvss-v3.1.json?20190610', - type: 'object', - $defs: { - attackVectorType: { - type: 'string', - enum: ['NETWORK', 'ADJACENT_NETWORK', 'LOCAL', 'PHYSICAL'], - }, - modifiedAttackVectorType: { - type: 'string', - enum: ['NETWORK', 'ADJACENT_NETWORK', 'LOCAL', 'PHYSICAL', 'NOT_DEFINED'], - }, - attackComplexityType: { - type: 'string', - enum: ['HIGH', 'LOW'], - }, - modifiedAttackComplexityType: { - type: 'string', - enum: ['HIGH', 'LOW', 'NOT_DEFINED'], - }, - privilegesRequiredType: { - type: 'string', - enum: ['HIGH', 'LOW', 'NONE'], - }, - modifiedPrivilegesRequiredType: { - type: 'string', - enum: ['HIGH', 'LOW', 'NONE', 'NOT_DEFINED'], - }, - userInteractionType: { - type: 'string', - enum: ['NONE', 'REQUIRED'], - }, - modifiedUserInteractionType: { - type: 'string', - enum: ['NONE', 'REQUIRED', 'NOT_DEFINED'], - }, - scopeType: { - type: 'string', - enum: ['UNCHANGED', 'CHANGED'], - }, - modifiedScopeType: { - type: 'string', - enum: ['UNCHANGED', 'CHANGED', 'NOT_DEFINED'], - }, - ciaType: { - type: 'string', - enum: ['NONE', 'LOW', 'HIGH'], - }, - modifiedCiaType: { - type: 'string', - enum: ['NONE', 'LOW', 'HIGH', 'NOT_DEFINED'], - }, - exploitCodeMaturityType: { - type: 'string', - enum: [ - 'UNPROVEN', - 'PROOF_OF_CONCEPT', - 'FUNCTIONAL', - 'HIGH', - 'NOT_DEFINED', - ], - }, - remediationLevelType: { - type: 'string', - enum: [ - 'OFFICIAL_FIX', - 'TEMPORARY_FIX', - 'WORKAROUND', - 'UNAVAILABLE', - 'NOT_DEFINED', - ], - }, - confidenceType: { - type: 'string', - enum: ['UNKNOWN', 'REASONABLE', 'CONFIRMED', 'NOT_DEFINED'], - }, - ciaRequirementType: { - type: 'string', - enum: ['LOW', 'MEDIUM', 'HIGH', 'NOT_DEFINED'], - }, - scoreType: { - type: 'number', - minimum: 0, - maximum: 10, - }, - severityType: { - type: 'string', - enum: ['NONE', 'LOW', 'MEDIUM', 'HIGH', 'CRITICAL'], - }, - }, - properties: { - version: { - description: 'CVSS Version', - type: 'string', - enum: ['3.1'], - }, - vectorString: { - type: 'string', - pattern: - '^CVSS:3.1/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$', - }, - attackVector: { $ref: '#/$defs/attackVectorType' }, - attackComplexity: { $ref: '#/$defs/attackComplexityType' }, - privilegesRequired: { $ref: '#/$defs/privilegesRequiredType' }, - userInteraction: { $ref: '#/$defs/userInteractionType' }, - scope: { $ref: '#/$defs/scopeType' }, - confidentialityImpact: { $ref: '#/$defs/ciaType' }, - integrityImpact: { $ref: '#/$defs/ciaType' }, - availabilityImpact: { $ref: '#/$defs/ciaType' }, - baseScore: { $ref: '#/$defs/scoreType' }, - baseSeverity: { $ref: '#/$defs/severityType' }, - exploitCodeMaturity: { $ref: '#/$defs/exploitCodeMaturityType' }, - remediationLevel: { $ref: '#/$defs/remediationLevelType' }, - reportConfidence: { $ref: '#/$defs/confidenceType' }, - temporalScore: { $ref: '#/$defs/scoreType' }, - temporalSeverity: { $ref: '#/$defs/severityType' }, - confidentialityRequirement: { - $ref: '#/$defs/ciaRequirementType', - }, - integrityRequirement: { $ref: '#/$defs/ciaRequirementType' }, - availabilityRequirement: { $ref: '#/$defs/ciaRequirementType' }, - modifiedAttackVector: { - $ref: '#/$defs/modifiedAttackVectorType', - }, - modifiedAttackComplexity: { - $ref: '#/$defs/modifiedAttackComplexityType', - }, - modifiedPrivilegesRequired: { - $ref: '#/$defs/modifiedPrivilegesRequiredType', - }, - modifiedUserInteraction: { - $ref: '#/$defs/modifiedUserInteractionType', - }, - modifiedScope: { $ref: '#/$defs/modifiedScopeType' }, - modifiedConfidentialityImpact: { - $ref: '#/$defs/modifiedCiaType', - }, - modifiedIntegrityImpact: { $ref: '#/$defs/modifiedCiaType' }, - modifiedAvailabilityImpact: { $ref: '#/$defs/modifiedCiaType' }, - environmentalScore: { $ref: '#/$defs/scoreType' }, - environmentalSeverity: { $ref: '#/$defs/severityType' }, - }, - required: ['version', 'vectorString', 'baseScore', 'baseSeverity'], -} diff --git a/csaf-validator-lib/csaf_2_1/csafAjv/cvss-v4.0.1.js b/csaf-validator-lib/csaf_2_1/csafAjv/cvss-v4.0.1.js deleted file mode 100644 index b4aab6e..0000000 --- a/csaf-validator-lib/csaf_2_1/csafAjv/cvss-v4.0.1.js +++ /dev/null @@ -1,300 +0,0 @@ -export default { - license: [ - 'Copyright (c) 2025, FIRST.ORG, INC.', - 'All rights reserved.', - '', - 'Redistribution and use in source and binary forms, with or without modification, are permitted provided that the ', - 'following conditions are met:', - '1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following ', - ' disclaimer.', - '2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the ', - ' following disclaimer in the documentation and/or other materials provided with the distribution.', - '3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote ', - ' products derived from this software without specific prior written permission.', - '', - "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, ", - 'INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ', - 'DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ', - 'SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ', - 'SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ', - 'WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ', - 'OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.', - ], - - $schema: 'http://json-schema.org/draft-07/schema#', - title: - 'JSON Schema for Common Vulnerability Scoring System version 4.0, Revision 1', - $id: 'https://www.first.org/cvss/cvss-v4.0.1.json?20250704', - type: 'object', - definitions: { - attackVectorType: { - type: 'string', - enum: ['NETWORK', 'ADJACENT', 'LOCAL', 'PHYSICAL'], - }, - modifiedAttackVectorType: { - type: 'string', - enum: ['NETWORK', 'ADJACENT', 'LOCAL', 'PHYSICAL', 'NOT_DEFINED'], - default: 'NOT_DEFINED', - }, - attackComplexityType: { - type: 'string', - enum: ['HIGH', 'LOW'], - }, - modifiedAttackComplexityType: { - type: 'string', - enum: ['HIGH', 'LOW', 'NOT_DEFINED'], - default: 'NOT_DEFINED', - }, - attackRequirementsType: { - type: 'string', - enum: ['NONE', 'PRESENT'], - }, - modifiedAttackRequirementsType: { - type: 'string', - enum: ['NONE', 'PRESENT', 'NOT_DEFINED'], - default: 'NOT_DEFINED', - }, - privilegesRequiredType: { - type: 'string', - enum: ['HIGH', 'LOW', 'NONE'], - }, - modifiedPrivilegesRequiredType: { - type: 'string', - enum: ['HIGH', 'LOW', 'NONE', 'NOT_DEFINED'], - default: 'NOT_DEFINED', - }, - userInteractionType: { - type: 'string', - enum: ['NONE', 'PASSIVE', 'ACTIVE'], - }, - modifiedUserInteractionType: { - type: 'string', - enum: ['NONE', 'PASSIVE', 'ACTIVE', 'NOT_DEFINED'], - default: 'NOT_DEFINED', - }, - vulnCiaType: { - type: 'string', - enum: ['NONE', 'LOW', 'HIGH'], - }, - modifiedVulnCiaType: { - type: 'string', - enum: ['NONE', 'LOW', 'HIGH', 'NOT_DEFINED'], - default: 'NOT_DEFINED', - }, - subCiaType: { - type: 'string', - enum: ['NONE', 'LOW', 'HIGH'], - }, - modifiedSubCType: { - type: 'string', - enum: ['NEGLIGIBLE', 'LOW', 'HIGH', 'NOT_DEFINED'], - default: 'NOT_DEFINED', - }, - modifiedSubIaType: { - type: 'string', - enum: ['NEGLIGIBLE', 'LOW', 'HIGH', 'SAFETY', 'NOT_DEFINED'], - default: 'NOT_DEFINED', - }, - exploitMaturityType: { - type: 'string', - enum: ['UNREPORTED', 'PROOF_OF_CONCEPT', 'ATTACKED', 'NOT_DEFINED'], - default: 'NOT_DEFINED', - }, - ciaRequirementType: { - type: 'string', - enum: ['LOW', 'MEDIUM', 'HIGH', 'NOT_DEFINED'], - default: 'NOT_DEFINED', - }, - safetyType: { - type: 'string', - enum: ['NEGLIGIBLE', 'PRESENT', 'NOT_DEFINED'], - default: 'NOT_DEFINED', - }, - automatableType: { - type: 'string', - enum: ['NO', 'YES', 'NOT_DEFINED'], - default: 'NOT_DEFINED', - }, - recoveryType: { - type: 'string', - enum: ['AUTOMATIC', 'USER', 'IRRECOVERABLE', 'NOT_DEFINED'], - default: 'NOT_DEFINED', - }, - valueDensityType: { - type: 'string', - enum: ['DIFFUSE', 'CONCENTRATED', 'NOT_DEFINED'], - default: 'NOT_DEFINED', - }, - vulnerabilityResponseEffortType: { - type: 'string', - enum: ['LOW', 'MODERATE', 'HIGH', 'NOT_DEFINED'], - default: 'NOT_DEFINED', - }, - providerUrgencyType: { - type: 'string', - enum: ['CLEAR', 'GREEN', 'AMBER', 'RED', 'NOT_DEFINED'], - default: 'NOT_DEFINED', - }, - noneScoreType: { - type: 'number', - minimum: 0.0, - maximum: 0.0, - }, - lowScoreType: { - type: 'number', - minimum: 0.1, - maximum: 3.9, - multipleOf: 0.1, - }, - mediumScoreType: { - type: 'number', - minimum: 4.0, - maximum: 6.9, - multipleOf: 0.1, - }, - highScoreType: { - type: 'number', - minimum: 7.0, - maximum: 8.9, - multipleOf: 0.1, - }, - criticalScoreType: { - type: 'number', - minimum: 9.0, - maximum: 10, - multipleOf: 0.1, - }, - noneSeverityType: { - const: 'NONE', - }, - lowSeverityType: { - const: 'LOW', - }, - mediumSeverityType: { - const: 'MEDIUM', - }, - highSeverityType: { - const: 'HIGH', - }, - criticalSeverityType: { - const: 'CRITICAL', - }, - }, - properties: { - version: { - description: 'CVSS Version', - type: 'string', - enum: ['4.0'], - }, - vectorString: { - type: 'string', - pattern: - '^CVSS:4[.]0/AV:[NALP]/AC:[LH]/AT:[NP]/PR:[NLH]/UI:[NPA]/VC:[HLN]/VI:[HLN]/VA:[HLN]/SC:[HLN]/SI:[HLN]/SA:[HLN](/E:[XAPU])?(/CR:[XHML])?(/IR:[XHML])?(/AR:[XHML])?(/MAV:[XNALP])?(/MAC:[XLH])?(/MAT:[XNP])?(/MPR:[XNLH])?(/MUI:[XNPA])?(/MVC:[XNLH])?(/MVI:[XNLH])?(/MVA:[XNLH])?(/MSC:[XNLH])?(/MSI:[XNLHS])?(/MSA:[XNLHS])?(/S:[XNP])?(/AU:[XNY])?(/R:[XAUI])?(/V:[XDC])?(/RE:[XLMH])?(/U:(X|Clear|Green|Amber|Red))?$', - }, - attackVector: { $ref: '#/definitions/attackVectorType' }, - attackComplexity: { $ref: '#/definitions/attackComplexityType' }, - attackRequirements: { $ref: '#/definitions/attackRequirementsType' }, - privilegesRequired: { $ref: '#/definitions/privilegesRequiredType' }, - userInteraction: { $ref: '#/definitions/userInteractionType' }, - vulnConfidentialityImpact: { $ref: '#/definitions/vulnCiaType' }, - vulnIntegrityImpact: { $ref: '#/definitions/vulnCiaType' }, - vulnAvailabilityImpact: { $ref: '#/definitions/vulnCiaType' }, - subConfidentialityImpact: { $ref: '#/definitions/subCiaType' }, - subIntegrityImpact: { $ref: '#/definitions/subCiaType' }, - subAvailabilityImpact: { $ref: '#/definitions/subCiaType' }, - exploitMaturity: { $ref: '#/definitions/exploitMaturityType' }, - confidentialityRequirement: { $ref: '#/definitions/ciaRequirementType' }, - integrityRequirement: { $ref: '#/definitions/ciaRequirementType' }, - availabilityRequirement: { $ref: '#/definitions/ciaRequirementType' }, - modifiedAttackVector: { $ref: '#/definitions/modifiedAttackVectorType' }, - modifiedAttackComplexity: { - $ref: '#/definitions/modifiedAttackComplexityType', - }, - modifiedAttackRequirements: { - $ref: '#/definitions/modifiedAttackRequirementsType', - }, - modifiedPrivilegesRequired: { - $ref: '#/definitions/modifiedPrivilegesRequiredType', - }, - modifiedUserInteraction: { - $ref: '#/definitions/modifiedUserInteractionType', - }, - modifiedVulnConfidentialityImpact: { - $ref: '#/definitions/modifiedVulnCiaType', - }, - modifiedVulnIntegrityImpact: { $ref: '#/definitions/modifiedVulnCiaType' }, - modifiedVulnAvailabilityImpact: { - $ref: '#/definitions/modifiedVulnCiaType', - }, - modifiedSubConfidentialityImpact: { - $ref: '#/definitions/modifiedSubCType', - }, - modifiedSubIntegrityImpact: { $ref: '#/definitions/modifiedSubIaType' }, - modifiedSubAvailabilityImpact: { $ref: '#/definitions/modifiedSubIaType' }, - Safety: { $ref: '#/definitions/safetyType' }, - Automatable: { $ref: '#/definitions/automatableType' }, - Recovery: { $ref: '#/definitions/recoveryType' }, - valueDensity: { $ref: '#/definitions/valueDensityType' }, - vulnerabilityResponseEffort: { - $ref: '#/definitions/vulnerabilityResponseEffortType', - }, - providerUrgency: { $ref: '#/definitions/providerUrgencyType' }, - }, - allOf: [ - { - anyOf: [ - { - properties: { - baseScore: { - $ref: '#/definitions/noneScoreType', - }, - baseSeverity: { - $ref: '#/definitions/noneSeverityType', - }, - }, - }, - { - properties: { - baseScore: { - $ref: '#/definitions/lowScoreType', - }, - baseSeverity: { - $ref: '#/definitions/lowSeverityType', - }, - }, - }, - { - properties: { - baseScore: { - $ref: '#/definitions/mediumScoreType', - }, - baseSeverity: { - $ref: '#/definitions/mediumSeverityType', - }, - }, - }, - { - properties: { - baseScore: { - $ref: '#/definitions/highScoreType', - }, - baseSeverity: { - $ref: '#/definitions/highSeverityType', - }, - }, - }, - { - properties: { - baseScore: { - $ref: '#/definitions/criticalScoreType', - }, - baseSeverity: { - $ref: '#/definitions/criticalSeverityType', - }, - }, - }, - ], - }, - ], - required: ['version', 'vectorString', 'baseScore', 'baseSeverity'], -} diff --git a/csaf-validator-lib/csaf_2_1/csafAjv/draft-07-schema.js b/csaf-validator-lib/csaf_2_1/csafAjv/draft-07-schema.js deleted file mode 100644 index 2e168f9..0000000 --- a/csaf-validator-lib/csaf_2_1/csafAjv/draft-07-schema.js +++ /dev/null @@ -1,163 +0,0 @@ -export default { - $schema: 'http://json-schema.org/draft-07/schema#', - $id: 'http://json-schema.org/draft-07/schema#', - title: 'Core schema meta-schema', - definitions: { - schemaArray: { - type: 'array', - minItems: 1, - items: { $ref: '#' }, - }, - nonNegativeInteger: { - type: 'integer', - minimum: 0, - }, - nonNegativeIntegerDefault0: { - allOf: [{ $ref: '#/definitions/nonNegativeInteger' }, { default: 0 }], - }, - simpleTypes: { - enum: [ - 'array', - 'boolean', - 'integer', - 'null', - 'number', - 'object', - 'string', - ], - }, - stringArray: { - type: 'array', - items: { type: 'string' }, - uniqueItems: true, - default: [], - }, - }, - type: ['object', 'boolean'], - properties: { - $id: { - type: 'string', - format: 'uri-reference', - }, - $schema: { - type: 'string', - format: 'uri', - }, - $ref: { - type: 'string', - format: 'uri-reference', - }, - $comment: { - type: 'string', - }, - title: { - type: 'string', - }, - description: { - type: 'string', - }, - default: true, - readOnly: { - type: 'boolean', - default: false, - }, - writeOnly: { - type: 'boolean', - default: false, - }, - examples: { - type: 'array', - items: true, - }, - multipleOf: { - type: 'number', - exclusiveMinimum: 0, - }, - maximum: { - type: 'number', - }, - exclusiveMaximum: { - type: 'number', - }, - minimum: { - type: 'number', - }, - exclusiveMinimum: { - type: 'number', - }, - maxLength: { $ref: '#/definitions/nonNegativeInteger' }, - minLength: { $ref: '#/definitions/nonNegativeIntegerDefault0' }, - pattern: { - type: 'string', - format: 'regex', - }, - additionalItems: { $ref: '#' }, - items: { - anyOf: [{ $ref: '#' }, { $ref: '#/definitions/schemaArray' }], - default: true, - }, - maxItems: { $ref: '#/definitions/nonNegativeInteger' }, - minItems: { $ref: '#/definitions/nonNegativeIntegerDefault0' }, - uniqueItems: { - type: 'boolean', - default: false, - }, - contains: { $ref: '#' }, - maxProperties: { $ref: '#/definitions/nonNegativeInteger' }, - minProperties: { $ref: '#/definitions/nonNegativeIntegerDefault0' }, - required: { $ref: '#/definitions/stringArray' }, - additionalProperties: { $ref: '#' }, - definitions: { - type: 'object', - additionalProperties: { $ref: '#' }, - default: {}, - }, - properties: { - type: 'object', - additionalProperties: { $ref: '#' }, - default: {}, - }, - patternProperties: { - type: 'object', - additionalProperties: { $ref: '#' }, - propertyNames: { format: 'regex' }, - default: {}, - }, - dependencies: { - type: 'object', - additionalProperties: { - anyOf: [{ $ref: '#' }, { $ref: '#/definitions/stringArray' }], - }, - }, - propertyNames: { $ref: '#' }, - const: true, - enum: { - type: 'array', - items: true, - minItems: 1, - uniqueItems: true, - }, - type: { - anyOf: [ - { $ref: '#/definitions/simpleTypes' }, - { - type: 'array', - items: { $ref: '#/definitions/simpleTypes' }, - minItems: 1, - uniqueItems: true, - }, - ], - }, - format: { type: 'string' }, - contentMediaType: { type: 'string' }, - contentEncoding: { type: 'string' }, - if: { $ref: '#' }, - then: { $ref: '#' }, - else: { $ref: '#' }, - allOf: { $ref: '#/definitions/schemaArray' }, - anyOf: { $ref: '#/definitions/schemaArray' }, - oneOf: { $ref: '#/definitions/schemaArray' }, - not: { $ref: '#' }, - }, - default: true, -} diff --git a/csaf-validator-lib/csaf_2_1/csafAjv/format-assertion.js b/csaf-validator-lib/csaf_2_1/csafAjv/format-assertion.js deleted file mode 100644 index 793d6fc..0000000 --- a/csaf-validator-lib/csaf_2_1/csafAjv/format-assertion.js +++ /dev/null @@ -1,11 +0,0 @@ -export default { - $schema: 'https://json-schema.org/draft/2020-12/schema', - $id: 'https://json-schema.org/draft/2020-12/meta/format-assertion', - $dynamicAnchor: 'meta', - - title: 'Format vocabulary meta-schema for assertion results', - type: ['object', 'boolean'], - properties: { - format: { type: 'string' }, - }, -} diff --git a/csaf-validator-lib/csaf_2_1/csafAjv/meta.js b/csaf-validator-lib/csaf_2_1/csafAjv/meta.js deleted file mode 100644 index ce939a9..0000000 --- a/csaf-validator-lib/csaf_2_1/csafAjv/meta.js +++ /dev/null @@ -1,13 +0,0 @@ -export default { - $schema: 'https://json-schema.org/draft/2020-12/schema', - $id: 'https://docs.oasis-open.org/csaf/csaf/v2.1/schema/meta.json', - $dynamicAnchor: 'meta', - $vocabulary: { - 'https://json-schema.org/draft/2020-12/vocab/core': true, - 'https://json-schema.org/draft/2020-12/vocab/format-assertion': true, - }, - allOf: [ - { $ref: 'https://json-schema.org/draft/2020-12/meta/core' }, - { $ref: 'https://json-schema.org/draft/2020-12/meta/format-assertion' }, - ], -} diff --git a/csaf-validator-lib/csaf_2_1/dateHelper.js b/csaf-validator-lib/csaf_2_1/dateHelper.js deleted file mode 100644 index 2a9ff48..0000000 --- a/csaf-validator-lib/csaf_2_1/dateHelper.js +++ /dev/null @@ -1,47 +0,0 @@ -import { Temporal } from 'temporal-polyfill' - -/** - * compare iso timestamps - * returns a negative number if a is less than b, positive if a is greater than b, and zero if they are equal. - * This function also returns 0 if one of the given values could not be parsed. - * - * @param {string} a - * @param {string} b - */ -export const compareZonedDateTimes = (a, b) => { - try { - const duration = Temporal.Instant.from(b).until(Temporal.Instant.from(a)) - return duration.sign - } catch (e) { - return 0 - } -} - -/** - * This regex validates a date against RFC 3339 section 5.6. - * See: https://datatracker.ietf.org/doc/html/rfc3339#section-5.6 - */ -export const timestampRegex = - /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?(Z|[+-]\d{2}:\d{2})$/ - -/** - * Checks if the given string is a semantically correct timestamp (RFC 3339). With one - * exception: It does not allow leap seconds. - * - * @param {string} v - * @returns - */ -export const validateTimestamp = (v) => { - try { - // Temporal.Instant.from() throws an error if the date is invalid. But they - // normalize the date if e.g. there are 60 seconds (leap second) ... - Temporal.Instant.from(v) - - // ... To handle that case we additionally use the date constructor which - // does not allow more than 59 seconds at all. - if (Number.isNaN(new Date(v).getTime())) return false - return true - } catch (e) { - return false - } -} diff --git a/csaf-validator-lib/csaf_2_1/extended.js b/csaf-validator-lib/csaf_2_1/extended.js deleted file mode 100644 index 94c86b9..0000000 --- a/csaf-validator-lib/csaf_2_1/extended.js +++ /dev/null @@ -1,2 +0,0 @@ -export * from './basic.js' -export * from './recommendedTests.js' diff --git a/csaf-validator-lib/csaf_2_1/full.js b/csaf-validator-lib/csaf_2_1/full.js deleted file mode 100644 index 354517b..0000000 --- a/csaf-validator-lib/csaf_2_1/full.js +++ /dev/null @@ -1,2 +0,0 @@ -export * from './extended.js' -export * from './informativeTests.js' diff --git a/csaf-validator-lib/csaf_2_1/informativeTests.js b/csaf-validator-lib/csaf_2_1/informativeTests.js deleted file mode 100644 index 0ecb389..0000000 --- a/csaf-validator-lib/csaf_2_1/informativeTests.js +++ /dev/null @@ -1,15 +0,0 @@ -export { - informativeTest_6_3_3, - informativeTest_6_3_5, - informativeTest_6_3_6, - informativeTest_6_3_7, - informativeTest_6_3_8, - informativeTest_6_3_9, - informativeTest_6_3_10, - informativeTest_6_3_11, -} from '../informativeTests.js' -export { informativeTest_6_3_1 } from './informativeTests/informativeTest_6_3_1.js' -export { informativeTest_6_3_2 } from './informativeTests/informativeTest_6_3_2.js' -export { informativeTest_6_3_4 } from './informativeTests/informativeTest_6_3_4.js' -export { informativeTest_6_3_12 } from './informativeTests/informativeTest_6_3_12.js' -export { informativeTest_6_3_18 } from './informativeTests/informativeTest_6_3_18.js' diff --git a/csaf-validator-lib/csaf_2_1/informativeTests/informativeTest_6_3_1.js b/csaf-validator-lib/csaf_2_1/informativeTests/informativeTest_6_3_1.js deleted file mode 100644 index 34b432f..0000000 --- a/csaf-validator-lib/csaf_2_1/informativeTests/informativeTest_6_3_1.js +++ /dev/null @@ -1,131 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -/** - * @typedef {object} MetricContent - * @property {object} [cvss_v2] - * @property {string} cvss_v2.version - * @property {object} [cvss_v3] - * @property {string} cvss_v3.version - * @property {object} [cvss_v4] - * @property {string} cvss_v4.version - */ - -/** - * @typedef {object} Metric - * @property {MetricContent} [content] - * @property {Array} products - */ - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - properties: {}, - optionalProperties: { - metrics: { - elements: { - additionalProperties: true, - properties: { - products: { - elements: { type: 'string' }, - }, - }, - optionalProperties: { - content: { - additionalProperties: true, - optionalProperties: { - cvss_v2: { - additionalProperties: true, - properties: { - version: { type: 'string' }, - }, - }, - cvss_v3: { - additionalProperties: true, - properties: { - version: { type: 'string' }, - }, - }, - cvss_v4: { - additionalProperties: true, - properties: { - version: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) - -/** - * @param {unknown} doc - * @returns - */ -export function informativeTest_6_3_1(doc) { - const ctx = { - infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - /** - * @param {Metric} metric - * @param {Set} versionSet - */ - function addVersionsInMetricToSet(metric, versionSet) { - if (metric.content?.cvss_v2?.version !== undefined) { - versionSet.add(metric.content.cvss_v2.version) - } - if (metric.content?.cvss_v3?.version !== undefined) { - versionSet.add(metric.content.cvss_v3.version) - } - if (metric.content?.cvss_v4?.version !== undefined) { - versionSet.add(metric.content.cvss_v4.version) - } - } - - const vulnerabilities = doc.vulnerabilities - - vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - /** @type {Map>} */ - const cvssVersionsByProduct = new Map() - const metricIndexByProduct = new Map() - /** @type {Array | undefined} */ - const metrics = vulnerability.metrics - metrics?.forEach((metric, metricIndex) => { - /** @type {Array} */ - const products = metric.products - products.forEach((product) => { - const versionSet = cvssVersionsByProduct.get(product) ?? new Set() - cvssVersionsByProduct.set(product, versionSet) - metricIndexByProduct.set(product, metricIndex) - addVersionsInMetricToSet(metric, versionSet) - }) - }) - cvssVersionsByProduct.forEach((value, product) => { - if (value.size === 1 && value.values().next().value === '2.0') { - const metricIndex = metricIndexByProduct.get(product) - ctx.infos.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}`, - message: `use of cvss v2 as the only scoring system for product ${product}`, - }) - } - }) - }) - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/informativeTests/informativeTest_6_3_12.js b/csaf-validator-lib/csaf_2_1/informativeTests/informativeTest_6_3_12.js deleted file mode 100644 index e69a6a6..0000000 --- a/csaf-validator-lib/csaf_2_1/informativeTests/informativeTest_6_3_12.js +++ /dev/null @@ -1,96 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -/** - * @typedef {object} MetricContent - * @property {object} [cvss_v2] - * @property {string} [cvss_v2.version] - * @property {object} [cvss_v3] - * @property {string} [cvss_v3.version] - * @property {object} [cvss_v4] - * @property {string} [cvss_v4.version] - */ - -/** - * @typedef {object} Metric - * @property {MetricContent} [content] - * @property {Array} [products] - */ - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - metrics: { - elements: { - additionalProperties: true, - optionalProperties: { - content: { - additionalProperties: true, - optionalProperties: { - cvss_v2: { - additionalProperties: true, - optionalProperties: { - version: { type: 'string' }, - }, - }, - cvss_v3: { - additionalProperties: true, - optionalProperties: { - version: { type: 'string' }, - }, - }, - cvss_v4: { - additionalProperties: true, - optionalProperties: { - version: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) - -/** - * For each item in the list of metrics, it MUST be tested that a cvss_v4 object is present. - * @param {unknown} doc - * @returns - */ -export function informativeTest_6_3_12(doc) { - const ctx = { - infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - const vulnerabilities = doc.vulnerabilities - - vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - /** @type {Array | undefined} */ - const metrics = vulnerability.metrics - metrics?.forEach((metric, metricIndex) => { - if (!metric?.content?.cvss_v4) { - ctx.infos.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/cvss_v4`, - message: `cvss_v4 object is not present`, - }) - } - }) - }) - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/informativeTests/informativeTest_6_3_18.js b/csaf-validator-lib/csaf_2_1/informativeTests/informativeTest_6_3_18.js deleted file mode 100644 index 7d49bb8..0000000 --- a/csaf-validator-lib/csaf_2_1/informativeTests/informativeTest_6_3_18.js +++ /dev/null @@ -1,76 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -/** - * @typedef {object} MetricContent - * @property {string} [qualitative_severity_rating] - */ - -/** - * @typedef {object} Metric - * @property {MetricContent} [content] - * @property {Array} [products] - */ - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - metrics: { - elements: { - additionalProperties: true, - optionalProperties: { - content: { - additionalProperties: true, - optionalProperties: { - qualitative_severity_rating: { - type: 'string', - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) - -/** - * For each item in metrics it MUST be tested that it does not use the qualitative severity rating. - * @param {any} doc - * @returns - */ -export function informativeTest_6_3_18(doc) { - const ctx = { - infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - const vulnerabilities = doc.vulnerabilities - - vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - /** @type {Array | undefined} */ - const metrics = vulnerability.metrics - metrics?.forEach((metric, metricIndex) => { - if (metric?.content?.qualitative_severity_rating) { - ctx.infos.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/qualitative_severity_rating`, - message: 'qualitative_severity_rating object is present', - }) - } - }) - }) - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/informativeTests/informativeTest_6_3_2.js b/csaf-validator-lib/csaf_2_1/informativeTests/informativeTest_6_3_2.js deleted file mode 100644 index 46f77f5..0000000 --- a/csaf-validator-lib/csaf_2_1/informativeTests/informativeTest_6_3_2.js +++ /dev/null @@ -1,72 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - metrics: { - elements: { - additionalProperties: true, - optionalProperties: { - content: { - additionalProperties: true, - optionalProperties: { - cvss_v3: { - additionalProperties: true, - optionalProperties: { - version: { type: 'string' }, - vectorString: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) - -/** - * For each item in the list of metrics which contains the cvss_v3 object under - * content it MUST be tested that CVSS v3.0 is not used. - * @param {unknown} doc - * @returns - */ -export function informativeTest_6_3_2(doc) { - const ctx = { - infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - const metrics = vulnerability.metrics - metrics?.forEach((metric, metricIndex) => { - if (metric.content?.cvss_v3) { - if ( - metric.content.cvss_v3.version === '3.0' || - metric.content.cvss_v3.vectorString?.startsWith('CVSS:3.0') - ) { - ctx.infos.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/cvss_v3/version`, - message: 'It is recommended to upgrade to CVSS v3.1.', - }) - } - } - }) - }) - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/informativeTests/informativeTest_6_3_4.js b/csaf-validator-lib/csaf_2_1/informativeTests/informativeTest_6_3_4.js deleted file mode 100644 index ab7f594..0000000 --- a/csaf-validator-lib/csaf_2_1/informativeTests/informativeTest_6_3_4.js +++ /dev/null @@ -1,50 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - cwes: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) - -/** - * It MUST be tested that at least one CWE is given. - * @param {unknown} doc - * @returns - */ -export function informativeTest_6_3_4(doc) { - const ctx = { - infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - if (!vulnerability?.cwes?.length) { - ctx.infos.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}`, - message: 'missing cwe', - }) - } - }) - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests.js b/csaf-validator-lib/csaf_2_1/mandatoryTests.js deleted file mode 100644 index 2d4ebdf..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests.js +++ /dev/null @@ -1,67 +0,0 @@ -export { - mandatoryTest_6_1_3, - mandatoryTest_6_1_4, - mandatoryTest_6_1_5, - mandatoryTest_6_1_12, - mandatoryTest_6_1_14, - mandatoryTest_6_1_15, - mandatoryTest_6_1_16, - mandatoryTest_6_1_17, - mandatoryTest_6_1_18, - mandatoryTest_6_1_19, - mandatoryTest_6_1_20, - mandatoryTest_6_1_21, - mandatoryTest_6_1_22, - mandatoryTest_6_1_23, - mandatoryTest_6_1_24, - mandatoryTest_6_1_25, - mandatoryTest_6_1_26, - mandatoryTest_6_1_27_1, - mandatoryTest_6_1_27_2, - mandatoryTest_6_1_27_3, - mandatoryTest_6_1_27_4, - mandatoryTest_6_1_27_6, - mandatoryTest_6_1_27_7, - mandatoryTest_6_1_27_8, - mandatoryTest_6_1_27_9, - mandatoryTest_6_1_27_10, - mandatoryTest_6_1_27_11, - mandatoryTest_6_1_28, - mandatoryTest_6_1_29, - mandatoryTest_6_1_30, - mandatoryTest_6_1_31, - mandatoryTest_6_1_32, - mandatoryTest_6_1_33, -} from '../mandatoryTests.js' -export { mandatoryTest_6_1_1 } from './mandatoryTests/mandatoryTest_6_1_1.js' -export { mandatoryTest_6_1_2 } from './mandatoryTests/mandatoryTest_6_1_2.js' -export { mandatoryTest_6_1_6 } from './mandatoryTests/mandatoryTest_6_1_6.js' -export { mandatoryTest_6_1_7 } from './mandatoryTests/mandatoryTest_6_1_7.js' -export { mandatoryTest_6_1_8 } from './mandatoryTests/mandatoryTest_6_1_8.js' -export { mandatoryTest_6_1_9 } from './mandatoryTests/mandatoryTest_6_1_9.js' -export { mandatoryTest_6_1_10 } from './mandatoryTests/mandatoryTest_6_1_10.js' -export { mandatoryTest_6_1_11 } from './mandatoryTests/mandatoryTest_6_1_11.js' -export { mandatoryTest_6_1_13 } from './mandatoryTests/mandatoryTest_6_1_13.js' -export { mandatoryTest_6_1_27_5 } from './mandatoryTests/mandatoryTest_6_1_27_5.js' -export { mandatoryTest_6_1_27_12 } from './mandatoryTests/mandatoryTest_6_1_27_12.js' -export { mandatoryTest_6_1_27_14 } from './mandatoryTests/mandatoryTest_6_1_27_14.js' -export { mandatoryTest_6_1_27_15 } from './mandatoryTests/mandatoryTest_6_1_27_15.js' -export { mandatoryTest_6_1_27_16 } from './mandatoryTests/mandatoryTest_6_1_27_16.js' -export { mandatoryTest_6_1_27_17 } from './mandatoryTests/mandatoryTest_6_1_27_17.js' -export { mandatoryTest_6_1_27_18 } from './mandatoryTests/mandatoryTest_6_1_27_18.js' -export { mandatoryTest_6_1_27_19 } from './mandatoryTests/mandatoryTest_6_1_27_19.js' -export { mandatoryTest_6_1_34 } from './mandatoryTests/mandatoryTest_6_1_34.js' -export { mandatoryTest_6_1_35 } from './mandatoryTests/mandatoryTest_6_1_35.js' -export { mandatoryTest_6_1_36 } from './mandatoryTests/mandatoryTest_6_1_36.js' -export { mandatoryTest_6_1_37 } from './mandatoryTests/mandatoryTest_6_1_37.js' -export { mandatoryTest_6_1_38 } from './mandatoryTests/mandatoryTests_6_1_38.js' -export { mandatoryTest_6_1_39 } from './mandatoryTests/mandatoryTest_6_1_39.js' -export { mandatoryTest_6_1_40 } from './mandatoryTests/mandatoryTest_6_1_40.js' -export { mandatoryTest_6_1_41 } from './mandatoryTests/mandatoryTest_6_1_41.js' -export { mandatoryTest_6_1_42 } from './mandatoryTests/mandatoryTest_6_1_42.js' -export { mandatoryTest_6_1_43 } from './mandatoryTests/mandatoryTest_6_1_43.js' -export { mandatoryTest_6_1_44 } from './mandatoryTests/mandatoryTest_6_1_44.js' -export { mandatoryTest_6_1_45 } from './mandatoryTests/mandatoryTest_6_1_45.js' -export { mandatoryTest_6_1_51 } from './mandatoryTests/mandatoryTest_6_1_51.js' -export { mandatoryTest_6_1_52 } from './mandatoryTests/mandatoryTest_6_1_52.js' -export { mandatoryTest_6_1_58 } from './mandatoryTests/mandatoryTest_6_1_58.js' diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_1.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_1.js deleted file mode 100644 index 6bb7bee..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_1.js +++ /dev/null @@ -1,278 +0,0 @@ -import * as docUtils from '../../lib/mandatoryTests/shared/docUtils.js' - -const { collectProductIds } = docUtils - -/** - * @typedef {Object} FullProductName - * @property {string} name - * @property {string} product_id - */ - -/** - * @typedef {Object} Branch - * @property {Array} branches - * @property {FullProductName} product - */ - -/** - * @param {any} doc - */ -export function mandatoryTest_6_1_1(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - const productIds = collectProductIds({ document: doc }) - const productIdRefs = collectProductIdRefs({ document: doc }) - const missingProductDefinitions = findMissingDefinitions( - productIds, - productIdRefs - ) - if (missingProductDefinitions.length > 0) { - isValid = false - missingProductDefinitions.forEach((missingProductDefinition) => { - errors.push({ - message: 'definition of product id missing', - instancePath: missingProductDefinition.instancePath, - }) - }) - } - return { isValid, errors } -} - -/** - * This method collects references to product ids and corresponding instancePaths in the given document and returns a result object. - * @param {any} document - * @returns {{id: string, instancePath: string}[]} - */ -function collectProductIdRefs({ document }) { - const entries = /** @type {{id: string, instancePath: string}[]} */ ([]) - - const productGroups = document.product_tree?.product_groups - if (productGroups) { - for (let i = 0; i < productGroups.length; ++i) { - const productGroup = productGroups[i] - const productIds = productGroup.product_ids - if (productIds) { - for (let j = 0; j < productIds.length; ++j) { - const productId = productIds[j] - if (productId) { - entries.push({ - id: productId, - instancePath: `/product_tree/product_groups/${i}/product_ids/${j}`, - }) - } - } - } - } - } - - const relationshipGroups = document.product_tree?.relationships - if (relationshipGroups) { - for (let i = 0; i < relationshipGroups.length; ++i) { - const relationshipGroup = relationshipGroups[i] - const productRef = relationshipGroup.product_reference - if (productRef) { - entries.push({ - id: productRef, - instancePath: '/product_tree/relationships/${i}/product_reference', - }) - } - const relToProductRef = relationshipGroup.relates_to_product_reference - if (relToProductRef) { - entries.push({ - id: relToProductRef, - instancePath: `/product_tree/relationships/${i}/relates_to_product_reference`, - }) - } - } - } - - const vulnerabilities = document.vulnerabilities - if (vulnerabilities) { - for (let i = 0; i < vulnerabilities.length; ++i) { - const vulnerability = vulnerabilities[i] - collectRefsInProductStatus( - `/vulnerabilities/${i}/product_status`, - vulnerability, - entries - ) - collectProductRefsInRemediations( - `/vulnerabilities/${i}/remediations`, - vulnerability, - entries - ) - collectRefsInMetrics( - `/vulnerabilities/${i}/metrics`, - vulnerability, - entries - ) - collectProductRefsInThreats( - `/vulnerabilities/${i}/threats`, - vulnerability, - entries - ) - } - } - - return entries -} - -/** - * @param {string} instancePath - * @param {{product_status: any}} vulnerability - * @param {*} entries - */ -const collectRefsInProductStatus = (instancePath, vulnerability, entries) => { - findRefsInProductStatus( - vulnerability.product_status?.first_affected, - `${instancePath}/first_affected`, - entries - ) - findRefsInProductStatus( - vulnerability.product_status?.first_fixed, - `${instancePath}/first_fixed`, - entries - ) - findRefsInProductStatus( - vulnerability.product_status?.fixed, - `${instancePath}/fixed`, - entries - ) - findRefsInProductStatus( - vulnerability.product_status?.known_affected, - `${instancePath}/known_affected`, - entries - ) - findRefsInProductStatus( - vulnerability.product_status?.known_not_affected, - `${instancePath}/known_not_affected`, - entries - ) - findRefsInProductStatus( - vulnerability.product_status?.last_affected, - `${instancePath}/last_affected`, - entries - ) - findRefsInProductStatus( - vulnerability.product_status?.recommended, - `${instancePath}/recommended`, - entries - ) - findRefsInProductStatus( - vulnerability.product_status?.under_investigation, - `${instancePath}/under_investigation`, - entries - ) -} - -/** - * @param {string[]} refs - * @param {string} instancePath - * @param {{id: string, instancePath: string}[]} entries - */ -const findRefsInProductStatus = (refs, instancePath, entries) => { - if (refs) { - for (let i = 0; i < refs.length; ++i) { - const ref = refs[i] - if (ref) { - entries.push({ - id: ref, - instancePath: `${instancePath}/${i}`, - }) - } - } - } -} - -/** - * @param {string} instancePath - * @param {{threats: any}} vulnerability - * @param {*} entries - */ -const collectProductRefsInThreats = (instancePath, vulnerability, entries) => { - const threats = vulnerability.threats - if (threats) { - for (let i = 0; i < threats.length; ++i) { - const threat = threats[i] - const productIds = threat.product_ids - if (productIds) { - for (let j = 0; j < productIds.length; ++j) { - const productId = productIds[j] - if (productId) { - entries.push({ - id: productId, - instancePath: `${instancePath}/${i}/product_ids/${j}`, - }) - } - } - } - } - } -} - -/** - * @param {string} instancePath - * @param {{metrics: any}} vulnerability - * @param {*} entries - */ -const collectRefsInMetrics = (instancePath, vulnerability, entries) => { - const metrics = vulnerability.metrics - if (metrics) { - for (let i = 0; i < metrics.length; ++i) { - const metric = metrics[i] - const products = metric.products - if (products) { - for (let j = 0; j < products.length; ++j) { - const productId = products[j] - if (productId) { - entries.push({ - id: productId, - instancePath: `${instancePath}/${i}/products/${j}`, - }) - } - } - } - } - } -} - -/** - * @param {string} instancePath - * @param {{remediations: any}} vulnerability - * @param {*} entries - */ -const collectProductRefsInRemediations = ( - instancePath, - vulnerability, - entries -) => { - const remediations = vulnerability.remediations - if (remediations) { - for (let i = 0; i < remediations.length; ++i) { - const remediation = remediations[i] - const productIds = remediation.product_ids - if (productIds) { - for (let j = 0; j < productIds.length; ++j) { - const productId = productIds[j] - if (productId) { - entries.push({ - id: productId, - instancePath: `${instancePath}/${i}/product_ids/${j}`, - }) - } - } - } - } - } -} - -/** - * @param {{id: string}[]} entries - * @param {{id: string, instancePath: string}[]} refs - */ -const findMissingDefinitions = (entries, refs) => { - return refs.filter( - (ref) => entries.find((e) => e.id === ref.id) === undefined - ) -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_10.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_10.js deleted file mode 100644 index 27cf7b9..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_10.js +++ /dev/null @@ -1,237 +0,0 @@ -import * as cvss2 from '../../lib/shared/cvss2.js' -import * as cvss3 from '../../lib/shared/cvss3.js' -import * as cvss4 from '../../lib/shared/cvss4.js' -import { Ajv } from 'ajv/dist/jtd.js' - -/** @typedef {import('ajv/dist/jtd.js').JTDDataType} InputSchema */ - -/** @typedef {InputSchema['vulnerabilities'][number]} Vulnerability */ - -/** @typedef {NonNullable[number]} Metric */ - -/** @typedef {NonNullable} MetricContent */ - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - metrics: { - elements: { - additionalProperties: true, - optionalProperties: { - content: { - additionalProperties: true, - optionalProperties: { - cvss_v2: { - additionalProperties: true, - optionalProperties: { - vectorString: { type: 'string' }, - version: { type: 'string' }, - }, - }, - cvss_v3: { - additionalProperties: true, - optionalProperties: { - vectorString: { type: 'string' }, - version: { type: 'string' }, - }, - }, - cvss_v4: { - additionalProperties: true, - optionalProperties: { - vectorString: { type: 'string' }, - version: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, -}) -const ajv = new Ajv() -const validateInput = ajv.compile(inputSchema) - -/** @type { Record}>} */ -const cvssV3MappingByMetricKey = Object.fromEntries( - cvss3.mapping.map((mapping) => { - return [ - mapping[1], - { - jsonName: mapping[0], - optionsByKey: Object.fromEntries( - Object.entries(mapping[2]).map(([key, value]) => [value, key]) - ), - }, - ] - }) -) - -/** @type { Record}>} */ -const cvssV2MappingByMetricKey = Object.fromEntries( - cvss2.mapping.map((mapping) => { - return [ - mapping[1], - { - jsonName: mapping[0], - optionsByKey: Object.fromEntries( - Object.entries(mapping[2]).map(([key, value]) => [value.id, key]) - ), - }, - ] - }) -) - -/** - * @param {{optionName: string, optionValue: string, optionKey: string}[]} optionsArray - * @return {Record} - */ -function convertOptionsArrayToObject(optionsArray) { - /** @type {Record} */ - const result = {} - optionsArray.forEach((option) => { - result[option.optionKey] = option.optionValue - }) - return result -} - -/** @type { Record}>} */ -const cvssV4MappingByMetricKey = Object.fromEntries( - cvss4.flatMetrics.map((flatMetric) => { - return [ - flatMetric.metricShort, - { - jsonName: flatMetric.jsonName, - optionsByKey: convertOptionsArrayToObject(flatMetric.options), - }, - ] - }) -) - -/** - * @param {Metric} metric - */ -function validateCvss2(metric) { - if (typeof metric.content?.cvss_v2?.vectorString === 'string') { - return validateCVSSAttributes( - cvssV2MappingByMetricKey, - metric.content.cvss_v2 - ) - } else { - return [] - } -} - -/** - * @param {Metric} metric - */ -function validateCvss3(metric) { - if ( - typeof metric?.content?.cvss_v3?.vectorString === 'string' && - (metric.content.cvss_v3.version === '3.1' || - metric.content.cvss_v3.version === '3.0') - ) { - return validateCVSSAttributes( - cvssV3MappingByMetricKey, - metric.content.cvss_v3 - ) - } else { - return [] - } -} - -/** - * @param {Metric} metric - */ -function validateCvss4(metric) { - if (typeof metric?.content?.cvss_v4?.vectorString === 'string') { - return validateCVSSAttributes( - cvssV4MappingByMetricKey, - metric.content.cvss_v4 - ) - } else { - return [] - } -} - -/** - * @param {unknown} doc - */ -export function mandatoryTest_6_1_10(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - - if (!validateInput(doc)) { - return { errors, isValid: true } - } - - if (Array.isArray(doc.vulnerabilities)) { - /** @type {Array} */ - const vulnerabilities = doc.vulnerabilities - vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - if (!Array.isArray(vulnerability.metrics)) return - /** @type {Array} */ - const metrics = vulnerability.metrics - metrics.forEach((metric, metricIndex) => { - validateCvss2(metric).forEach((attributeKey) => { - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/cvss_v2/${attributeKey}`, - message: 'value is not consistent with the vector string', - }) - }) - - validateCvss3(metric).forEach((attributeKey) => { - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/cvss_v3/${attributeKey}`, - message: 'value is not consistent with the vector string', - }) - }) - - validateCvss4(metric).forEach((attributeKey) => { - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/cvss_v4/${attributeKey}`, - message: 'value is not consistent with the vector string', - }) - }) - }) - }) - } - - return { errors, isValid: errors.length === 0 } -} - -/** - * validate the cvss vector against the cvss properties - * @param {Record}>}mappingByMetricKey cvss version specific mapping - * @param {Record} cvss cvss object - - */ -function validateCVSSAttributes(mappingByMetricKey, cvss) { - const vectorString = /** @type {string} */ (cvss.vectorString) - const vectorValues = vectorString.split('/').slice(1) - /** - * @type {string[]} - */ - const invalidKeys = [] - vectorValues.forEach((vectorValue) => { - const [vectorMetricKey, vectorOptionKey] = vectorValue.split(':') - const mapping = mappingByMetricKey[vectorMetricKey] - if (mapping) { - const metricOptionValue = cvss[mapping.jsonName] - if (typeof metricOptionValue == 'string') { - const expectedOptionValue = mapping.optionsByKey[vectorOptionKey] - if (metricOptionValue !== expectedOptionValue) { - invalidKeys.push(mapping.jsonName) - } - } - } - }) - return invalidKeys -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_11.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_11.js deleted file mode 100644 index 4470ad7..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_11.js +++ /dev/null @@ -1,96 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { cwecMap } from '../../lib/cwec.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - properties: { - cwes: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) - -const cweSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - id: { type: 'string' }, - version: { type: 'string' }, - name: { type: 'string' }, - }, -}) - -const validateCWE = ajv.compile(cweSchema) - -/** - * This implements the mandatory test 6.1.11 of the CSAF 2.1 standard. - * - * @param {any} doc - */ -export async function mandatoryTest_6_1_11(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - if (!validateInput(doc)) { - return { errors, isValid } - } - - for (let i = 0; i < doc.vulnerabilities.length; ++i) { - const vulnerability = doc.vulnerabilities[i] - for (let j = 0; j < vulnerability.cwes.length; ++j) { - const cwe = vulnerability.cwes.at(j) - if (validateCWE(cwe)) { - const cwec = cwecMap.get(cwe.version) - if (!cwec) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${i}/cwes/${j}/version`, - message: 'no such cwe version is recognized', - }) - continue - } - const entry = (await cwec()).default.weaknesses.find( - (w) => w.id === cwe.id - ) - if (!entry) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${i}/cwes/${j}/id`, - message: `no weakness with this id is recognized in CWE ${cwe.version}`, - }) - continue - } - if (entry.name !== cwe.name) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${i}/cwes/${j}/name`, - message: `the name does not match the weakness with the given id in CWE ${cwe.version}`, - }) - continue - } - } - } - } - - return { isValid, errors } -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_13.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_13.js deleted file mode 100644 index 8272968..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_13.js +++ /dev/null @@ -1,184 +0,0 @@ -import pkgURL from 'packageurl-js' -import { Ajv } from 'ajv/dist/jtd.js' - -const { PackageURL } = pkgURL - -const ajv = new Ajv() - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - branches: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - product: { - additionalProperties: true, - optionalProperties: { - product_identification_helper: { - additionalProperties: true, - optionalProperties: { - purls: { elements: { type: 'string' } }, - }, - }, - }, - }, - }, -}) - -const validateBranch = ajv.compile(branchSchema) - -const fullProductNameSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product_identification_helper: { - additionalProperties: true, - optionalProperties: { - purls: { elements: { type: 'string' } }, - }, - }, - }, -}) - -const validateFullProductName = ajv.compile(fullProductNameSchema) - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - branches: { - elements: branchSchema, - }, - full_product_names: { - elements: fullProductNameSchema, - }, - product_paths: { - elements: { - additionalProperties: true, - optionalProperties: { - full_product_name: fullProductNameSchema, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @typedef {import('ajv/dist/core.js').JTDDataType} Branch - * @typedef {import('ajv/dist/core.js').JTDDataType} FullProductName - */ - -/** - * This implements the mandatory test 6.1.13 of the CSAF 2.1 standard. - * - * @param {unknown} doc - */ -export function mandatoryTest_6_1_13(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) { - return ctx - } - - doc.product_tree?.branches?.forEach((branch, index) => { - checkBranch(`/product_tree/branches/${index}`, branch) - }) - - doc.product_tree?.full_product_names?.forEach((name, index) => { - checkFullProductName(`/product_tree/full_product_names/${index}`, name) - }) - - doc.product_tree?.product_paths?.forEach((productPath, index) => { - const fullProductName = productPath.full_product_name - if (!fullProductName) return - checkFullProductName( - `/product_tree/product_paths/${index}/full_product_name`, - fullProductName - ) - }) - - return ctx - - /** - * Validates the given purl and generates an error message if it is not. - * - * @param {string} instancePath The instance path of the purl to check. It is used to - * to generate a potential error message. - * @param {string} str - */ - function checkPURL(instancePath, str) { - try { - PackageURL.fromString(str) - } catch (e) { - const errorObject = /** @type {{message: string}} */ (e) - ctx.isValid = false - const message = errorObject?.message ?? 'unknown purl error' - ctx.errors.push({ - instancePath, - message: `${message.at(0)?.toLocaleLowerCase()}${message.slice(1)}`, - }) - } - } - - /** - * Validates the purls in the given "full product name". - * - * @param {string} prefix The instance path prefix of the "full product name". It is - * used to generate error messages. - * @param {FullProductName} fullProductName The "full product name" object. - */ - function checkFullProductName(prefix, fullProductName) { - fullProductName.product_identification_helper?.purls?.forEach( - (purl, index) => { - checkPURL( - `${prefix}/product_identification_helper/purls/${index}`, - purl - ) - } - ) - } - - /** - * Validates the purls in the given branch object and its branch children. - * - * @param {string} prefix The instance path prefix of the "branch". It is - * used to generate error messages. - * @param {Branch} branch The "branch" object. - */ - function checkBranch(prefix, branch) { - branch.product?.product_identification_helper?.purls?.forEach( - (purl, index) => { - checkPURL( - `${prefix}/product/product_identification_helper/purls/${index}`, - purl - ) - } - ) - branch.branches?.forEach((branch, index) => { - if (!validateBranch(branch)) return - checkBranch(`${prefix}/branches/${index}`, branch) - }) - } -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_2.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_2.js deleted file mode 100644 index 22ee115..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_2.js +++ /dev/null @@ -1,168 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - branches: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - product: { - additionalProperties: true, - optionalProperties: { - product_id: { type: 'string' }, - }, - }, - }, -}) - -const validateBranch = ajv.compile(branchSchema) - -const fullProductNameSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product_id: { type: 'string' }, - }, -}) - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - branches: { - elements: branchSchema, - }, - full_product_names: { - elements: fullProductNameSchema, - }, - product_paths: { - elements: { - additionalProperties: true, - optionalProperties: { - full_product_name: fullProductNameSchema, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @typedef {import('ajv/dist/core.js').JTDDataType} Branch - * @typedef {import('ajv/dist/core.js').JTDDataType} FullProductName - */ - -/** - * This implements the mandatory test 6.1.2 of the CSAF 2.1 standard. - * - * @param {unknown} doc - */ -export function mandatoryTest_6_1_2(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) { - return ctx - } - - /** @type {Map} */ - const seenProductIds = new Map() - - doc.product_tree?.branches?.forEach((branch, index) => { - checkBranch(`/product_tree/branches/${index}`, branch) - }) - - doc.product_tree?.full_product_names?.forEach((fullProductName, index) => { - checkFullProductName( - `/product_tree/full_product_names/${index}`, - fullProductName - ) - }) - - doc.product_tree?.product_paths?.forEach((productPath, index) => { - const fullProductName = productPath.full_product_name - if (!fullProductName) return - checkFullProductName( - `/product_tree/product_paths/${index}/full_product_name`, - fullProductName - ) - }) - - return ctx - - /** - * Checks whether the given product_id was already defined and registers an error if so. - * - * @param {string} instancePath The instance path of the product_id to check. - * @param {string} productId The product_id value to check. - */ - function checkProductId(instancePath, productId) { - if (seenProductIds.has(productId)) { - ctx.isValid = false - const firstInstancePath = seenProductIds.get(productId) - if (firstInstancePath !== null) { - ctx.errors.push({ - instancePath: /** @type {string} */ (firstInstancePath), - message: 'duplicate definition product id', - }) - seenProductIds.set(productId, null) - } - ctx.errors.push({ - instancePath, - message: 'duplicate definition product id', - }) - } else { - seenProductIds.set(productId, instancePath) - } - } - - /** - * Checks the product_id in the given "full product name". - * - * @param {string} prefix The instance path prefix of the "full product name". - * @param {FullProductName} fullProductName The "full product name" object. - */ - function checkFullProductName(prefix, fullProductName) { - if (fullProductName.product_id) { - checkProductId(`${prefix}/product_id`, fullProductName.product_id) - } - } - - /** - * Checks the product_id in the given branch object and its branch children. - * - * @param {string} prefix The instance path prefix of the "branch". - * @param {Branch} branch The "branch" object. - */ - function checkBranch(prefix, branch) { - if (branch.product?.product_id) { - checkProductId(`${prefix}/product/product_id`, branch.product.product_id) - } - branch.branches?.forEach((child, index) => { - if (!validateBranch(child)) return - checkBranch(`${prefix}/branches/${index}`, child) - }) - } -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_12.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_12.js deleted file mode 100644 index 321dfc2..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_12.js +++ /dev/null @@ -1,74 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - category: { - type: 'string', - }, - }, - }, - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - product_status: { - additionalProperties: true, - optionalProperties: { - known_affected: { - elements: { - type: 'string', - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test 6.1.27.12 of the CSAF 2.1 standard. - * - * @param {unknown} doc - */ -export function mandatoryTest_6_1_27_12(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc) || doc.document.category !== 'csaf_security_advisory') - return ctx - - for (const [index, vulnerability] of doc.vulnerabilities.entries()) { - if (!vulnerability.product_status?.known_affected) { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/vulnerabilities/${index}/product_status`, - message: `needs a know_affected element`, - }) - } - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_14.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_14.js deleted file mode 100644 index 961ffc1..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_14.js +++ /dev/null @@ -1,70 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - category: { - type: 'string', - }, - }, - optionalProperties: { - notes: { - elements: { - additionalProperties: true, - optionalProperties: { - category: { - type: 'string', - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test 6.1.27.14 of the CSAF 2.1 standard. - * - * @param {unknown} doc - */ -export function mandatoryTest_6_1_27_14(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if ( - !validate(doc) || - !['csaf_withdrawn', 'csaf_superseded'].includes(doc.document.category) - ) - return ctx - - if (!doc.document.notes?.find((n) => n.category === 'description')) { - ctx.isValid = false - ctx.errors.push({ - instancePath: '/document/notes', - message: 'needs at least one note with the category "description"', - }) - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_15.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_15.js deleted file mode 100644 index f2f1eb3..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_15.js +++ /dev/null @@ -1,64 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - category: { - type: 'string', - }, - }, - }, - }, - optionalProperties: { - product_tree: { - additionalProperties: true, - properties: {}, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test 6.1.27.15 of the CSAF 2.1 standard. - * - * @param {unknown} doc - */ -export function mandatoryTest_6_1_27_15(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if ( - !validate(doc) || - !['csaf_withdrawn', 'csaf_superseded'].includes(doc.document.category) - ) - return ctx - - if (doc.product_tree) { - ctx.isValid = false - ctx.errors.push({ - instancePath: '/product_tree', - message: 'must not exist in the specified document category', - }) - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_16.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_16.js deleted file mode 100644 index f737e65..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_16.js +++ /dev/null @@ -1,69 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - category: { - type: 'string', - }, - tracking: { - additionalProperties: true, - properties: { - revision_history: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test 6.1.27.16 of the CSAF 2.1 standard. - * - * @param {unknown} doc - */ -export function mandatoryTest_6_1_27_16(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if ( - !validate(doc) || - !['csaf_withdrawn', 'csaf_superseded'].includes(doc.document.category) - ) - return ctx - - if (doc.document.tracking.revision_history.length < 2) { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/document/tracking/revision_history`, - message: 'needs at least two entries for the specified document category', - }) - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_17.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_17.js deleted file mode 100644 index 0038284..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_17.js +++ /dev/null @@ -1,101 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import bcp47 from 'bcp47' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - category: { - type: 'string', - }, - }, - optionalProperties: { - lang: { type: 'string' }, - notes: { - elements: { - additionalProperties: true, - optionalProperties: { - category: { - type: 'string', - }, - title: { - type: 'string', - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test 6.1.27.17 of the CSAF 2.1 standard. - * - * @param {unknown} doc - */ -export function mandatoryTest_6_1_27_17(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if ( - !validate(doc) || - doc.document.category !== 'csaf_withdrawn' || - // - // The spec says that this test is activated only for documents with the language - // english. Or if the language is unspecified. - (doc.document.lang && - bcp47.parse(doc.document.lang)?.langtag.language.language !== 'en') - ) - return ctx - - const reasonTitle = 'Reasoning for Withdrawal' - - const withdrawalNotes = - // Here we filter and map the document notes in one step using `flatMap` - // to avoid double looping through the note array. The category is - // not yet included in the filtering since it is checked below for each note - // individually to improve the error messages. - doc.document.notes?.flatMap((n, i) => - n.title === reasonTitle ? { note: n, index: i } : [] - ) ?? [] - - if (withdrawalNotes.length !== 1) { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/document/notes`, - message: `needs exactly one entry with the title "${reasonTitle}"`, - }) - } - - for (const { note, index } of withdrawalNotes) { - if (note.category !== 'description') { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/document/notes/${index}`, - message: `the category of the "${reasonTitle}" note must be "description"`, - }) - } - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_18.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_18.js deleted file mode 100644 index 91ff78c..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_18.js +++ /dev/null @@ -1,101 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import bcp47 from 'bcp47' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - category: { - type: 'string', - }, - }, - optionalProperties: { - lang: { type: 'string' }, - notes: { - elements: { - additionalProperties: true, - optionalProperties: { - category: { - type: 'string', - }, - title: { - type: 'string', - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test 6.1.27.18 of the CSAF 2.1 standard. - * - * @param {unknown} doc - */ -export function mandatoryTest_6_1_27_18(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if ( - !validate(doc) || - doc.document.category !== 'csaf_superseded' || - // - // The spec says that this test is activated only for documents with the language - // english. Or if the language is unspecified. - (doc.document.lang && - bcp47.parse(doc.document.lang)?.langtag.language.language !== 'en') - ) - return ctx - - const reasonTitle = 'Reasoning for Supersession' - - const supersessionNotes = - // Here we filter and map the document notes in one step using `flatMap` - // to avoid double looping through the note array. The category is - // not yet included in the filtering since it is checked below for each note - // individually to improve the error messages. - doc.document.notes?.flatMap((n, i) => - n.title === reasonTitle ? { note: n, index: i } : [] - ) ?? [] - - if (supersessionNotes.length !== 1) { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/document/notes`, - message: `needs exactly one entry with the title "${reasonTitle}"`, - }) - } - - for (const { note, index } of supersessionNotes) { - if (note.category !== 'description') { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/document/notes/${index}`, - message: `the category of the "${reasonTitle}" note must be "description"`, - }) - } - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_19.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_19.js deleted file mode 100644 index 4736e12..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_19.js +++ /dev/null @@ -1,101 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import bcp47 from 'bcp47' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - category: { - type: 'string', - }, - }, - optionalProperties: { - lang: { type: 'string' }, - references: { - elements: { - additionalProperties: true, - optionalProperties: { - category: { - type: 'string', - }, - summary: { - type: 'string', - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test 6.1.27.19 of the CSAF 2.1 standard. - * - * @param {unknown} doc - */ -export function mandatoryTest_6_1_27_19(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if ( - !validate(doc) || - doc.document.category !== 'csaf_superseded' || - // - // The spec says that this test is activated only for documents with the language - // english. Or if the language is unspecified. - (doc.document.lang && - bcp47.parse(doc.document.lang)?.langtag.language.language !== 'en') - ) - return ctx - - const summaryTitle = 'Superseding Document' - - const supersessionReferences = - // Here we filter and map the document references in one step using `flatMap` - // to avoid double looping through the note array. The category is - // not yet included in the filtering since it is checked below for each note - // individually to improve the error messages. - doc.document.references?.flatMap((r, i) => - r.summary?.startsWith(summaryTitle) ? { reference: r, index: i } : [] - ) ?? [] - - if (!supersessionReferences.length) { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/document/references`, - message: `needs at least one entry that has a summary starting with "${summaryTitle}"`, - }) - } - - for (const { reference, index } of supersessionReferences) { - if (reference.category !== 'external') { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/document/references/${index}`, - message: `the category of a "${summaryTitle}" reference must be "external"`, - }) - } - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_5.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_5.js deleted file mode 100644 index cce917a..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_5.js +++ /dev/null @@ -1,73 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - category: { - type: 'string', - }, - }, - }, - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - notes: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) -/** - * @param {any} doc - */ -export function mandatoryTest_6_1_27_5(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - if (!validate(doc)) return { errors, isValid } - - const checkedDocumentCategories = new Set([ - 'csaf_security_advisory', - 'csaf_vex', - 'csaf_deprecated_security_advisory', - ]) - - if (!checkedDocumentCategories.has(doc.document?.category)) { - return { errors, isValid } - } - - const vulnerabilities = doc.vulnerabilities - if (Array.isArray(vulnerabilities)) { - vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - if (!vulnerability.notes || vulnerability.notes.length === 0) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}`, - message: 'needs a `notes` attribute', - }) - } - }) - } - - return { errors, isValid } -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_34.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_34.js deleted file mode 100644 index 0887658..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_34.js +++ /dev/null @@ -1,85 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -/* - The maximum allowed nesting level of branches. - */ -const MAX_DEPTH = 30 - -const ajv = new Ajv() - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - branches: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, -}) - -const validateBranch = ajv.compile(branchSchema) - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - product_tree: branchSchema, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test 6.1.34 of the CSAF 2.1 standard. - * - * @param {any} doc - */ -export function mandatoryTest_6_1_34(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) { - return ctx - } - - /** - * This recursive function checks if the given branch is too deep. A maximum of 30 - * levels is allowed. - * - * @param {import('./mandatoryTest_6_1_34/types.js').TypeOf} branch - * @param {string} prefix The json path to the given branch. - * Is used to generate the error messages. - */ - const checkBranch = (branch, prefix, count = 0) => { - if (!branch.branches?.length && count > MAX_DEPTH) { - ctx.isValid = false - ctx.errors.push({ - instancePath: prefix, - message: `branch structure nesting exceeds ${MAX_DEPTH} branches (it is ${count} levels deep)`, - }) - return - } - branch.branches?.forEach((branch, index) => { - if (!validateBranch(branch)) return - checkBranch(branch, `${prefix}/branches/${index}`, count + 1) - }) - } - - checkBranch(doc.product_tree, '/product_tree') - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_34/types.ts b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_34/types.ts deleted file mode 100644 index 291b2d1..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_34/types.ts +++ /dev/null @@ -1,3 +0,0 @@ -import { ValidateFunction } from 'ajv' - -export type TypeOf = T extends ValidateFunction ? R : never diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_35.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_35.js deleted file mode 100644 index 4636d7b..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_35.js +++ /dev/null @@ -1,209 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -/** - * @typedef {'workaround' - * | 'mitigation' - * | 'vendor_fix' - * | 'optional_patch' - * | 'none_available' - * | 'fix_planned' - * | 'no_fix_planned'} Category - */ - -/** - * This map holds prohibited category combinations. - * See https://github.com/oasis-tcs/csaf/blob/master/csaf_2.1/prose/share/csaf-v2.1-draft.md#324131-vulnerabilities-property---remediations---category- - * - * @type {Map>} - */ -const prohibitionRuleMap = new Map( - /** @satisfies {Array<[Category, Category[]]>} */ ([ - ['workaround', ['optional_patch', 'none_available']], - ['mitigation', ['optional_patch', 'none_available']], - [ - 'vendor_fix', - ['optional_patch', 'none_available', 'fix_planned', 'no_fix_planned'], - ], - [ - 'optional_patch', - [ - 'workaround', - 'mitigation', - 'vendor_fix', - 'none_available', - 'fix_planned', - 'no_fix_planned', - ], - ], - [ - 'none_available', - [ - 'workaround', - 'mitigation', - 'vendor_fix', - 'optional_patch', - 'fix_planned', - 'no_fix_planned', - ], - ], - [ - 'fix_planned', - ['vendor_fix', 'optional_patch', 'none_available', 'no_fix_planned'], - ], - [ - 'no_fix_planned', - ['vendor_fix', 'optional_patch', 'none_available', 'fix_planned'], - ], - ]).map((e) => [e[0], new Set(e[1])]) -) - -const remediationSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - group_ids: { - elements: { - type: 'string', - }, - }, - product_ids: { - elements: { - type: 'string', - }, - }, - category: { type: 'string' }, - }, -}) - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - product_groups: { - elements: { - additionalProperties: true, - optionalProperties: { - group_id: { type: 'string' }, - product_ids: { - elements: { - type: 'string', - }, - }, - }, - }, - }, - }, - }, - }, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - remediations: { - elements: remediationSchema, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test of the CSAF 2.1 standard. - * - * @param {any} doc - */ -export function mandatoryTest_6_1_35(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - /** @type {Array<{ instancePath: string; message: string }>} */ - errors: [], - isValid: true, - } - - if (!validate(doc)) { - return ctx - } - - for (const [vulnerabilityIndex, vulnerability] of Object.entries( - doc.vulnerabilities - )) { - /** - * This map holds all discovered product ids and maps them to the set of corresponding - * remediation categories. Later we can check this map to find out if there are any - * contradicting remediations. - * - * @type {Map>} - */ - const productToCategoriesMap = new Map() - - vulnerability.remediations?.forEach((remediation, remediationIndex) => { - const category = remediation.category - if (!category) return - - /** - * This function adds the current category to the given product id in the - * `productMap`. If the product does not yet exist in the map, it is added. - * - * @param {string} id - */ - const collectCategory = (id) => { - productToCategoriesMap.set( - id, - new Set(productToCategoriesMap.get(id)).add(category) - ) - } - - remediation.product_ids?.forEach(collectCategory) - - remediation.group_ids?.forEach((id) => { - const group = doc.product_tree?.product_groups?.find( - (g) => g.group_id === id - ) - if (!group) return - group.product_ids?.forEach(collectCategory) - }) - - for (const [productId, categories] of productToCategoriesMap) { - /** - * This set will hold all already checked categories to avoid double checks - * and doubled error messages. - */ - const checkedCategories = new Set() - - for (const categoryA of categories) { - checkedCategories.add(categoryA) - - for (const categoryB of categories) { - if (checkedCategories.has(categoryB)) continue - - if (prohibitionRuleMap.get(categoryA)?.has(categoryB)) { - ctx.errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/remediations/${remediationIndex}`, - message: `contradicting remediation categories for product id "${productId}": ${categoryA}, ${categoryB}`, - }) - ctx.isValid = false - } - } - } - } - }) - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_36.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_36.js deleted file mode 100644 index 3ca5a4d..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_36.js +++ /dev/null @@ -1,221 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -/** - * @typedef {'workaround' - * | 'mitigation' - * | 'vendor_fix' - * | 'optional_patch' - * | 'none_available' - * | 'fix_planned' - * | 'no_fix_planned'} Category - */ - -/** - * @typedef {'first_affected' - * | 'known_affected' - * | 'last_affected' - * | 'known_not_affected' - * | 'first_fixed' - * | 'fixed' - * | 'under_investigation'} ProductStatus - */ - -/* - The spec groups the product statuses in groups. This grouping is - expressed in this object. - */ -const productStatus = /** - * @type {const} - * @satisfies {Record} - */ ({ - affected: ['first_affected', 'known_affected', 'last_affected'], - notAffected: ['known_not_affected'], - fixed: ['first_fixed', 'fixed'], - underInvestigation: ['under_investigation'], -}) - -/** - * This map holds prohibited category / product status combinations. - * See https://github.com/oasis-tcs/csaf/blob/master/csaf_2.1/prose/share/csaf-v2.1-draft.md#324131-vulnerabilities-property---remediations---category- - * - * @type {Map>} - */ -const prohibitionRuleMap = new Map( - /** @satisfies {Array<[Category, ProductStatus[]]>} */ ([ - ['workaround', [...productStatus.notAffected, ...productStatus.fixed]], - ['mitigation', [...productStatus.notAffected, ...productStatus.fixed]], - ['vendor_fix', [...productStatus.notAffected, ...productStatus.fixed]], - ['optional_patch', [...productStatus.affected]], - ['none_available', [...productStatus.notAffected, ...productStatus.fixed]], - ['fix_planned', [...productStatus.fixed]], - ['no_fix_planned', [...productStatus.fixed]], - ]).map((e) => [e[0], new Set(e[1])]) -) - -const remediationSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - group_ids: { - elements: { - type: 'string', - }, - }, - product_ids: { - elements: { - type: 'string', - }, - }, - category: { type: 'string' }, - }, -}) - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - product_groups: { - elements: { - additionalProperties: true, - optionalProperties: { - group_id: { type: 'string' }, - product_ids: { - elements: { - type: 'string', - }, - }, - }, - }, - }, - }, - }, - }, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - remediations: { - elements: remediationSchema, - }, - product_status: { - additionalProperties: true, - optionalProperties: { - first_affected: { elements: { type: 'string' } }, - known_affected: { elements: { type: 'string' } }, - last_affected: { elements: { type: 'string' } }, - known_not_affected: { elements: { type: 'string' } }, - first_fixed: { elements: { type: 'string' } }, - fixed: { elements: { type: 'string' } }, - under_investigation: { elements: { type: 'string' } }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test 6.1.36 of the CSAF 2.1 standard. - * - * @param {any} doc - */ -export function mandatoryTest_6_1_36(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - /** @type {Array<{ instancePath: string; message: string }>} */ - errors: [], - isValid: true, - } - - if (!validate(doc)) { - return ctx - } - - for (const [ - vulnerabilityIndex, - vulnerability, - ] of doc.vulnerabilities.entries()) { - vulnerability.remediations?.forEach((remediation, remediationIndex) => { - const category = remediation.category - if (!category) return - - /** - * This map holds the discovered product ids for the remediation and maps them to - * the set of corresponding product status names. Later we can check this map to - * find out if there are any contradicting remediations. - * - * @type {Map>} - */ - const productToProductStatusNamesMap = new Map() - - /** - * This function adds all product status names for the given product id to the - * `productMap`. If the product does not yet exist in the map, it is added. - * - * @param {string} id - */ - const collectProductStatusNames = (id) => { - const productStatusNames = - /* - To speed things up we first check if the product status names where already - collected and do not search again. The product names are always for a - product in the same vulnerability. - */ - productToProductStatusNamesMap.get(id) ?? - new Set( - /** @type {string[]} */ ( - Object.entries(vulnerability.product_status ?? {}) - .filter((e) => - Array.isArray(e[1]) ? e[1].includes(id) : false - ) - .map((e) => e[0]) - ) - ) - productToProductStatusNamesMap.set(id, productStatusNames) - } - - remediation.product_ids?.forEach(collectProductStatusNames) - - remediation.group_ids?.forEach((id) => { - const group = doc.product_tree?.product_groups?.find( - (g) => g.group_id === id - ) - if (!group) return - group.product_ids?.forEach(collectProductStatusNames) - }) - - for (const [ - productId, - productStatusNames, - ] of productToProductStatusNamesMap) { - for (const productStatus of productStatusNames) { - if (prohibitionRuleMap.get(category)?.has(productStatus)) { - ctx.errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/remediations/${remediationIndex}`, - message: `contradicting combination of product status ${productStatus} and remediation category ${category} for product id "${productId}"`, - }) - ctx.isValid = false - } - } - } - }) - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_37.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_37.js deleted file mode 100644 index 7e3ea52..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_37.js +++ /dev/null @@ -1,218 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import csafAjv from '../csafAjv.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - document: { - additionalProperties: true, - optionalProperties: { - tracking: { - additionalProperties: true, - optionalProperties: { - generator: { - additionalProperties: true, - optionalProperties: { - date: { type: 'string' }, - }, - }, - initial_release_date: { type: 'string' }, - current_release_date: { type: 'string' }, - revision_history: { - elements: { - additionalProperties: true, - optionalProperties: { - date: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - disclosure_date: { type: 'string' }, - discovery_date: { type: 'string' }, - flags: { - elements: { - additionalProperties: true, - optionalProperties: { - date: { type: 'string' }, - }, - }, - }, - involvements: { - elements: { - additionalProperties: true, - optionalProperties: { - date: { type: 'string' }, - }, - }, - }, - remediations: { - elements: { - additionalProperties: true, - optionalProperties: { - date: { type: 'string' }, - }, - }, - }, - threats: { - elements: { - additionalProperties: true, - optionalProperties: { - date: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This regex validates a date against RFC 3339 section 5.6. - * See: https://datatracker.ietf.org/doc/html/rfc3339#section-5.6 - */ -export const dateRegex = - /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?(Z|[+-]\d{2}:\d{2})$/ - -/** - * A json schema date validation function. - * - * @type {import('ajv').ValidateFunction} - */ -const dateFn = csafAjv.compile({ type: 'string', format: 'date-time' }) - -/** - * Validates the given date against RFC 3339 section 5.6. - * - * @param {string} date The date to validate - */ -export const isValidDate = (date) => { - /* - Here we first match against the date regex to catch format errors that - ajv-formats does not catch (yet). Particularly if the 'T' separator is missing - between the date and the time ajv does not recognize that. - */ - if (!dateRegex.exec(date)) { - return { - isValid: /** @type {const} */ (false), - error: /** @type {const} */ ('INVALID_FORMAT'), - } - } - - /* - After the format check ajv is utilized to check the date semantically - (including leap seconds). - */ - if (!dateFn(date)) { - return { - isValid: /** @type {const} */ (false), - error: /** @type {const} */ ('INVALID_DATE'), - } - } - - return { isValid: /** @type {const} */ (true), error: null } -} - -/** - * This implements the mandatory test 6.1.37 of the CSAF 2.1 standard. - * - * @param {any} doc - */ -export function mandatoryTest_6_1_37(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) return ctx - - /** - * This function validates the given date and generates and error on - * `ctx` if it is not valid. - * - * @param {string | undefined} date The date to validate - * @param {string} path The json path to the date - */ - const validateDate = (date, path) => { - if (date === undefined) return - - const result = isValidDate(date) - if (!result.isValid) { - ctx.errors.push({ - instancePath: path, - message: - result.error === 'INVALID_FORMAT' - ? `invalid date format` - : `invalid date`, - }) - ctx.isValid = false - } - } - - validateDate( - doc.document?.tracking?.generator?.date, - '/document/tracking/generator/date' - ) - validateDate( - doc.document?.tracking?.initial_release_date, - '/document/tracking/initial_release_date' - ) - validateDate( - doc.document?.tracking?.current_release_date, - '/document/tracking/current_release_date' - ) - - doc.document?.tracking?.revision_history?.forEach((history, index) => { - validateDate( - history.date, - `/document/tracking/revision_history/${index}/date` - ) - }) - - doc.vulnerabilities?.forEach((vulnerabiltiy, vulnerabilityIndex) => { - const prefix = `/vulnerabilities/${vulnerabilityIndex}` - - validateDate(vulnerabiltiy.disclosure_date, `${prefix}/disclosure_date`) - validateDate(vulnerabiltiy.discovery_date, `${prefix}/discovery_date`) - - vulnerabiltiy.flags?.forEach((flag, index) => { - validateDate(flag.date, `${prefix}/flags/${index}/date`) - }) - - vulnerabiltiy.involvements?.forEach((involvement, index) => { - validateDate(involvement.date, `${prefix}/involvements/${index}/date`) - }) - - vulnerabiltiy.remediations?.forEach((remediation, index) => { - validateDate(remediation.date, `${prefix}/remediations/${index}/date`) - }) - - vulnerabiltiy.threats?.forEach((threat, index) => { - validateDate(threat.date, `${prefix}/threats/${index}/date`) - }) - }) - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_39.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_39.js deleted file mode 100644 index 357aa75..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_39.js +++ /dev/null @@ -1,91 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { MAX_UUID, NIL_UUID } from '../sharingGroup.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - distribution: { - additionalProperties: true, - optionalProperties: { - sharing_group: { - additionalProperties: true, - properties: { - id: { - type: 'string', - }, - }, - }, - tlp: { - additionalProperties: true, - optionalProperties: { - label: { type: 'string' }, - }, - }, - }, - }, - }, - optionalProperties: { - tracking: { - additionalProperties: true, - optionalProperties: { - status: { type: 'string' }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test 6.1.39 of the CSAF 2.1 standard. - * - * @param {any} doc - */ -export function mandatoryTest_6_1_39(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) return ctx - - const sharingGroupId = doc.document.distribution.sharing_group?.id - - if ( - /* - It MUST be tested that a CSAF document with the TLP label CLEAR use the Max UUID as sharing - group ID if any. The test SHALL pass if no sharing group is present or the Nil UUID is used - and the document status is draft. - */ - doc.document.distribution.tlp?.label === 'CLEAR' && - typeof sharingGroupId === 'string' && - sharingGroupId !== MAX_UUID && - !(sharingGroupId === NIL_UUID && doc.document.tracking?.status === 'draft') - ) { - ctx.isValid = false - ctx.errors.push({ - instancePath: '/document/distribution/sharing_group/id', - message: `the sharing group is present for the TLP:CLEAR document but it differs from the Max UUID`, - }) - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_40.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_40.js deleted file mode 100644 index add0e26..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_40.js +++ /dev/null @@ -1,82 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { - MAX_UUID, - NIL_UUID, - NO_SHARING_ALLOWED, - PUBLIC, -} from '../sharingGroup.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - distribution: { - additionalProperties: true, - optionalProperties: { - sharing_group: { - additionalProperties: true, - properties: { - id: { - type: 'string', - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test 6.1.40 of the CSAF 2.1 standard. - * - * @param {any} doc - */ -export function mandatoryTest_6_1_40(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) return ctx - - const sharingGroupId = doc.document.distribution.sharing_group?.id - const sharingGroupName = doc.document.distribution.sharing_group?.name - - if (sharingGroupName === PUBLIC && sharingGroupId !== MAX_UUID) { - ctx.isValid = false - ctx.errors.push({ - instancePath: '/document/distribution/sharing_group/name', - message: `the sharing group id is not the Max UUID but the sharing group name is "${PUBLIC}"`, - }) - } else if ( - sharingGroupName === NO_SHARING_ALLOWED && - sharingGroupId !== NIL_UUID - ) { - ctx.isValid = false - ctx.errors.push({ - instancePath: '/document/distribution/sharing_group/name', - message: `the sharing group id is not the Nil UUID but the sharing group name is "${NO_SHARING_ALLOWED}"`, - }) - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_41.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_41.js deleted file mode 100644 index 1b526cb..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_41.js +++ /dev/null @@ -1,98 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { - MAX_UUID, - NIL_UUID, - NO_SHARING_ALLOWED, - PUBLIC, -} from '../sharingGroup.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - distribution: { - additionalProperties: true, - optionalProperties: { - sharing_group: { - additionalProperties: true, - properties: { - id: { - type: 'string', - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test 6.1.41 of the CSAF 2.1 standard. - * - * @param {unknown} doc - */ -export function mandatoryTest_6_1_41(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) return ctx - - const sharingGroupId = doc.document.distribution.sharing_group?.id - const sharingGroupName = doc.document.distribution.sharing_group?.name - - if (sharingGroupId === MAX_UUID && sharingGroupName !== PUBLIC) { - ctx.isValid = false - - if (typeof sharingGroupName === 'string') { - ctx.errors.push({ - instancePath: '/document/distribution/sharing_group/id', - message: `the Max UUID is used but the sharing group name does not equal "${PUBLIC}"`, - }) - } else { - ctx.errors.push({ - instancePath: '/document/distribution/sharing_group/id', - message: `the Max UUID is used but the sharing group name does not exist`, - }) - } - } else if ( - sharingGroupId === NIL_UUID && - sharingGroupName !== NO_SHARING_ALLOWED - ) { - ctx.isValid = false - - if (typeof sharingGroupName === 'string') { - ctx.errors.push({ - instancePath: '/document/distribution/sharing_group/id', - message: `the Nil UUID is used but the sharing group name does not equal "${NO_SHARING_ALLOWED}"`, - }) - } else { - ctx.errors.push({ - instancePath: '/document/distribution/sharing_group/id', - message: `the Nil UUID is used but the sharing group name does not exist`, - }) - } - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_42.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_42.js deleted file mode 100644 index c79ab88..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_42.js +++ /dev/null @@ -1,228 +0,0 @@ -import { PackageURL } from 'packageurl-js' -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const fullProductNameSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product_identification_helper: { - additionalProperties: true, - optionalProperties: { - purls: { elements: { type: 'string' } }, - }, - }, - }, -}) - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - branches: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - product: fullProductNameSchema, - }, -}) - -const validateBranch = ajv.compile(branchSchema) - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match, it normally means that the input - document does not validate against the csaf JSON schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - branches: { - elements: branchSchema, - }, - full_product_names: { - elements: fullProductNameSchema, - }, - product_paths: { - elements: { - additionalProperties: true, - optionalProperties: { - full_product_name: fullProductNameSchema, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @typedef {import('ajv/dist/core.js').JTDDataType} Branch - * @typedef {import('ajv/dist/core.js').JTDDataType} FullProductName - */ - -/** - * - * @param {PackageURL | null} firstPurl - * @param {PackageURL | null} otherPurl - * @return {Array} the parts of the PURLS that differ - */ -function purlPartsThatDifferExceptQualifiers(firstPurl, otherPurl) { - /** @type {Array}*/ - const partsThatDiffer = [] - - if (firstPurl && otherPurl) { - if (firstPurl.type !== otherPurl.type) { - partsThatDiffer.push('type') - } - if (firstPurl.namespace !== otherPurl.namespace) { - partsThatDiffer.push('namespace') - } - if (firstPurl.name !== otherPurl.name) { - partsThatDiffer.push('name') - } - if (firstPurl.version !== otherPurl.version) { - partsThatDiffer.push('version') - } - } - return partsThatDiffer -} - -/** - * Validates all given PURLs and check whether the PURLs - * differ only in qualifiers to the first URL - * - * @param {Array | undefined} purls PURLs to check - * @return {Array<{index:number, purlParts: Array }>} indexes and parts of the PURLs that differ - */ -export function checkPurls(purls) { - /** @type {Array<{index:number, purlParts: Array }>} */ - const invalidPurls = [] - if (purls) { - /** @type {Array} */ - const packageUrls = purls.map((purl) => { - try { - return PackageURL.fromString(purl) - } catch (e) { - // ignore, tested in CSAF 2.1 test 6.1.13 - return null - } - }) - - /** - * @type {Array} - */ - if (packageUrls.length > 1) { - const firstPurl = packageUrls[0] - for (let i = 1; i < packageUrls.length; i++) { - /** @type {Array}*/ - const purlParts = purlPartsThatDifferExceptQualifiers( - firstPurl, - packageUrls[i] - ) - if (purlParts.length > 0) { - invalidPurls.push({ index: i, purlParts: purlParts }) - } - } - } - } - return invalidPurls -} - -/** - * For each product_identification_helper object containing multiple purls, - * it MUST be tested that the purls only differ in their qualifiers. - * - * @param {unknown} doc - */ -export function mandatoryTest_6_1_42(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) { - return ctx - } - - doc.product_tree?.branches?.forEach((branch, index) => { - checkBranch(`/product_tree/branches/${index}`, branch) - }) - - doc.product_tree?.full_product_names?.forEach((fullProduceName, index) => { - checkFullProductName( - `/product_tree/full_product_names/${index}`, - fullProduceName - ) - }) - - doc.product_tree?.product_paths?.forEach((productPath, index) => { - const fullProductName = productPath.full_product_name - if (fullProductName) { - checkFullProductName( - `/product_tree/product_paths/${index}/full_product_name`, - fullProductName - ) - } - }) - - return ctx - - /** - * Check whether the PURLs only differ in their qualifiers for a full product name. - * - * @param {string} prefix The instance path prefix of the "full product name". It is - * used to generate error messages. - * @param {FullProductName} fullProductName The "full product name" object. - */ - function checkFullProductName(prefix, fullProductName) { - const invalidPurls = checkPurls( - fullProductName.product_identification_helper?.purls - ) - invalidPurls.forEach((invalidPurl) => { - ctx.isValid = false - ctx.errors.push({ - instancePath: `${prefix}/product_identification_helper/purls/${invalidPurl.index}`, - message: `the PURL differs from the first PURL in the following part(s): ${invalidPurl.purlParts.join()}`, - }) - }) - } - - /** - * Check whether the PURLs only differ in their qualifiers for the given branch object - * and its branch children. - * - * @param {string} prefix The instance path prefix of the "branch". It is - * used to generate error messages. - * @param {Branch} branch The "branch" object. - */ - function checkBranch(prefix, branch) { - const invalidPurls = checkPurls( - branch.product?.product_identification_helper?.purls - ) - invalidPurls.forEach((invalidPurl) => { - ctx.isValid = false - ctx.errors.push({ - instancePath: `${prefix}/product/product_identification_helper/purls/${invalidPurl.index}`, - message: `the PURL differs from the first PURL in the following parts: ${invalidPurl.purlParts.join()}`, - }) - }) - branch.branches?.forEach((branch, index) => { - if (validateBranch(branch)) { - checkBranch(`${prefix}/branches/${index}`, branch) - } - }) - } -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_43.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_43.js deleted file mode 100644 index f197292..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_43.js +++ /dev/null @@ -1,199 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - branches: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - product: { - additionalProperties: true, - optionalProperties: { - product_identification_helper: { - additionalProperties: true, - optionalProperties: { - model_numbers: { elements: { type: 'string' } }, - }, - }, - }, - }, - }, -}) - -const validateBranch = ajv.compile(branchSchema) - -const fullProductNameSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product_identification_helper: { - additionalProperties: true, - optionalProperties: { - model_numbers: { elements: { type: 'string' } }, - }, - }, - }, -}) - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match, it normally means that the input - document does not validate against the csaf JSON schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - branches: { - elements: branchSchema, - }, - full_product_names: { - elements: fullProductNameSchema, - }, - product_paths: { - elements: { - additionalProperties: true, - optionalProperties: { - full_product_name: fullProductNameSchema, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @typedef {import('ajv/dist/core.js').JTDDataType} Branch - * @typedef {import('ajv/dist/core.js').JTDDataType} FullProductName - */ - -/** - * - * @param {string} stringToCheck - * @return {boolean} - */ -export function containMultipleUnescapedStars(stringToCheck) { - const regex = /\*/g - return (stringToCheck.replace(/\\\*/g, '').match(regex)?.length ?? 0) > 1 -} - -/** - * Validates all given model numbers and - * check whether they contain multiple unescaped stars - * - * @param {Array | undefined} modelNumbers model_numbers to check - * @return {Array} indexes of the model_numbers that invalid - */ -export function checkModelNumbers(modelNumbers) { - /** @type {Array}*/ - const invalidNumbers = [] - if (modelNumbers) { - for (let i = 0; i < modelNumbers.length; i++) { - const modelNumber = modelNumbers[i] - if (containMultipleUnescapedStars(modelNumber)) { - invalidNumbers.push(i) - } - } - } - return invalidNumbers -} - -/** - * For each model number, it MUST be tested - * that it does not contain multiple unescaped stars. - * @param {unknown} doc - */ -export function mandatoryTest_6_1_43(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test run and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) { - return ctx - } - - doc.product_tree?.branches?.forEach((branch, index) => { - checkBranch(`/product_tree/branches/${index}`, branch) - }) - - doc.product_tree?.full_product_names?.forEach((fullProduceName, index) => { - checkFullProductName( - `/product_tree/full_product_names/${index}`, - fullProduceName - ) - }) - - doc.product_tree?.product_paths?.forEach((productPath, index) => { - const fullProductName = productPath.full_product_name - if (fullProductName) { - checkFullProductName( - `/product_tree/product_paths/${index}/full_product_name`, - fullProductName - ) - } - }) - - return ctx - - /** - * Check whether the model numbers contain multiple unescaped stars for a full product name object - * - * @param {string} prefix The instance path prefix of the "full product name". It is - * used to generate error messages. - * @param {FullProductName} fullProductName The "full product name" object. - */ - function checkFullProductName(prefix, fullProductName) { - const invalidNumberIndexes = checkModelNumbers( - fullProductName.product_identification_helper?.model_numbers - ) - invalidNumberIndexes.forEach((invalidNumberIndex) => { - ctx.isValid = false - ctx.errors.push({ - instancePath: `${prefix}/product_identification_helper/model_numbers/${invalidNumberIndex}`, - message: `model number contains multiple unescaped stars`, - }) - }) - } - - /** - * Check whether the model numbers contain multiple unescaped stars for the given branch object - * and its branch children. - * - * @param {string} prefix The instance path prefix of the "branch". It is - * used to generate error messages. - * @param {Branch} branch The "branch" object. - */ - function checkBranch(prefix, branch) { - const invalidNumberIndexes = checkModelNumbers( - branch.product?.product_identification_helper?.model_numbers - ) - invalidNumberIndexes.forEach((invalidNumberIndex) => { - ctx.isValid = false - ctx.errors.push({ - instancePath: `${prefix}/product/product_identification_helper/model_numbers/${invalidNumberIndex}`, - message: `model number contains multiple unescaped stars`, - }) - }) - branch.branches?.forEach((branch, index) => { - if (validateBranch(branch)) { - checkBranch(`${prefix}/branches/${index}`, branch) - } - }) - } -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_44.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_44.js deleted file mode 100644 index d7a130c..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_44.js +++ /dev/null @@ -1,196 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const fullProductNameSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product_identification_helper: { - additionalProperties: true, - optionalProperties: { - serial_numbers: { elements: { type: 'string' } }, - }, - }, - }, -}) - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - branches: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - product: fullProductNameSchema, - }, -}) - -const validateBranch = ajv.compile(branchSchema) - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match, it normally means that the input - document does not validate against the csaf JSON schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - branches: { - elements: branchSchema, - }, - full_product_names: { - elements: fullProductNameSchema, - }, - product_paths: { - elements: { - additionalProperties: true, - optionalProperties: { - full_product_name: fullProductNameSchema, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @typedef {import('ajv/dist/core.js').JTDDataType} Branch - * @typedef {import('ajv/dist/core.js').JTDDataType} FullProductName - */ - -/** - * Checks if the `stringToCheck` includes more than one unescaped `*` character. A `*` character - * can be escaped by prefixing it with a backslash (`\`). - * - * @param {string} stringToCheck - * @return {boolean} - */ -export function containMultipleUnescapedStars(stringToCheck) { - const regex = /\*/g - return ( - (stringToCheck - .replace(/\\\*/g, '') // remove escaped '*' - .match(regex)?.length ?? 0) > 1 // check if there is more than 1 unescaped '*' - ) -} - -/** - * Validates all given serial numbers and - * check whether they contain multiple unescaped stars - * - * @param {Array | undefined} serialNumbers serial_numbers to check - * @return {Array} indexes of the serial_numbers that invalid - */ -export function checkSerialNumbers(serialNumbers) { - /** @type {Array}*/ - const invalidNumbers = [] - if (serialNumbers) { - for (let i = 0; i < serialNumbers.length; i++) { - const serialNumber = serialNumbers[i] - if (containMultipleUnescapedStars(serialNumber)) { - invalidNumbers.push('' + i) - } - } - } - return invalidNumbers -} - -/** - * For each serial number, it MUST be tested - * that it does not contain multiple unescaped stars. - * - * @param {unknown} doc - */ -export function mandatoryTest_6_1_44(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test run and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) { - return ctx - } - - doc.product_tree?.branches?.forEach((branch, index) => { - checkBranch(`/product_tree/branches/${index}`, branch) - }) - - doc.product_tree?.full_product_names?.forEach((fullProduceName, index) => { - checkFullProductName( - `/product_tree/full_product_names/${index}`, - fullProduceName - ) - }) - - doc.product_tree?.product_paths?.forEach((productPath, index) => { - const fullProductName = productPath.full_product_name - if (fullProductName) { - checkFullProductName( - `/product_tree/product_paths/${index}/full_product_name`, - fullProductName - ) - } - }) - - return ctx - - /** - * Check whether the serial numbers contain multiple unescaped stars for a full product name object - * - * @param {string} prefix The instance path prefix of the "full product name". It is - * used to generate error messages. - * @param {FullProductName} fullProductName The "full product name" object. - */ - function checkFullProductName(prefix, fullProductName) { - const invalidNumberIndexes = checkSerialNumbers( - fullProductName.product_identification_helper?.serial_numbers - ) - invalidNumberIndexes.forEach((invalidNumberIndex) => { - ctx.isValid = false - ctx.errors.push({ - instancePath: `${prefix}/product_identification_helper/serial_numbers/${invalidNumberIndex}`, - message: 'Serial number contains multiple unescaped stars', - }) - }) - } - - /** - * Check whether the model numbers contain multiple unescaped stars for the given branch object - * and its branch children. - * - * @param {string} prefix The instance path prefix of the "branch". It is - * used to generate error messages. - * @param {Branch} branch The "branch" object. - */ - function checkBranch(prefix, branch) { - const invalidNumberIndexes = checkSerialNumbers( - branch.product?.product_identification_helper?.serial_numbers - ) - invalidNumberIndexes.forEach((invalidNumberIndex) => { - ctx.isValid = false - ctx.errors.push({ - instancePath: `${prefix}/product/product_identification_helper/serial_numbers/${invalidNumberIndex}`, - message: 'Serial number contains multiple unescaped stars', - }) - }) - branch.branches?.forEach((branch, index) => { - if (validateBranch(branch)) { - checkBranch(`${prefix}/branches/${index}`, branch) - } - }) - } -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_45.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_45.js deleted file mode 100644 index ab9e31b..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_45.js +++ /dev/null @@ -1,107 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { compareZonedDateTimes } from '../../lib/shared/dateHelper.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - distribution: { - additionalProperties: true, - properties: { - tlp: { - additionalProperties: true, - properties: { - label: { type: 'string' }, - }, - }, - }, - }, - tracking: { - additionalProperties: true, - properties: { - revision_history: { - elements: { - additionalProperties: true, - optionalProperties: { - date: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - disclosure_date: { type: 'string' }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test 6.1.45 of the CSAF 2.1 standard. - * - * @param {any} doc - */ -export function mandatoryTest_6_1_45(doc) { - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - if (!validate(doc)) { - return ctx - } - const status = doc.document.tracking.status - const tlpLabel = doc.document.distribution.tlp.label - if (!(tlpLabel === 'CLEAR' && (status === 'final' || status === 'interim'))) { - return ctx - } - - const revisionHistory = doc.document.tracking?.revision_history - // sort the revision history (descending) and save the newest entry - const newestRevisionHistoryItem = revisionHistory - .filter((item) => item.date !== undefined) - .sort((a, b) => - compareZonedDateTimes( - /** @type {string} */ (b.date), - /** @type {string} */ (a.date) - ) - )[0] - - doc.vulnerabilities?.forEach((vulnerability, vulnerabilityIndex) => { - const disclosureDate = vulnerability.disclosure_date - // compare the disclosure date with the date of the newest item in the revision history - if ( - disclosureDate && - compareZonedDateTimes( - disclosureDate, - /** @type {string} */ (newestRevisionHistoryItem.date) - ) > 0 - ) { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/disclosure_date`, - message: `the "status" is ${status}, but the "disclosure date" is newer than the date of the newest item of the revision_history`, - }) - } - }) - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_51.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_51.js deleted file mode 100644 index 6afa5bd..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_51.js +++ /dev/null @@ -1,118 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { compareZonedDateTimes } from '../dateHelper.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - tracking: { - additionalProperties: true, - properties: { - revision_history: { - elements: { - additionalProperties: true, - optionalProperties: { - date: { type: 'string' }, - }, - }, - }, - status: { type: 'string' }, - }, - }, - }, - }, - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - metrics: { - elements: { - additionalProperties: true, - optionalProperties: { - content: { - additionalProperties: true, - optionalProperties: { - epss: { - additionalProperties: true, - optionalProperties: { - timestamp: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test 6.1.51 of the CSAF 2.1 standard. - * - * @param {any} doc - */ -export function mandatoryTest_6_1_51(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) return ctx - - const status = doc.document.tracking.status - if (status !== 'final' && status !== 'interim') { - return ctx - } - - const newestRevisionHistoryItem = doc.document.tracking.revision_history - .filter((item) => item.date != null) - .sort((a, z) => - compareZonedDateTimes( - /** @type {string} */ (z.date), - /** @type {string} */ (a.date) - ) - )[0] - - doc.vulnerabilities?.forEach((vulnerability, vulnerabilityIndex) => { - const metrics = vulnerability.metrics || [] - metrics.forEach((metric, metricIdx) => { - const epss = metric.content?.epss || {} - if ( - epss.timestamp && - newestRevisionHistoryItem && - compareZonedDateTimes( - /** @type {string} */ (newestRevisionHistoryItem.date), - /** @type {string} */ epss.timestamp - ) < 0 - ) { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIdx}/content/epss/timestamp`, - message: `the status is ${status}, but the EPSS "timestamp" is newer than the newest revision history date`, - }) - } - }) - }) - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_52.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_52.js deleted file mode 100644 index 364bb41..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_52.js +++ /dev/null @@ -1,123 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { compareZonedDateTimes } from '../../lib/shared/dateHelper.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - tracking: { - additionalProperties: true, - properties: { - revision_history: { - elements: { - additionalProperties: true, - optionalProperties: { - date: { type: 'string' }, - }, - }, - }, - status: { type: 'string' }, - }, - }, - }, - }, - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - first_known_exploitation_dates: { - elements: { - additionalProperties: true, - optionalProperties: { - date: { type: 'string' }, - exploitation_date: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test 6.1.52 of the CSAF 2.1 standard. - * - * @param {any} doc - */ -export function mandatoryTest_6_1_52(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) { - return ctx - } - const status = doc.document.tracking.status - if (status !== 'final' && status !== 'interim') { - return ctx - } - - const newestRevisionHistoryItem = doc.document.tracking.revision_history - .filter((item) => item.date != null) - .sort((a, z) => - compareZonedDateTimes( - /** @type {string} */ (z.date), - /** @type {string} */ (a.date) - ) - )[0] - - doc.vulnerabilities?.forEach((vulnerability, vulnerabilityIndex) => { - const exploitDate = vulnerability.first_known_exploitation_dates || [] - exploitDate.forEach((exploit, exploitIdx) => { - const date = exploit.date - const exploitationDate = exploit.exploitation_date - if ( - newestRevisionHistoryItem && - compareZonedDateTimes( - /** @type {string} */ (newestRevisionHistoryItem.date), - /** @type {string} */ (date) - ) < 0 - ) { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/first_known_exploitation_dates/${exploitIdx}/date`, - message: `the status is ${status}, but the "date" of the First Known Exploitation Dates is newer than the newest revision history date`, - }) - } - if ( - newestRevisionHistoryItem && - compareZonedDateTimes( - /** @type {string} */ (newestRevisionHistoryItem.date), - /** @type {string} */ (exploitationDate) - ) < 0 - ) { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/first_known_exploitation_dates/${exploitIdx}/exploitation_date`, - message: `the status is ${status}, but the "exploitation_date" of the First Known Exploitation Dates is newer than the newest revision history date`, - }) - } - }) - }) - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_58.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_58.js deleted file mode 100644 index 35f81fd..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_58.js +++ /dev/null @@ -1,151 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - branches: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, -}) - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - branches: { - elements: branchSchema, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) -const validateBranch = ajv.compile(branchSchema) - -/** - * @typedef {import('ajv/dist/core.js').JTDDataType} Branch - */ - -/** - * This implements the mandatory test 6.1.58 of the CSAF 2.1 standard. - * - * For each full_product_name_t element under /product_tree/branches, it MUST be - * tested that only one of the branch categories product_version and - * product_version_range is used along the path leading to the full_product_name_t - * element. - * - * @param {any} doc - */ -export function mandatoryTest_6_1_58(doc) { - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validateInput(doc)) { - return ctx - } - - const branches = doc.product_tree?.branches ?? [] - branches.forEach((branch, index) => { - checkBranch( - branch, - `/product_tree/branches/${index}`, - false, - false, - ctx.errors - ) - }) - - if (ctx.errors.length > 0) { - ctx.isValid = false - } - - return ctx -} - -/** - * Checks that product_version and product_version_range are not both used along the same path - * - * @param {Branch} branch current branch - * @param {string} basePath base instance path for error reporting - * @param {boolean} hasProductVersion - whether product_version appeared in the path so far - * @param {boolean} hasProductVersionRange - whether product_version_range appeared in the path so far - * @param {Array<{ instancePath: string; message: string }>} errors - */ -function checkBranch( - branch, - basePath, - hasProductVersion, - hasProductVersionRange, - errors -) { - const category = branch.category - - const nowHasProductVersion = - hasProductVersion || category === 'product_version' - const nowHasProductVersionRange = - hasProductVersionRange || category === 'product_version_range' - - if (nowHasProductVersion && nowHasProductVersionRange) { - reportLeaves(branch, basePath, errors) - return - } - - // Recursively check nested branches - if (Array.isArray(branch.branches)) { - branch.branches.forEach( - (/** @type {any} */ childBranch, /** @type {number} */ index) => { - if (!validateBranch(childBranch)) return - checkBranch( - childBranch, - `${basePath}/branches/${index}`, - nowHasProductVersion, - nowHasProductVersionRange, - errors - ) - } - ) - } -} - -/** - * Recursively reports all `product` leaves reachable from a branch that lies on a conflicting path. - * - * @param {any} branch - * @param {string} basePath - * @param {Array<{ instancePath: string; message: string }>} errors - */ -function reportLeaves(branch, basePath, errors) { - if (branch.product !== undefined) { - errors.push({ - instancePath: `${basePath}/product`, - message: - 'both categories "product_version" and "product_version_range" are used along the same path.', - }) - } - - if (Array.isArray(branch.branches)) { - branch.branches.forEach( - (/** @type {any} */ child, /** @type {number} */ index) => { - reportLeaves(child, `${basePath}/branches/${index}`, errors) - } - ) - } -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_6.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_6.js deleted file mode 100644 index 5e7efd6..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_6.js +++ /dev/null @@ -1,126 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - product_status: { - additionalProperties: true, - optionalProperties: { - first_affected: { elements: { type: 'string' } }, - first_fixed: { elements: { type: 'string' } }, - fixed: { elements: { type: 'string' } }, - known_affected: { elements: { type: 'string' } }, - known_not_affected: { elements: { type: 'string' } }, - last_affected: { elements: { type: 'string' } }, - under_investigation: { elements: { type: 'string' } }, - unknown: { elements: { type: 'string' } }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test 6.1.6 of the CSAF 2.1 standard. - * - * @param {any} doc - */ -export function mandatoryTest_6_1_6(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) { - return ctx - } - - if (Array.isArray(doc.vulnerabilities)) { - /** @type {Array} */ - const vulnerabilities = doc.vulnerabilities - vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - const productStatus = vulnerability.product_status - if (!productStatus) return - const groups = [ - new Set( - [] - .concat( - Array.isArray(productStatus.first_affected) - ? productStatus.first_affected - : [] - ) - .concat( - Array.isArray(productStatus.known_affected) - ? productStatus.known_affected - : [] - ) - .concat( - Array.isArray(productStatus.last_affected) - ? productStatus.last_affected - : [] - ) - ), - new Set( - Array.isArray(productStatus.known_not_affected) - ? productStatus.known_not_affected - : [] - ), - new Set( - [] - .concat( - Array.isArray(productStatus.first_fixed) - ? productStatus.first_fixed - : [] - ) - .concat( - Array.isArray(productStatus.fixed) ? productStatus.fixed : [] - ) - ), - new Set( - Array.isArray(productStatus.under_investigation) - ? productStatus.under_investigation - : [] - ), - new Set( - Array.isArray(productStatus.unknown) ? productStatus.unknown : [] - ), - ] - - groups.forEach((group, index) => { - const remainingGroups = groups.slice(index + 1) - group.forEach((productID) => { - if (remainingGroups.some((g) => g.has(productID))) { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/product_status`, - message: `product id "${productID}" is mentioned in contradicting product status groups`, - }) - } - }) - }) - }) - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_7.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_7.js deleted file mode 100644 index 22a638f..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_7.js +++ /dev/null @@ -1,206 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -/** - * @typedef {string} Product - * / - - /** @typedef {import('ajv/dist/jtd.js').JTDDataType} InputSchema */ - -/** @typedef {InputSchema['vulnerabilities'][number]} Vulnerability */ - -/** @typedef {NonNullable[number]} Metric */ - -/** @typedef {NonNullable} MetricContent */ - -const jtdAjv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - metrics: { - elements: { - additionalProperties: true, - optionalProperties: { - source: { - type: 'string', - }, - products: { - elements: { type: 'string' }, - }, - content: { - additionalProperties: true, - optionalProperties: { - cvss_v2: { - additionalProperties: true, - optionalProperties: { - version: { type: 'string' }, - }, - }, - cvss_v3: { - additionalProperties: true, - optionalProperties: { - version: { type: 'string' }, - }, - }, - cvss_v4: { - additionalProperties: true, - optionalProperties: { - version: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = jtdAjv.compile(inputSchema) - -/** - * For each item in /vulnerabilities it MUST be tested that the same Product ID - * is not a member of more than one CVSS-Vectors with the same version and the same source. - * @param {unknown} doc - */ -export function mandatoryTest_6_1_7(doc) { - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - if (!validate(doc)) { - return ctx - } - - /** @type {Array} */ - const vulnerabilities = doc.vulnerabilities - - /** - * Create a unique string for the tuple of version and source - * to compare them easily - * @param {string} version - * @param {string | undefined} source - */ - function createIdForVersionAndSource(version, source) { - return JSON.stringify({ version: version, source: source ?? '' }) - } - - /** - * - * @param {Metric} metric - * @param {string} versionSourceId - * @returns {string|null} - */ - function findCvssVersionWithSameVersionAndSource(metric, versionSourceId) { - if ( - metric.content?.cvss_v2?.version !== undefined && - versionSourceId === - createIdForVersionAndSource( - metric.content?.cvss_v2.version, - metric.source - ) - ) { - return metric.content?.cvss_v2?.version - } else if ( - metric.content?.cvss_v3?.version !== undefined && - versionSourceId === - createIdForVersionAndSource( - metric.content?.cvss_v3.version, - metric.source - ) - ) { - return metric.content?.cvss_v3?.version - } else if ( - metric.content?.cvss_v4?.version !== undefined && - versionSourceId === - createIdForVersionAndSource( - metric.content?.cvss_v4.version, - metric.source - ) - ) { - return metric.content?.cvss_v4?.version - } else { - return null - } - } - - /** - * @param {Metric} metric - * @param {Set} versionSourceIdSet - */ - function addAllVersionSourceIdsInMetricToSet(metric, versionSourceIdSet) { - if (metric.content?.cvss_v2?.version !== undefined) { - versionSourceIdSet.add( - createIdForVersionAndSource( - metric.content?.cvss_v2.version, - metric.source - ) - ) - } - if (metric.content?.cvss_v3?.version !== undefined) { - versionSourceIdSet.add( - createIdForVersionAndSource( - metric.content?.cvss_v3.version, - metric.source - ) - ) - } - if (metric.content?.cvss_v4?.version !== undefined) { - versionSourceIdSet.add( - createIdForVersionAndSource( - metric.content?.cvss_v4.version, - metric.source - ) - ) - } - } - - vulnerabilities.forEach((vulnerabilityItem, vulnerabilityIndex) => { - /** @type {Map>} */ - const versionsSourceIdSetByProduct = new Map() - - /** @type {Array | undefined} */ - const metrics = vulnerabilityItem.metrics - metrics?.forEach((metric, metricIndex) => { - /** @type {Array | undefined} */ - const productsOfMetric = metric.products - productsOfMetric?.forEach((product, productIndex) => { - const versionSourceIdsOfProduct = - versionsSourceIdSetByProduct.get(product) ?? new Set() - versionsSourceIdSetByProduct.set(product, versionSourceIdsOfProduct) - - versionSourceIdsOfProduct.forEach((versionSourceIdOfProduct) => { - const sameVersion = findCvssVersionWithSameVersionAndSource( - metric, - versionSourceIdOfProduct - ) - if (sameVersion) { - isValid = false - const sourceOfMetric = metric.source ? metric.source : '' - errors.push({ - message: `Product is member of more than one CVSS-Vectors with the same version '${sameVersion}' and same source '${sourceOfMetric}'.`, - instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/products/${productIndex}`, - }) - } - }) - - addAllVersionSourceIdsInMetricToSet(metric, versionSourceIdsOfProduct) - }) - }) - }) - - return { errors, isValid } -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_8.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_8.js deleted file mode 100644 index a4abce5..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_8.js +++ /dev/null @@ -1,124 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import csafAjv from '../csafAjv.js' - -const jtdAjv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - metrics: { - elements: { - additionalProperties: true, - optionalProperties: { - content: { - additionalProperties: true, - optionalProperties: { - cvss_v2: { - additionalProperties: true, - properties: {}, - }, - cvss_v3: { - additionalProperties: true, - properties: {}, - }, - cvss_v4: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = jtdAjv.compile(inputSchema) - -const validate_2_0 = csafAjv.compile({ - $ref: 'https://www.first.org/cvss/cvss-v2.0.json', -}) - -const validate_3 = csafAjv.compile({ - oneOf: [ - { - $ref: 'https://www.first.org/cvss/cvss-v3.0.json', - }, - { - $ref: 'https://www.first.org/cvss/cvss-v3.1.json', - }, - ], -}) - -const validate_4_0 = csafAjv.compile({ - $ref: 'https://www.first.org/cvss/cvss-v4.0.1.json', -}) - -/** - * @param {any} doc - */ -export function mandatoryTest_6_1_8(doc) { - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) { - return ctx - } - - for (const [ - vulnerabilityIndex, - vulnerability, - ] of doc.vulnerabilities?.entries() ?? []) { - for (const [metricIndex, metric] of vulnerability.metrics?.entries() ?? - []) { - if (metric?.content?.cvss_v2) { - const valid = validate_2_0(metric?.content.cvss_v2) - if (!valid) { - ctx.isValid = false - for (const err of validate_2_0.errors ?? []) { - ctx.errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/cvss_v2${err.instancePath}`, - message: err.message ?? '', - }) - } - } - } - if (metric?.content?.cvss_v3) { - const valid = validate_3(metric?.content?.cvss_v3) - if (!valid) { - ctx.isValid = false - for (const err of validate_3.errors ?? []) { - ctx.errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/cvss_v3${err.instancePath}`, - message: err.message ?? '', - }) - } - } - } - if (metric?.content?.cvss_v4) { - const valid = validate_4_0(metric?.content?.cvss_v4) - if (!valid) { - ctx.isValid = false - for (const err of validate_4_0.errors ?? []) { - ctx.errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/cvss_v4${err.instancePath}`, - message: err.message ?? '', - }) - } - } - } - } - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_9.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_9.js deleted file mode 100644 index cce0f42..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTest_6_1_9.js +++ /dev/null @@ -1,284 +0,0 @@ -import cvss2js from 'cvss2js' -import { getEnvironmentalScoreFromVectorString } from '../../lib/shared/cvss2.js' -import { cvss30 as CVSS30, cvss31 as CVSS31 } from '../../lib/shared/first.js' -import { Ajv } from 'ajv/dist/jtd.js' -import { calculateCvss4_0_Score } from '../../lib/shared/cvss4.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - properties: { - metrics: { - elements: { - additionalProperties: true, - properties: { - content: { - additionalProperties: true, - optionalProperties: { - cvss_v2: { - additionalProperties: true, - optionalProperties: { - vectorString: { type: 'string' }, - baseScore: { type: 'float64' }, - temporalScore: { type: 'float64' }, - environmentalScore: { type: 'float64' }, - }, - }, - cvss_v3: { - additionalProperties: true, - optionalProperties: { - vectorString: { type: 'string' }, - version: { type: 'string' }, - baseScore: { type: 'float64' }, - baseSeverity: { type: 'string' }, - temporalScore: { type: 'float64' }, - temporalSeverity: { type: 'string' }, - environmentalScore: { type: 'float64' }, - environmentalSeverity: { type: 'string' }, - }, - }, - cvss_v4: { - additionalProperties: true, - optionalProperties: { - vectorString: { type: 'string' }, - version: { type: 'string' }, - baseScore: { type: 'float64' }, - baseSeverity: { type: 'string' }, - threatScore: { type: 'float64' }, - threatSeverity: { type: 'string' }, - environmentalScore: { type: 'float64' }, - environmentalSeverity: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export function mandatoryTest_6_1_9(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - if (!validateInput(doc)) { - return { errors, isValid } - } - - const vulnerabilities = doc.vulnerabilities - vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - const metrics = vulnerability.metrics - metrics?.forEach((metric, metricIndex) => { - calculateCvss2(metric).forEach((failedMetricName) => { - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/scores/${metricIndex}/cvss_v2/${failedMetricName}`, - message: 'invalid calculated value', - }) - }) - - calculateCvss3(metric).forEach((failedMetricName) => { - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/scores/${metricIndex}/cvss_v3/${failedMetricName}`, - message: 'invalid calculated value', - }) - }) - - calculateCvss4(metric).forEach((failedMetricName) => { - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/scores/${metricIndex}/cvss_v4/${failedMetricName}`, - message: 'invalid calculated value', - }) - }) - }) - }) - - return { errors, isValid: errors.length === 0 } -} - -/** - * @param {string} vectorString - * @returns - */ -function safelyParseCVSSV2Vector(vectorString) { - try { - return { - success: true, - baseMetricScore: cvss2js.getBaseScore(vectorString), - temporalMetricScore: cvss2js.getTemporalScore(vectorString), - environmentalMetricScore: - getEnvironmentalScoreFromVectorString(vectorString), - } - } catch (e) { - return { - success: false, - baseMetricScore: -1, - temporalMetricScore: -1, - environmentalMetricScore: -1, - } - } -} - -/** - * @param {any} metric - * @return {string[]} - */ -function calculateCvss2(metric) { - const failedMetrics = [] - if ( - metric.content?.cvss_v2 && - typeof metric.content.cvss_v2.vectorString === 'string' - ) { - const cvssV2 = metric.content.cvss_v2 - const result = safelyParseCVSSV2Vector(metric.content.cvss_v2.vectorString) - - if (result.success) { - for (const { score, expectedScore, name } of [ - { - score: cvssV2.baseScore, - expectedScore: result.baseMetricScore, - name: 'baseScore', - }, - { - score: cvssV2.temporalScore, - expectedScore: result.temporalMetricScore, - name: 'temporalScore', - }, - { - score: cvssV2.environmentalScore, - expectedScore: result.environmentalMetricScore, - name: 'environmentalScore', - }, - ]) { - if (typeof score === 'number') { - if (score !== Number(expectedScore)) { - failedMetrics.push(name) - } - } - } - } else { - // Invalid CVSS string is tested in test 6.1.8 - } - } - - return failedMetrics -} - -/** - * @param {any} metric - * @return {string[]} - */ -function calculateCvss3(metric) { - const failedMetrics = [] - if ( - metric.content?.cvss_v3 && - typeof metric.content.cvss_v3.vectorString === 'string' && - (metric.content.cvss_v3.version === '3.1' || - metric.content.cvss_v3.version === '3.0') - ) { - const calculator = - metric.content.cvss_v3.version === '3.0' ? CVSS30 : CVSS31 - const result = calculator.calculateCVSSFromVector( - metric.content.cvss_v3.vectorString - ) - - if (result.success) { - for (const { score: scoreValue, expectedScore, name } of [ - { - score: metric.content.cvss_v3.baseScore, - expectedScore: result.baseMetricScore, - name: 'baseScore', - }, - { - score: metric.content.cvss_v3.temporalScore, - expectedScore: result.temporalMetricScore, - name: 'temporalScore', - }, - { - score: metric.content.cvss_v3.environmentalScore, - expectedScore: result.environmentalMetricScore, - name: 'environmentalScore', - }, - ]) { - if (typeof scoreValue === 'number') { - if (scoreValue !== Number(expectedScore)) { - failedMetrics.push(name) - } - } - } - - for (const { severity, expectedSeverity, name } of [ - { - severity: metric.content.cvss_v3.baseSeverity, - expectedSeverity: result.baseSeverity, - name: 'baseSeverity', - }, - { - severity: metric.content.cvss_v3.temporalSeverity, - expectedSeverity: result.temporalSeverity, - name: 'temporalSeverity', - }, - { - severity: metric.content.cvss_v3.environmentalSeverity, - expectedSeverity: result.environmentalSeverity, - name: 'environmentalSeverity', - }, - ]) { - if (typeof severity === 'string') { - if (severity !== expectedSeverity.toUpperCase()) { - failedMetrics.push(name) - } - } - } - } else { - // Invalid CVSS is tested in test 6.1.8 - } - } - return failedMetrics -} - -/** - * @param {any} metric - * @return {string[]} - */ -function calculateCvss4(metric) { - /** - * @type {string[]} - */ - const failedMetrics = [] - if ( - metric.content?.cvss_v4 && - typeof metric.content.cvss_v4.vectorString === 'string' - ) { - const scores = calculateCvss4_0_Score(metric.content.cvss_v4.vectorString) - scores.forEach((score) => { - const expectedScore = metric.content.cvss_v4[score.scoreJsonName] - const expectedSeverity = metric.content.cvss_v4[score.severityJsonName] - if (typeof expectedScore === 'number' && score.score !== expectedScore) { - failedMetrics.push(score.scoreJsonName) - } - - if ( - typeof expectedSeverity === 'string' && - score.severity.toUpperCase() !== expectedSeverity.toUpperCase() - ) { - failedMetrics.push(score.severityJsonName) - } - }) - } - return failedMetrics -} diff --git a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTests_6_1_38.js b/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTests_6_1_38.js deleted file mode 100644 index 61d119e..0000000 --- a/csaf-validator-lib/csaf_2_1/mandatoryTests/mandatoryTests_6_1_38.js +++ /dev/null @@ -1,80 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -/** - * The max uuid to check the sharing_group.id for. - */ -const MAX_UUID = 'ffffffff-ffff-ffff-ffff-ffffffffffff' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - distribution: { - additionalProperties: true, - properties: { - sharing_group: { - additionalProperties: true, - properties: { - id: { - type: 'string', - }, - }, - }, - }, - optionalProperties: { - tlp: { - additionalProperties: true, - optionalProperties: { - label: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the mandatory test 6.1.38 of the CSAF 2.1 standard. - * - * @param {any} doc - */ -export function mandatoryTest_6_1_38(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test ran and is - finally returned by the function. - */ - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) return ctx - - if ( - doc.document.distribution.sharing_group.id === MAX_UUID && - doc.document.distribution.tlp?.label !== 'CLEAR' - ) { - ctx.isValid = false - ctx.errors.push({ - instancePath: '/document/distribution/tlp/label', - message: `the sharing group uses the Max UUID but the CSAF document is not labeled as TLP:CLEAR`, - }) - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests.js b/csaf-validator-lib/csaf_2_1/recommendedTests.js deleted file mode 100644 index 7be8846..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests.js +++ /dev/null @@ -1,43 +0,0 @@ -/** - * @file Bundles all recommended tests. - * - * Old optional tests are wrapped. This is necessary to adapt the function name - * which is used as the test name. The test name is used in the validator service - * for example. - */ - -export { recommendedTest_6_2_1 } from './recommendedTests/recommendedTest_6_2_1.js' -export { recommendedTest_6_2_2 } from './recommendedTests/recommendedTest_6_2_2.js' -export { recommendedTest_6_2_3 } from './recommendedTests/recommendedTest_6_2_3.js' -export { recommendedTest_6_2_4 } from './recommendedTests/recommendedTest_6_2_4.js' -export { recommendedTest_6_2_5 } from './recommendedTests/recommendedTest_6_2_5.js' -export { recommendedTest_6_2_6 } from './recommendedTests/recommendedTest_6_2_6.js' -export { recommendedTest_6_2_7 } from './recommendedTests/recommendedTest_6_2_7.js' -export { recommendedTest_6_2_8 } from './recommendedTests/recommendedTest_6_2_8.js' -export { recommendedTest_6_2_9 } from './recommendedTests/recommendedTest_6_2_9.js' -export { recommendedTest_6_2_10 } from './recommendedTests/recommendedTest_6_2_10.js' -export { recommendedTest_6_2_11 } from './recommendedTests/recommendedTest_6_2_11.js' -export { recommendedTest_6_2_12 } from './recommendedTests/recommendedTest_6_2_12.js' -export { recommendedTest_6_2_13 } from './recommendedTests/recommendedTest_6_2_13.js' -export { recommendedTest_6_2_14 } from './recommendedTests/recommendedTest_6_2_14.js' -export { recommendedTest_6_2_15 } from './recommendedTests/recommendedTest_6_2_15.js' -export { recommendedTest_6_2_16 } from './recommendedTests/recommendedTest_6_2_16.js' -export { recommendedTest_6_2_17 } from './recommendedTests/recommendedTest_6_2_17.js' -export { recommendedTest_6_2_18 } from './recommendedTests/recommendedTest_6_2_18.js' -export { recommendedTest_6_2_19 } from './recommendedTests/recommendedTest_6_2_19.js' -export { recommendedTest_6_2_21 } from './recommendedTests/recommendedTest_6_2_21.js' -export { recommendedTest_6_2_22 } from './recommendedTests/recommendedTest_6_2_22.js' -export { recommendedTest_6_2_23 } from './recommendedTests/recommendedTest_6_2_23.js' -export { recommendedTest_6_2_25 } from './recommendedTests/recommendedTest_6_2_25.js' -export { recommendedTest_6_2_27 } from './recommendedTests/recommendedTest_6_2_27.js' -export { recommendedTest_6_2_28 } from './recommendedTests/recommendedTest_6_2_28.js' -export { recommendedTest_6_2_29 } from './recommendedTests/recommendedTest_6_2_29.js' -export { recommendedTest_6_2_30 } from './recommendedTests/recommendedTest_6_2_30.js' -export { recommendedTest_6_2_38 } from './recommendedTests/recommendedTest_6_2_38.js' -export { recommendedTest_6_2_39_2 } from './recommendedTests/recommendedTest_6_2_39_2.js' -export { recommendedTest_6_2_39_4 } from './recommendedTests/recommendedTest_6_2_39_4.js' -export { recommendedTest_6_2_40 } from './recommendedTests/recommendedTest_6_2_40.js' -export { recommendedTest_6_2_41 } from './recommendedTests/recommendedTest_6_2_41.js' -export { recommendedTest_6_2_43 } from './recommendedTests/recommendedTest_6_2_43.js' -export { recommendedTest_6_2_47 } from './recommendedTests/recommendedTest_6_2_47.js' -export { recommendedTest_6_2_48 } from './recommendedTests/recommendedTest_6_2_48.js' diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_1.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_1.js deleted file mode 100644 index 8bc9a64..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_1.js +++ /dev/null @@ -1,8 +0,0 @@ -import { optionalTest_6_2_1 } from '../../optionalTests.js' - -/** - * @param {unknown} doc - */ -export function recommendedTest_6_2_1(doc) { - return optionalTest_6_2_1(doc) -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_10.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_10.js deleted file mode 100644 index a8a882c..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_10.js +++ /dev/null @@ -1,8 +0,0 @@ -import { optionalTest_6_2_10 } from '../../optionalTests.js' - -/** - * @param {unknown} doc - */ -export function recommendedTest_6_2_10(doc) { - return optionalTest_6_2_10(doc) -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_11.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_11.js deleted file mode 100644 index 781d40a..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_11.js +++ /dev/null @@ -1,8 +0,0 @@ -import { optionalTest_6_2_11 } from '../../optionalTests.js' - -/** - * @param {unknown} doc - */ -export function recommendedTest_6_2_11(doc) { - return optionalTest_6_2_11(doc) -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_12.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_12.js deleted file mode 100644 index b47974a..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_12.js +++ /dev/null @@ -1,8 +0,0 @@ -import { optionalTest_6_2_12 } from '../../optionalTests.js' - -/** - * @param {unknown} doc - */ -export function recommendedTest_6_2_12(doc) { - return optionalTest_6_2_12(doc) -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_13.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_13.js deleted file mode 100644 index 6679ad0..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_13.js +++ /dev/null @@ -1,8 +0,0 @@ -import { optionalTest_6_2_13 } from '../../optionalTests.js' - -/** - * @param {unknown} doc - */ -export function recommendedTest_6_2_13(doc) { - return optionalTest_6_2_13(doc) -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_14.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_14.js deleted file mode 100644 index b955821..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_14.js +++ /dev/null @@ -1,8 +0,0 @@ -import { optionalTest_6_2_14 } from '../../optionalTests.js' - -/** - * @param {unknown} doc - */ -export function recommendedTest_6_2_14(doc) { - return optionalTest_6_2_14(doc) -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_15.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_15.js deleted file mode 100644 index 8ae6b07..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_15.js +++ /dev/null @@ -1,8 +0,0 @@ -import { optionalTest_6_2_15 } from '../../optionalTests.js' - -/** - * @param {unknown} doc - */ -export function recommendedTest_6_2_15(doc) { - return optionalTest_6_2_15(doc) -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_16.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_16.js deleted file mode 100644 index 30db99f..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_16.js +++ /dev/null @@ -1,8 +0,0 @@ -import { optionalTest_6_2_16 } from '../../optionalTests.js' - -/** - * @param {unknown} doc - */ -export function recommendedTest_6_2_16(doc) { - return optionalTest_6_2_16(doc) -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_17.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_17.js deleted file mode 100644 index e315ba2..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_17.js +++ /dev/null @@ -1,8 +0,0 @@ -import { optionalTest_6_2_17 } from '../../optionalTests.js' - -/** - * @param {unknown} doc - */ -export function recommendedTest_6_2_17(doc) { - return optionalTest_6_2_17(doc) -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_18.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_18.js deleted file mode 100644 index 6da9d73..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_18.js +++ /dev/null @@ -1,8 +0,0 @@ -import { optionalTest_6_2_18 } from '../../optionalTests.js' - -/** - * @param {unknown} doc - */ -export function recommendedTest_6_2_18(doc) { - return optionalTest_6_2_18(doc) -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_19.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_19.js deleted file mode 100644 index 643f159..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_19.js +++ /dev/null @@ -1,8 +0,0 @@ -import { optionalTest_6_2_19 } from '../../optionalTests.js' - -/** - * @param {unknown} doc - */ -export function recommendedTest_6_2_19(doc) { - return optionalTest_6_2_19(doc) -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_2.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_2.js deleted file mode 100644 index a9544cc..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_2.js +++ /dev/null @@ -1,8 +0,0 @@ -import { optionalTest_6_2_2 } from '../../optionalTests.js' - -/** - * @param {unknown} doc - */ -export function recommendedTest_6_2_2(doc) { - return optionalTest_6_2_2(doc) -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_20.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_20.js deleted file mode 100644 index b47b588..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_20.js +++ /dev/null @@ -1,8 +0,0 @@ -import { optionalTest_6_2_20 } from '../../optionalTests.js' - -/** - * @param {unknown} doc - */ -export function recommendedTest_6_2_20(doc) { - return optionalTest_6_2_20(doc) -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_21.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_21.js deleted file mode 100644 index cc92375..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_21.js +++ /dev/null @@ -1,70 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { compareZonedDateTimes } from '../../lib/shared/dateHelper.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - - properties: { - document: { - additionalProperties: true, - properties: { - tracking: { - additionalProperties: true, - properties: { - revision_history: { - elements: { - additionalProperties: true, - optionalProperties: { - date: { type: 'string' }, - number: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export function recommendedTest_6_2_21(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const warnings = [] - const context = { warnings } - - if (!validate(doc)) { - return context - } - - const revisionHistory = doc.document.tracking.revision_history - for (let i = 0; i < revisionHistory.length - 1; i++) { - if (revisionHistory[i].date) { - for (let j = i + 1; j < revisionHistory.length; j++) { - if (revisionHistory[j].date) { - if ( - compareZonedDateTimes( - /**@type {string} */ (revisionHistory[i].date), - /**@type {string} */ (revisionHistory[j].date) - ) === 0 - ) { - warnings.push({ - instancePath: `/document/tracking/revision_history/${j}/date`, - message: - `the timestamps of the revision history items with version number ` + - `${revisionHistory[i].number} ` + - `and ${revisionHistory[j].number} are equal`, - }) - } - } - } - } - } - return context -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_22.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_22.js deleted file mode 100644 index 42fffbe..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_22.js +++ /dev/null @@ -1,47 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - title: { type: 'string' }, - tracking: { - additionalProperties: true, - properties: { - id: { type: 'string' }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export function recommendedTest_6_2_22(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const warnings = [] - const context = { warnings } - - if (!validate(doc)) { - return context - } - - const trackingId = doc.document.tracking.id - const documentTitle = doc.document.title - if (documentTitle.includes(trackingId)) { - context.warnings.push({ - message: `document title contains the tracking id ${trackingId}`, - instancePath: `/document/title`, - }) - } - - return context -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_23.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_23.js deleted file mode 100644 index 3c4d955..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_23.js +++ /dev/null @@ -1,82 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { cwecMap } from '../../lib/cwec.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - cwes: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) - -const cweSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - id: { type: 'string' }, - version: { type: 'string' }, - name: { type: 'string' }, - }, -}) - -const validateCWE = ajv.compile(cweSchema) - -/** - * This implements the recommended test 6.2.23 of the CSAF 2.1 standard. - * - * @param {any} doc - */ -export async function recommendedTest_6_2_23(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const warnings = [] - const context = { warnings } - - if (!validateInput(doc)) { - return context - } - - for (let i = 0; i < doc.vulnerabilities.length; ++i) { - const vulnerability = doc.vulnerabilities[i] - if (vulnerability.cwes) { - for (let j = 0; j < vulnerability.cwes.length; ++j) { - const cwe = vulnerability.cwes.at(j) - if (validateCWE(cwe)) { - const cwec = cwecMap.get(cwe.version) - if (cwec) { - const entry = (await cwec())?.default.weaknesses.find( - (w) => w.id === cwe.id - ) - if (entry?.status === 'Deprecated') { - context.warnings.push({ - instancePath: `/vulnerabilities/${i}/cwes/${j}`, - message: `this CWE is deprecated in version ${cwe.version}`, - }) - } - } - } - } - } - } - - return context -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_25.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_25.js deleted file mode 100644 index afbd8d6..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_25.js +++ /dev/null @@ -1,87 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { cwecMap } from '../../lib/cwec.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - cwes: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) - -const cweSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - id: { type: 'string' }, - version: { type: 'string' }, - name: { type: 'string' }, - }, -}) - -const validateCWE = ajv.compile(cweSchema) - -/** - * This implements the recommended test 6.2.25 of the CSAF 2.1 standard. - * - * @param {any} doc - */ -export async function recommendedTest_6_2_25(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const warnings = [] - const context = { warnings } - - if (!validateInput(doc)) { - return context - } - - for (let i = 0; i < doc.vulnerabilities.length; ++i) { - const vulnerability = doc.vulnerabilities[i] - if (vulnerability.cwes) { - for (let j = 0; j < vulnerability.cwes.length; ++j) { - const cwe = vulnerability.cwes.at(j) - if (validateCWE(cwe)) { - const cwec = cwecMap.get(cwe.version) - if (cwec) { - const entry = (await cwec()).default.weaknesses.find( - (w) => w.id === cwe.id - ) - //NOTE: the usage property is not available in cwe version 4.11 and older - if ( - entry?.usage !== 'Allowed' && - entry?.usage !== 'Allowed-with-Review' - ) { - context.warnings.push({ - instancePath: `/vulnerabilities/${i}/cwes/${j}/id`, - message: - 'the usage of the weakness with the given id is not allowed', - }) - } - } - } - } - } - } - - return context -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_27.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_27.js deleted file mode 100644 index ad5f671..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_27.js +++ /dev/null @@ -1,192 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -/** - * @typedef {'workaround' - * | 'mitigation' - * | 'vendor_fix' - * | 'optional_patch' - * | 'none_available' - * | 'fix_planned' - * | 'no_fix_planned'} Category - */ - -/** - * @typedef {'first_affected' - * | 'first_fixed' - * | 'fixed' - * | 'known_affected' - * | 'known_not_affected' - * | 'last_affected' - * | 'recommended' - * | 'under_investigation' - * | 'unknown'} ProductStatus - */ - -/** - * This map holds discouraged category combinations. - * See https://github.com/oasis-tcs/csaf/blob/master/csaf_2.1/prose/share/csaf-v2.1-draft.md#324131-vulnerabilities-property---remediations---category- - * - * @type {Map>} - */ -const discouragedRuleMap = new Map( - /** @satisfies {Array<[Category, ProductStatus[]]>} */ ([ - ['workaround', ['under_investigation', 'unknown']], - ['mitigation', ['under_investigation', 'unknown']], - ['vendor_fix', ['under_investigation', 'unknown']], - ['optional_patch', ['first_fixed', 'fixed']], - ['fix_planned', ['known_not_affected', 'under_investigation', 'unknown']], - ['no_fix_planned', ['known_not_affected']], - ]).map((e) => [e[0], new Set(e[1])]) -) - -const productStatusSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - first_affected: { elements: { type: 'string' } }, - first_fixed: { elements: { type: 'string' } }, - fixed: { elements: { type: 'string' } }, - known_affected: { elements: { type: 'string' } }, - known_not_affected: { elements: { type: 'string' } }, - last_affected: { elements: { type: 'string' } }, - recommended: { elements: { type: 'string' } }, - under_investigation: { elements: { type: 'string' } }, - unknown: { elements: { type: 'string' } }, - }, -}) - -const remediationSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - category: { type: 'string' }, - group_ids: { - elements: { type: 'string' }, - }, - product_ids: { - elements: { type: 'string' }, - }, - }, -}) - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - product_groups: { - elements: { - additionalProperties: true, - optionalProperties: { - group_id: { type: 'string' }, - product_ids: { - elements: { - type: 'string', - }, - }, - }, - }, - }, - }, - }, - }, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - product_status: productStatusSchema, - remediations: { - elements: remediationSchema, - }, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export function recommendedTest_6_2_27(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - if (!doc.vulnerabilities) { - return ctx // No vulnerabilities to check - } - - for (const [vulnerabilityIndex, vulnerability] of Object.entries( - doc.vulnerabilities - )) { - /** - * This map holds all discovered product ids and maps them to the set of corresponding - * remediation categories. Later we can check this map to find out if there are any - * contradicting remediations. - * - * @type {Map>} - */ - const productToCategoriesMap = new Map() - - const productStatus = new Map( - Object.entries(vulnerability.product_status || {}) - ) - vulnerability.remediations?.forEach((remediation, remediationIndex) => { - const category = remediation.category - if (!category) return - - /** - * This function adds the current category to the given product id in the - * `productMap`. If the product does not yet exist in the map, it is added. - * - * @param {string} id - */ - const collectCategory = (id) => { - productToCategoriesMap.set( - id, - new Set(productToCategoriesMap.get(id)).add(category) - ) - } - - remediation.product_ids?.forEach(collectCategory) - - remediation.group_ids?.forEach((id) => { - const group = doc.product_tree?.product_groups?.find( - (g) => g.group_id === id - ) - if (!group) return - group.product_ids?.forEach(collectCategory) - }) - - /** - * Check for discouraged combinations of product status and remediation category. - */ - for (const [productId, categories] of productToCategoriesMap) { - for (const category of categories) { - const status = discouragedRuleMap.get(category) - if (!status) continue // There are no discouraged rules for this category. - status.forEach((s) => { - const statusList = productStatus.get(s) - if (Array.isArray(statusList) && statusList.includes(productId)) { - ctx.warnings.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/remediations/${remediationIndex}`, - message: `discouraged combination of product status ${s} and remediation category ${category} for product id "${productId}"`, - }) - } - }) - } - } - }) - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_28.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_28.js deleted file mode 100644 index a000117..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_28.js +++ /dev/null @@ -1,52 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { MAX_UUID } from '../sharingGroup.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - distribution: { - additionalProperties: true, - properties: { - sharing_group: { - additionalProperties: true, - properties: { - id: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, -}) -const validateInput = ajv.compile(inputSchema) - -/** - * Test for the optional test 6.2.28 - * The Max UUID should not be used for the sharing group id. - * @param {any} doc - */ -export function recommendedTest_6_2_28(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - const sharingGroup = doc.document.distribution.sharing_group - if (sharingGroup.id === MAX_UUID) { - ctx.warnings.push({ - message: 'The Max UUID should not be used as sharing group id.', - instancePath: '/document/distribution/sharing_group/id', - }) - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_29.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_29.js deleted file mode 100644 index d042310..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_29.js +++ /dev/null @@ -1,53 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { NIL_UUID } from '../sharingGroup.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - distribution: { - additionalProperties: true, - properties: { - sharing_group: { - additionalProperties: true, - properties: { - id: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, -}) -const validateInput = ajv.compile(inputSchema) - -/** - * Test for the optional test 6.2.28 - * The Nil UUID should not be used as sharing group id. - * - * @param {any} doc - */ -export function recommendedTest_6_2_29(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - const sharingGroup = doc.document.distribution.sharing_group - if (sharingGroup.id === NIL_UUID) { - ctx.warnings.push({ - message: 'The Nil UUID should not be used as sharing group id.', - instancePath: '/document/distribution/sharing_group/id', - }) - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_3.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_3.js deleted file mode 100644 index 6ce1d2e..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_3.js +++ /dev/null @@ -1,77 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - - properties: { - product_status: { - additionalProperties: true, - optionalProperties: { - first_affected: { elements: { type: 'string' } }, - known_affected: { elements: { type: 'string' } }, - last_affected: { elements: { type: 'string' } }, - }, - }, - }, - - optionalProperties: { - metrics: { - elements: { - additionalProperties: true, - optionalProperties: { - products: { elements: { type: 'string' } }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export function recommendedTest_6_2_3(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const warnings = [] - const context = { warnings } - - if (!validate(doc)) { - return context - } - - doc.vulnerabilities?.forEach((vulnerability, vulnerabilityIndex) => { - const productStatus = vulnerability.product_status - const lists = /** @type {const} */ ([ - 'first_affected', - 'known_affected', - 'last_affected', - ]) - lists.forEach((listID) => { - const listOfProductIDs = productStatus[listID] - listOfProductIDs?.forEach((productID, productIDIndex) => { - const hasMatchingMetric = vulnerability.metrics?.some((metric) => - metric.products?.includes(productID) - ) - if (!hasMatchingMetric) { - context.warnings.push({ - message: 'missing metric', - instancePath: `/vulnerabilities/${vulnerabilityIndex}/product_status/${listID}/${productIDIndex}`, - }) - } - }) - }) - }) - - return context -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_30.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_30.js deleted file mode 100644 index 82a5d85..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_30.js +++ /dev/null @@ -1,66 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - distribution: { - additionalProperties: true, - properties: { - tlp: { - additionalProperties: true, - properties: { - label: { type: 'string' }, - }, - }, - }, - optionalProperties: { - sharing_group: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, - }, - }, -}) -const validateInput = ajv.compile(inputSchema) - -/** - * This implements the optional test 6.2.30 of the CSAF 2.1 standard. - * @param {any} doc - */ -export function recommendedTest_6_2_30(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - // Check for sharing_group usage when TLP is CLEAR - if ( - doc.document.distribution.tlp.label === 'CLEAR' && - doc.document.distribution.sharing_group - ) { - ctx.warnings.push({ - instancePath: '/document/distribution/sharing_group', - message: 'TLP:CLEAR documents should not use a "sharing_group"', - }) - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_38.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_38.js deleted file mode 100644 index c37fc4c..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_38.js +++ /dev/null @@ -1,43 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - category: { type: 'string' }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the recommended test 6.2.38 of the CSAF 2.1 standard. - * -/** - * @param {any} doc - */ -export function recommendedTest_6_2_38(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const warnings = [] - const context = { warnings } - - if (!validate(doc)) { - return context - } - - if (doc.document.category.match(/^csaf_deprecated_.*$/)) { - context.warnings.push({ - message: - 'The document category indicates the usage of a deprecated profile as it starts with "csaf_deprecated_"', - instancePath: '/document/category', - }) - } - - return context -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_39_2.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_39_2.js deleted file mode 100644 index 8aa07d2..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_39_2.js +++ /dev/null @@ -1,107 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { - containsOneNoteWithTitleAndCategory, - getTranslationInDocumentLang, - isLangSpecifiedAndNotEnglish, -} from '../../lib/shared/languageSpecificTranslation.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - category: { type: 'string' }, - }, - optionalProperties: { - lang: { - type: 'string', - }, - notes: { - elements: { - additionalProperties: true, - optionalProperties: { - category: { - type: 'string', - }, - title: { - type: 'string', - }, - }, - }, - }, - }, - }, - }, -}) - -const validateSchema = ajv.compile(inputSchema) - -/** - * If the document language is specified but not English, it MUST be tested that exactly one item in document - * notes exists that has the language specific translation of the term Reasoning for Withdrawal as title. - * The category of this item MUST be description. If no language-specific translation has been recorded, - * the test MUST be skipped and output an information to the user that no such translation is known. - * - * @param {unknown} doc - */ -export function recommendedTest_6_2_39_2(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test run and is - finally returned by the function. - */ - /** @type { {warnings: Array<{ message: string; instancePath: string }>; - * infos: Array<{ message: string; instancePath: string }>}} */ - const ctx = { - warnings: [], - infos: [], - } - - const noteCategory = 'description' - - if (!validateSchema(doc) || doc.document.category !== 'csaf_withdrawn') { - return ctx - } - - const withdrawalInDocLang = getTranslationInDocumentLang( - doc, - 'reasoning_for_withdrawal' - ) - if (!withdrawalInDocLang) { - ctx.infos.push({ - instancePath: '/document/notes', - message: - 'no language specific translation for "Reasoning for Withdrawal" has been recorded', - }) - return ctx - } - - if (isLangSpecifiedAndNotEnglish(doc.document.lang)) { - const notes = doc.document.notes - if ( - !notes || - !containsOneNoteWithTitleAndCategory( - notes, - withdrawalInDocLang, - noteCategory - ) - ) { - ctx.warnings.push({ - instancePath: '/document/notes', - message: - `for document category "csaf_withdrawn" exactly one note must exist ` + - `with note category "${noteCategory}" and title "${withdrawalInDocLang}"`, - }) - } - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_39_4.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_39_4.js deleted file mode 100644 index ec94d05..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_39_4.js +++ /dev/null @@ -1,111 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { - existsReferenceWithSummaryAndCategory, - getTranslationInDocumentLang, - isLangSpecifiedAndNotEnglish, -} from '../../lib/shared/languageSpecificTranslation.js' - -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - category: { type: 'string' }, - }, - optionalProperties: { - lang: { - type: 'string', - }, - references: { - elements: { - additionalProperties: true, - optionalProperties: { - category: { - type: 'string', - }, - summary: { - type: 'string', - }, - }, - }, - }, - }, - }, - }, -}) - -const validateSchema = ajv.compile(inputSchema) - -/** - * If the document language is specified but not English, it MUST be tested that at least one item in document - * references exists that starts with the language-specific translation of the term Superseding Document as summary. - * The category of this item MUST be external. If no language-specific translation has been recorded, - * the test MUST be skipped and output an information to the user that no such translation is known. - * - * @param {unknown} doc - */ -export function recommendedTest_6_2_39_4(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test run and is - finally returned by the function. - */ - /** @type { {warnings: Array<{ message: string; instancePath: string }>; - * infos: Array<{ message: string; instancePath: string }>}} */ - const ctx = { - warnings: [], - infos: [], - } - - const referenceCategory = 'external' - const docCategoryCsafSuperseded = `csaf_superseded` - - if ( - !validateSchema(doc) || - doc.document.category !== docCategoryCsafSuperseded - ) { - return ctx - } - - if (isLangSpecifiedAndNotEnglish(doc.document.lang)) { - const supersedingInDocLang = getTranslationInDocumentLang( - doc, - 'superseding_document' - ) - if (!supersedingInDocLang) { - ctx.infos.push({ - instancePath: '/document/references', - message: - 'no language specific translation for "Superseding Document" has been recorded', - }) - return ctx - } - - const references = doc.document.references - if ( - !references || - !existsReferenceWithSummaryAndCategory( - references, - supersedingInDocLang, - referenceCategory - ) - ) { - ctx.warnings.push({ - instancePath: '/document/references', - message: - `for document category "${docCategoryCsafSuperseded}" at least one references must exist ` + - `with reference category "${referenceCategory}" and whose summary begins with ${supersedingInDocLang}`, - }) - } - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_4.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_4.js deleted file mode 100644 index 9c1f731..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_4.js +++ /dev/null @@ -1,8 +0,0 @@ -import { optionalTest_6_2_4 } from '../../optionalTests.js' - -/** - * @param {unknown} doc - */ -export function recommendedTest_6_2_4(doc) { - return optionalTest_6_2_4(doc) -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_40.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_40.js deleted file mode 100644 index 88b2be2..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_40.js +++ /dev/null @@ -1,132 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import translations from '../../lib/language_specific_translation/translations.js' -import bcp47 from 'bcp47' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - optionalProperties: { - lang: { type: 'string' }, - notes: { - elements: { - additionalProperties: true, - optionalProperties: { - category: { type: 'string' }, - title: { type: 'string' }, - group_ids: { elements: { type: 'string' } }, - product_ids: { elements: { type: 'string' } }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * Checks if the document language is English or unspecified - * - * @param {string | undefined} language The language expression to check - * @returns {boolean} True if the language is English or unspecified, false otherwise - */ -export function isLangEnglishOrUnspecified(language) { - return !language || bcp47.parse(language)?.langtag.language.language === 'en' -} - -/** - * Get the language specific translation of the given i18nKey - * @param {string } lang - * @param {string} i18nKey - * @returns {string | undefined} - The language specific translation of the `i18nKey` - * - or undefined if the provided language could not be parsed as a BCP 47 tag - * - or undefined if no translation of the `i18nKey` could be found - */ -export function getTranslationInDocumentLang(lang, i18nKey) { - const language = bcp47.parse(lang)?.langtag.language.language - - /** @type {Record>}*/ - const translationByLang = translations.translation - - if (!language || !translationByLang[language]) { - return undefined - } else { - return translationByLang[language][i18nKey] - } -} - -/** - * Check if the given note item contains at least one of `group_ids` or `product_ids` - * @param {{ group_ids?: string[]; product_ids?: string[]}} note - * @return {boolean} - */ -export function containsNoteGroupIdOrProductId(note) { - return !!(note.group_ids || note.product_ids) -} - -/** - * This implements the recommended test 6.2.40 of the CSAF 2.1 standard. - * - /** - * @param {any} doc - */ -export function recommendedTest_6_2_40(doc) { - /** @type { {warnings: Array<{ message: string; instancePath: string }>; - * infos: Array<{ message: string; instancePath: string }>}} */ - const context = { - warnings: [], - infos: [], - } - - if (!validate(doc)) { - return context - } - const documentLanguage = doc.document.lang - doc.document.notes?.forEach((note, noteIndex) => { - if (note.category === 'description') { - if (isLangEnglishOrUnspecified(documentLanguage)) { - if (note.title?.startsWith('Product Description')) { - if (!containsNoteGroupIdOrProductId(note)) { - context.warnings.push({ - instancePath: `/document/notes/${noteIndex}`, - message: - 'The given note item describes a product. Therefore, it must include one of the elements "group_id" or "product_id"', - }) - } - } - } else { - const translation = getTranslationInDocumentLang( - /** @type {string} */ ( - documentLanguage - ) /* This cast is allowed since the else statement is just called - id documentLanguage is not undefined. Without the cast one must check here too - if documentLanguage is not undefined, which would be a code fragment that is never used*/, - 'product_description' - ) - if (!translation) { - context.infos.push({ - instancePath: `/document/notes/${noteIndex}`, - message: - 'no language specific translation for "product description" has been recorded', - }) - return context - } - if (note.title?.startsWith(translation)) { - if (!containsNoteGroupIdOrProductId(note)) { - context.warnings.push({ - instancePath: `/document/notes/${noteIndex}`, - message: - 'The given note item describes a product. Therefore, it must include one of the elements "group_id" or "product_id"', - }) - } - } - } - } - }) - return context -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_41.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_41.js deleted file mode 100644 index 4278377..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_41.js +++ /dev/null @@ -1,134 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { compareZonedDateTimes } from '../dateHelper.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - tracking: { - additionalProperties: true, - properties: { - revision_history: { - elements: { - additionalProperties: true, - optionalProperties: { - date: { type: 'string' }, - }, - }, - }, - status: { type: 'string' }, - }, - }, - }, - }, - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - metrics: { - elements: { - additionalProperties: true, - optionalProperties: { - content: { - additionalProperties: true, - optionalProperties: { - epss: { - additionalProperties: true, - optionalProperties: { - timestamp: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * This implements the recommended test 6.2.41 of the CSAF 2.1 standard. - * - /** - * @param {any} doc - */ -export function recommendedTest_6_2_41(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const warnings = [] - const context = { warnings } - - if (!validate(doc)) { - return context - } - - const status = doc.document.tracking.status - if (status !== 'final' && status !== 'interim') { - return context - } - - const newestRevisionHistoryItem = doc.document.tracking.revision_history - .filter((item) => item.date != null) - .sort((a, z) => - compareZonedDateTimes( - /** @type {string} */ (z.date), - /** @type {string} */ (a.date) - ) - )[0] - - if (!newestRevisionHistoryItem || !newestRevisionHistoryItem.date) { - return context - } - - doc.vulnerabilities?.forEach((vulnerability, vulnerabilityIndex) => { - /** @type {Array<{ content?: {epss?: {timestamp?: string}}}>} */ - const metrics = vulnerability.metrics || [] - const newestEpss = metrics - .map((metric) => metric.content?.epss) - .filter( - /** - * @returns {epss is { timestamp: string }} - */ - (epss) => epss?.timestamp != null - ) - .sort((a, z) => { - return compareZonedDateTimes(z.timestamp, a.timestamp) - })[0] - - if ( - !newestEpss || - !newestEpss.timestamp || - !newestRevisionHistoryItem || - !newestRevisionHistoryItem.date - ) { - return context - } - - const revisionDateObj = new Date(newestRevisionHistoryItem.date) - const epssDateObj = new Date(newestEpss.timestamp) - - // difference in milliseconds - const diffInMs = revisionDateObj.getTime() - epssDateObj.getTime() - // 15 days in milliseconds - const fifteenDaysMs = 15 * 24 * 60 * 60 * 1000 - - if (diffInMs > fifteenDaysMs) { - context.warnings.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/content/epss/timestamp`, - message: - `the status is ${status}, but the EPSS "timestamp:" ${newestEpss.timestamp} is more than 15 days ` + - `older than the newest "revision history date:" ${newestRevisionHistoryItem.date}`, - }) - } - }) - - return context -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_43.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_43.js deleted file mode 100644 index dac3f67..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_43.js +++ /dev/null @@ -1,49 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -const ajv = new Ajv() - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match, it normally means that the input - document does not validate against the csaf JSON schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - license_expression: { - type: 'string', - }, - }, - }, - }, -}) - -const validateSchema = ajv.compile(inputSchema) - -/** - * It MUST be tested that the license expression is present and set - * - * @param {unknown} doc - */ -export function recommendedTest_6_2_43(doc) { - /* - The `ctx` variable holds the state that is accumulated during the test run and is - finally returned by the function. - */ - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - if (!validateSchema(doc)) { - ctx.warnings.push({ - message: 'License expression is not set', - instancePath: '/document/license_expression', - }) - } - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_47.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_47.js deleted file mode 100644 index ea7291a..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_47.js +++ /dev/null @@ -1,163 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { isCanonicalUrl } from '../../lib/shared/urlHelper.js' - -/** @typedef {import('ajv/dist/jtd.js').JTDDataType} InputSchema */ - -/** @typedef {InputSchema['vulnerabilities'][number]} Vulnerability */ - -/** @typedef {NonNullable[number]} Metric */ - -/** @typedef {NonNullable} MetricContent */ - -/** @typedef {{url?: string, category?: string}} Reference */ - -const jtdAjv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - optionalProperties: { - references: { - elements: { - additionalProperties: true, - optionalProperties: { - category: { type: 'string' }, - url: { type: 'string' }, - }, - }, - }, - - tracking: { - additionalProperties: true, - optionalProperties: { - id: { type: 'string' }, - }, - }, - }, - }, - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - metrics: { - elements: { - additionalProperties: true, - optionalProperties: { - source: { - type: 'string', - }, - content: { - additionalProperties: true, - optionalProperties: { - qualitative_severity_rating: { - type: 'string', - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validateInput = jtdAjv.compile(inputSchema) - -/** - * Get the canonical url from the document - * @return {string} canonical url or empty when no canonical url exists - * @param {Array<{url?: string, category?: string}>|undefined} references - * @param {string|undefined} trackingId - */ -function getCanonicalUrl(references, trackingId) { - if (references && trackingId) { - // Find the reference that matches our criteria - /** @type {Reference| undefined} */ - const canonicalUrlReference = references.find((reference) => - isCanonicalUrl(reference, trackingId) - ) - - // When we find a matching reference, we know it has the url property - // because isCanonicalUrl ensures it matches the Reference schema - return canonicalUrlReference?.url ?? '' - } else { - return '' - } -} - -/** - * check whether metric has a qualitative_severity_rating - * and no `source` or `source` that is equal to the canonical URL. - * @param {Metric} metric - * @param {string} canonicalURL - * @return {string | null} - */ -function checkSeverityRatingAndNoSource(metric, canonicalURL) { - if (metric?.content?.qualitative_severity_rating) { - if (!metric.source) { - return 'as no "source" is given' - } else if (metric.source === canonicalURL) { - return 'as the "source" property equals to the canonical URL' - } else { - return null - } - } else { - return null - } -} - -/** - * For each item in `metrics` provided by the issuing party it MUST be tested - * that it does not use the qualitative severity rating. - * This covers all items in `metrics` that do not have a `source` property and those where the `source` is equal to - * the canonical URL. - * -/** - * @param {any} doc - */ -export function recommendedTest_6_2_47(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - if (!validateInput(doc)) { - return ctx - } - - /** @type {Array} */ - const vulnerabilities = doc.vulnerabilities - const canonicalURL = getCanonicalUrl( - doc.document?.references, - doc.document?.tracking?.id - ) - - vulnerabilities.forEach((vulnerabilityItem, vulnerabilityIndex) => { - /** @type {Array | undefined} */ - const metrics = vulnerabilityItem.metrics - /** @type {Array<{path: string, message: string}> | undefined} */ - const invalidPaths = metrics - ?.map((metric, metricIndex) => { - const message = checkSeverityRatingAndNoSource(metric, canonicalURL) - return message != null - ? { - path: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/qualitative_severity_rating`, - message: message, - } - : null - }) - .filter((path) => path !== null) - - invalidPaths?.forEach((path) => { - ctx.warnings.push({ - message: `a qualitative severity rating is used by the issuing party (${path.message})`, - instancePath: path.path, - }) - }) - }) - - return ctx -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_48.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_48.js deleted file mode 100644 index 40b7164..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_48.js +++ /dev/null @@ -1,108 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - category: { type: 'string' }, - name: { type: 'string' }, - branches: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, -}) - -/* - This is the jtd schema that needs to match the input document so that the - test is activated. If this schema doesn't match it normally means that the input - document does not validate against the csaf json schema or optional fields that - the test checks are not present. - */ -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - branches: { - elements: branchSchema, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) -const validateBranch = ajv.compile(branchSchema) - -/** - * @typedef {import('ajv/dist/core.js').JTDDataType} Branch - */ - -/** - * This implements the recommended test 6.2.48 of the CSAF 2.1 standard. - * - * @param {any} doc - */ -export function recommendedTest_6_2_48(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - const branches = doc.product_tree?.branches ?? [] - branches.forEach((branch, index) => { - checkBranch(branch, `/product_tree/branches/${index}`, ctx.warnings) - }) - - return ctx -} - -/** - * Recursively checks a branch and its nested branches. - * - * @param {Branch} branch - * @param {string} basePath - * @param {Array<{ instancePath: string; message: string }>} warnings - */ -function checkBranch(branch, basePath, warnings) { - if (!validateBranch(branch)) return - if (branch.category === 'vendor') { - if ( - branch.name !== undefined && - normalizeBranchName(branch.name) === 'opensource' - ) { - warnings.push({ - instancePath: `${basePath}/name`, - message: - 'Branch with category "vendor" should not have the name "Open Source"', - }) - } - } - - if (Array.isArray(branch.branches)) { - branch.branches.forEach( - (/** @type {Branch} */ childBranch, /** @type {number} */ index) => { - checkBranch(childBranch, `${basePath}/branches/${index}`, warnings) - } - ) - } -} - -/** - * Normalizes a string to be case and white space insensitive. - * - * @param {string} str - * @returns {string} - */ -function normalizeBranchName(str) { - return str.replaceAll(/\s+/g, '').toLowerCase() -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_5.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_5.js deleted file mode 100644 index 4e6899d..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_5.js +++ /dev/null @@ -1,8 +0,0 @@ -import { optionalTest_6_2_5 } from '../../optionalTests.js' - -/** - * @param {unknown} doc - */ -export function recommendedTest_6_2_5(doc) { - return optionalTest_6_2_5(doc) -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_6.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_6.js deleted file mode 100644 index c8f3535..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_6.js +++ /dev/null @@ -1,8 +0,0 @@ -import { optionalTest_6_2_6 } from '../../optionalTests.js' - -/** - * @param {unknown} doc - */ -export function recommendedTest_6_2_6(doc) { - return optionalTest_6_2_6(doc) -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_7.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_7.js deleted file mode 100644 index d23bbb9..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_7.js +++ /dev/null @@ -1,8 +0,0 @@ -import { optionalTest_6_2_7 } from '../../optionalTests.js' - -/** - * @param {unknown} doc - */ -export function recommendedTest_6_2_7(doc) { - return optionalTest_6_2_7(doc) -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_8.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_8.js deleted file mode 100644 index 4e2c3da..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_8.js +++ /dev/null @@ -1,9 +0,0 @@ -import checkForUnsafeHashAlgorithms from './shared/checkForUnsafeHashAlgorithms.js' - -/** - * This implements the recommended test 6.2.8 of the CSAF 2.1 standard. - * @param {unknown} doc - */ -export function recommendedTest_6_2_8(doc) { - return checkForUnsafeHashAlgorithms(doc, 'md5') -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_9.js b/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_9.js deleted file mode 100644 index 060b576..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/recommendedTest_6_2_9.js +++ /dev/null @@ -1,9 +0,0 @@ -import checkForUnsafeHashAlgorithms from './shared/checkForUnsafeHashAlgorithms.js' - -/** - * This implements the recommended test 6.2.9 of the CSAF 2.1 standard. - * @param {any} doc - */ -export function recommendedTest_6_2_9(doc) { - return checkForUnsafeHashAlgorithms(doc, 'sha1') -} diff --git a/csaf-validator-lib/csaf_2_1/recommendedTests/shared/checkForUnsafeHashAlgorithms.js b/csaf-validator-lib/csaf_2_1/recommendedTests/shared/checkForUnsafeHashAlgorithms.js deleted file mode 100644 index 5d48495..0000000 --- a/csaf-validator-lib/csaf_2_1/recommendedTests/shared/checkForUnsafeHashAlgorithms.js +++ /dev/null @@ -1,58 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { walkHashes } from '../../shared/csafHelpers/walkHashes.js' - -const ajv = new Ajv() - -const hashSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - file_hashes: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, -}) - -const validateHash = ajv.compile(hashSchema) - -/** - * @param {unknown} doc - * @param {string} hashName - */ -export default function checkForUnsafeHashAlgorithms(doc, hashName) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - walkHashes(doc, ({ path, hash }) => { - if (!validateHash(hash)) return - const hashSet = getHashAlgorithmSet(hash) - if (hashSet.has(hashName) && hashSet.size === 1) { - ctx.warnings.push({ - instancePath: path, - message: `use of ${hashName} as the only hash algorithm`, - }) - } - }) - - return ctx -} - -/** - * - * @param {{ file_hashes: Array<{ algorithm?: unknown }> }} hash - * @returns - */ -function getHashAlgorithmSet(hash) { - return new Set( - hash.file_hashes - .map((h) => h.algorithm) - .filter( - /** @returns {v is string} */ - (v) => typeof v === 'string' - ) - ) -} diff --git a/csaf-validator-lib/csaf_2_1/schemaTests.js b/csaf-validator-lib/csaf_2_1/schemaTests.js deleted file mode 100644 index bee1951..0000000 --- a/csaf-validator-lib/csaf_2_1/schemaTests.js +++ /dev/null @@ -1,2 +0,0 @@ -export { default as csaf_2_1_strict } from './schemaTests/csaf_2_1_strict.js' -export { default as csaf_2_1 } from './schemaTests/csaf_2_1.js' diff --git a/csaf-validator-lib/csaf_2_1/schemaTests/csaf_2_1.js b/csaf-validator-lib/csaf_2_1/schemaTests/csaf_2_1.js deleted file mode 100644 index 6aad9cd..0000000 --- a/csaf-validator-lib/csaf_2_1/schemaTests/csaf_2_1.js +++ /dev/null @@ -1,26 +0,0 @@ -import csafAjv from '../csafAjv.js' -import schema from './csaf_2_1/schema.js' - -const validate = csafAjv.compile(schema) - -/** - * @param {any} doc - */ -export default function csaf_2_1(doc) { - let isValid = validate(doc) - /** - * - * @type {Array<{ - * message?: string - * instancePath: string - * }>} - */ - const errors = validate.errors ?? [] - return { - isValid, - errors: errors.map((e) => ({ - ...e, - message: e.message ?? 'unexpected empty error message', - })), - } -} diff --git a/csaf-validator-lib/csaf_2_1/schemaTests/csaf_2_1/schema.js b/csaf-validator-lib/csaf_2_1/schemaTests/csaf_2_1/schema.js deleted file mode 100644 index a4dd90b..0000000 --- a/csaf-validator-lib/csaf_2_1/schemaTests/csaf_2_1/schema.js +++ /dev/null @@ -1,1644 +0,0 @@ -export default { - $schema: 'https://docs.oasis-open.org/csaf/csaf/v2.1/schema/meta.json', - $id: 'https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json', - title: 'Common Security Advisory Framework', - description: - 'Representation of security advisory information as a JSON document.', - type: 'object', - $defs: { - acknowledgments_t: { - title: 'List of acknowledgments', - description: 'Contains a list of acknowledgment elements.', - type: 'array', - minItems: 1, - items: { - title: 'Acknowledgment', - description: - 'Acknowledges contributions by describing those that contributed.', - type: 'object', - minProperties: 1, - properties: { - names: { - title: 'List of acknowledged names', - description: 'Contains the names of contributors being recognized.', - type: 'array', - minItems: 1, - items: { - title: 'Name of the contributor', - description: - 'Contains the name of a single contributor being recognized.', - type: 'string', - minLength: 1, - examples: ['Albert Einstein', 'Johann Sebastian Bach'], - }, - }, - organization: { - title: 'Contributing organization', - description: - 'Contains the name of a contributing organization being recognized.', - type: 'string', - minLength: 1, - examples: ['CISA', 'Google Project Zero', 'Talos'], - }, - summary: { - title: 'Summary of the acknowledgment', - description: - 'SHOULD represent any contextual details the document producers wish to make known about the acknowledgment or acknowledged parties.', - type: 'string', - minLength: 1, - examples: [ - 'First analysis of Coordinated Multi-Stream Attack (CMSA)', - ], - }, - urls: { - title: 'List of URLs', - description: - 'Specifies a list of URLs or location of the reference to be acknowledged.', - type: 'array', - minItems: 1, - items: { - title: 'URL of acknowledgment', - description: - 'Contains the URL or location of the reference to be acknowledged.', - type: 'string', - format: 'uri', - }, - }, - }, - additionalProperties: false, - }, - }, - branches_t: { - title: 'List of branches', - description: - 'Contains branch elements as children of the current element.', - type: 'array', - minItems: 1, - items: { - title: 'Branch', - description: - 'Is a part of the hierarchical structure of the product tree.', - type: 'object', - maxProperties: 3, - minProperties: 3, - required: ['category', 'name'], - properties: { - branches: { - $ref: '#/$defs/branches_t', - }, - category: { - title: 'Category of the branch', - description: 'Describes the characteristics of the labeled branch.', - type: 'string', - enum: [ - 'architecture', - 'host_name', - 'language', - 'legacy', - 'patch_level', - 'platform', - 'product_family', - 'product_name', - 'product_version', - 'product_version_range', - 'service_pack', - 'specification', - 'vendor', - ], - }, - name: { - title: 'Name of the branch', - description: - "Contains the canonical descriptor or 'friendly name' of the branch.", - type: 'string', - minLength: 1, - examples: [ - '10', - '365', - 'Microsoft', - 'Office', - 'PCS 7', - 'SIMATIC', - 'Siemens', - 'Windows', - ], - }, - product: { - $ref: '#/$defs/full_product_name_t', - }, - }, - additionalProperties: false, - }, - }, - full_product_name_t: { - title: 'Full product name', - description: - 'Specifies information about the product and assigns the product_id.', - type: 'object', - required: ['name', 'product_id'], - properties: { - name: { - title: 'Textual description of the product', - description: - 'The value should be the product’s full canonical name, including version number and other attributes, as it would be used in a human-friendly document.', - type: 'string', - minLength: 1, - examples: [ - 'Cisco AnyConnect Secure Mobility Client 2.3.185', - 'Microsoft Host Integration Server 2006 Service Pack 1', - ], - }, - product_id: { - $ref: '#/$defs/product_id_t', - }, - product_identification_helper: { - title: 'Helper to identify the product', - description: - 'Provides at least one method which aids in identifying the product in an asset database.', - type: 'object', - minProperties: 1, - properties: { - cpe: { - title: 'Common Platform Enumeration representation', - description: - 'The Common Platform Enumeration (CPE) attribute refers to a method for naming platforms external to this specification.', - type: 'string', - pattern: - '^((cpe:2\\.3:[aho\\*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!"#\\$%&\'\\(\\)\\+,\\/:;<=>@\\[\\]\\^`\\{\\|\\}~]))+(\\?*|\\*?))|[\\*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\\*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!"#\\$%&\'\\(\\)\\+,\\/:;<=>@\\[\\]\\^`\\{\\|\\}~]))+(\\?*|\\*?))|[\\*\\-])){4})|([c][pP][eE]:\\/[AHOaho]?(:[A-Za-z0-9\\._\\-~%]*){0,6}))$', - minLength: 5, - }, - hashes: { - title: 'List of hashes', - description: - 'Contains a list of cryptographic hashes usable to identify files.', - type: 'array', - minItems: 1, - items: { - title: 'Cryptographic hashes', - description: - 'Contains all information to identify a file based on its cryptographic hash values.', - type: 'object', - required: ['file_hashes', 'filename'], - properties: { - file_hashes: { - title: 'List of file hashes', - description: - 'Contains a list of cryptographic hashes for this file.', - type: 'array', - minItems: 1, - items: { - title: 'File hash', - description: - 'Contains one hash value and algorithm of the file to be identified.', - type: 'object', - required: ['algorithm', 'value'], - properties: { - algorithm: { - title: 'Algorithm of the cryptographic hash', - description: - 'Contains the name of the cryptographic hash algorithm used to calculate the value.', - type: 'string', - default: 'sha256', - minLength: 1, - examples: [ - 'blake2b512', - 'sha256', - 'sha3-512', - 'sha384', - 'sha512', - ], - }, - value: { - title: 'Value of the cryptographic hash', - description: - 'Contains the cryptographic hash value in hexadecimal representation.', - type: 'string', - pattern: '^[0-9a-fA-F]{32,}$', - minLength: 32, - examples: [ - '37df33cb7464da5c7f077f4d56a32bc84987ec1d85b234537c1c1a4d4fc8d09dc29e2e762cb5203677bf849a2855a0283710f1f5fe1d6ce8d5ac85c645d0fcb3', - '4775203615d9534a8bfca96a93dc8b461a489f69124a130d786b42204f3341cc', - '9ea4c8200113d49d26505da0e02e2f49055dc078d1ad7a419b32e291c7afebbb84badfbd46dec42883bea0b2a1fa697c', - ], - }, - }, - additionalProperties: false, - }, - }, - filename: { - title: 'Filename', - description: - 'Contains the name of the file which is identified by the hash values.', - type: 'string', - minLength: 1, - examples: ['WINWORD.EXE', 'msotadddin.dll', 'sudoers.so'], - }, - }, - additionalProperties: false, - }, - }, - model_numbers: { - title: 'List of models', - description: 'Contains a list of model numbers.', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - title: 'Model number', - description: - 'Contains a model number of the component to identify - possibly with placeholders.', - type: 'string', - minLength: 1, - }, - }, - purls: { - title: 'List of package URLs', - description: 'Contains a list of package URLs (purl).', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - title: 'package URL representation', - description: - 'The package URL (purl) attribute refers to a method for reliably identifying and locating software packages external to this specification.', - type: 'string', - format: 'uri', - pattern: '^pkg:[A-Za-z\\.\\-\\+][A-Za-z0-9\\.\\-\\+]*\\/.+', - minLength: 7, - }, - }, - sbom_urls: { - title: 'List of SBOM URLs', - description: - 'Contains a list of URLs where SBOMs for this product can be retrieved.', - type: 'array', - minItems: 1, - items: { - title: 'SBOM URL', - description: 'Contains a URL of one SBOM for this product.', - type: 'string', - format: 'uri', - }, - }, - serial_numbers: { - title: 'List of serial numbers', - description: 'Contains a list of serial numbers.', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - title: 'Serial number', - description: - 'Contains a serial number of the component to identify - possibly with placeholders.', - type: 'string', - minLength: 1, - }, - }, - skus: { - title: 'List of stock keeping units', - description: - 'Contains a list of full or abbreviated (partial) stock keeping units.', - type: 'array', - minItems: 1, - items: { - title: 'Stock keeping unit', - description: - 'Contains a full or abbreviated (partial) stock keeping unit (SKU) which is used in the ordering process to identify the component.', - type: 'string', - minLength: 1, - }, - }, - x_generic_uris: { - title: 'List of generic URIs', - description: - 'Contains a list of identifiers which are either vendor-specific or derived from a standard not yet supported.', - type: 'array', - minItems: 1, - items: { - title: 'Generic URI', - description: - 'Provides a generic extension point for any identifier which is either vendor-specific or derived from a standard not yet supported.', - type: 'object', - required: ['namespace', 'uri'], - properties: { - namespace: { - title: 'Namespace of the generic URI', - description: - 'Refers to a URL which provides the name and knowledge about the specification used or is the namespace in which these values are valid.', - type: 'string', - format: 'uri', - }, - uri: { - title: 'URI', - description: 'Contains the identifier itself.', - type: 'string', - format: 'uri', - }, - }, - additionalProperties: false, - }, - }, - }, - additionalProperties: false, - }, - }, - additionalProperties: false, - }, - lang_t: { - title: 'Language type', - description: - 'Identifies a language, corresponding to IETF BCP 47 / RFC 5646. See IETF language registry: https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry', - type: 'string', - pattern: - '^(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])$', - examples: ['de', 'en', 'fr', 'frc', 'jp'], - }, - notes_t: { - title: 'List of notes', - description: 'Contains notes which are specific to the current context.', - type: 'array', - minItems: 1, - items: { - title: 'Note', - description: - 'Is a place to put all manner of text blobs related to the current context.', - type: 'object', - required: ['category', 'text'], - properties: { - audience: { - title: 'Audience of note', - description: 'Indicates who is intended to read it.', - type: 'string', - minLength: 1, - examples: [ - 'all', - 'executives', - 'operational management and system administrators', - 'safety engineers', - ], - }, - category: { - title: 'Note category', - description: - 'Contains the information of what kind of note this is.', - type: 'string', - enum: [ - 'description', - 'details', - 'faq', - 'general', - 'legal_disclaimer', - 'other', - 'summary', - ], - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - text: { - title: 'Note content', - description: - 'Holds the content of the note. Content varies depending on type.', - type: 'string', - minLength: 1, - }, - title: { - title: 'Title of note', - description: - 'Provides a concise description of what is contained in the text of the note.', - type: 'string', - minLength: 1, - examples: [ - 'Details', - 'Executive summary', - 'Technical summary', - 'Impact on safety systems', - ], - }, - }, - additionalProperties: false, - }, - }, - product_group_id_t: { - title: 'Reference token for product group instance', - description: - 'Token required to identify a group of products so that it can be referred to from other parts in the document. There is no predefined or required format for the product_group_id as long as it uniquely identifies a group in the context of the current document.', - type: 'string', - minLength: 1, - examples: ['CSAFGID-0001', 'CSAFGID-0002', 'CSAFGID-0020'], - }, - product_groups_t: { - title: 'List of product_group_ids', - description: - 'Specifies a list of product_group_ids to give context to the parent item.', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - $ref: '#/$defs/product_group_id_t', - }, - }, - product_id_t: { - title: 'Reference token for product instance', - description: - 'Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document.', - type: 'string', - minLength: 1, - examples: ['CSAFPID-0004', 'CSAFPID-0008'], - }, - products_t: { - title: 'List of product_ids', - description: - 'Specifies a list of product_ids to give context to the parent item.', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - $ref: '#/$defs/product_id_t', - }, - }, - references_t: { - title: 'List of references', - description: 'Holds a list of references.', - type: 'array', - minItems: 1, - items: { - title: 'Reference', - description: - 'Holds any reference to conferences, papers, advisories, and other resources that are related and considered related to either a surrounding part of or the entire document and to be of value to the document consumer.', - type: 'object', - required: ['summary', 'url'], - properties: { - category: { - title: 'Category of reference', - description: - 'Indicates whether the reference points to the same document or vulnerability in focus (depending on scope) or to an external resource.', - type: 'string', - default: 'external', - enum: ['external', 'self'], - }, - summary: { - title: 'Summary of the reference', - description: 'Indicates what this reference refers to.', - type: 'string', - minLength: 1, - }, - url: { - title: 'URL of reference', - description: 'Provides the URL for the reference.', - type: 'string', - format: 'uri', - }, - }, - additionalProperties: false, - }, - }, - version_t: { - title: 'Version', - description: - 'Specifies a version string to denote clearly the evolution of the content of the document. Format must be either integer or semantic versioning.', - type: 'string', - pattern: - '^(0|[1-9][0-9]*)$|^((0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?)$', - examples: ['1', '4', '0.9.0', '1.4.3', '2.40.0+21AF26D3'], - }, - }, - required: ['$schema', 'document'], - properties: { - $schema: { - title: 'JSON schema', - description: - 'Contains the URL of the CSAF JSON schema which the document promises to be valid for.', - type: 'string', - enum: ['https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json'], - format: 'uri', - }, - document: { - title: 'Document level meta-data', - description: - 'Captures the meta-data about this document describing a particular set of security advisories.', - type: 'object', - required: [ - 'category', - 'csaf_version', - 'distribution', - 'publisher', - 'title', - 'tracking', - ], - properties: { - acknowledgments: { - title: 'Document acknowledgments', - description: - 'Contains a list of acknowledgment elements associated with the whole document.', - $ref: '#/$defs/acknowledgments_t', - }, - aggregate_severity: { - title: 'Aggregate severity', - description: - "Is a vehicle that is provided by the document producer to convey the urgency and criticality with which the one or more vulnerabilities reported should be addressed. It is a document-level metric and applied to the document as a whole — not any specific vulnerability. The range of values in this field is defined according to the document producer's policies and procedures.", - type: 'object', - required: ['text'], - properties: { - namespace: { - title: 'Namespace of aggregate severity', - description: 'Points to the namespace so referenced.', - type: 'string', - format: 'uri', - }, - text: { - title: 'Text of aggregate severity', - description: - 'Provides a severity which is independent of - and in addition to - any other standard metric for determining the impact or severity of a given vulnerability (such as CVSS).', - type: 'string', - minLength: 1, - examples: ['Critical', 'Important', 'Moderate'], - }, - }, - additionalProperties: false, - }, - category: { - title: 'Document category', - description: - 'Defines a short canonical name, chosen by the document producer, which will inform the end user as to the category of document.', - type: 'string', - pattern: '^[^\\s\\-_\\.](.*[^\\s\\-_\\.])?$', - minLength: 1, - examples: [ - 'csaf_base', - 'csaf_security_advisory', - 'csaf_vex', - 'Example Company Security Notice', - ], - }, - csaf_version: { - title: 'CSAF version', - description: - 'Gives the version of the CSAF specification which the document was generated for.', - type: 'string', - enum: ['2.1'], - }, - distribution: { - title: 'Rules for document sharing', - description: - 'Describe any constraints on how this document might be shared.', - type: 'object', - required: ['tlp'], - properties: { - sharing_group: { - title: 'Sharing Group', - description: - 'Contains information about the group this document is intended to be shared with.', - type: 'object', - required: ['id'], - properties: { - id: { - title: 'Sharing Group ID', - description: 'Provides the unique ID for the sharing group.', - type: 'string', - format: 'uuid', - pattern: - '^(([0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[0-9a-f]{4}-[0-9a-f]{12})|([0]{8}-([0]{4}-){3}[0]{12})|([f]{8}-([f]{4}-){3}[f]{12}))$', - }, - name: { - title: 'Sharing Group Name', - description: - 'Contains a human-readable name for the sharing group.', - type: 'string', - minLength: 1, - examples: [ - 'Customer A', - 'ISAC members', - 'NIS2 regulated important entities in Germany, sector water', - 'Pre-Sharing group for advisory discussion', - 'Users of Product A', - 'US Federal Civilian Authorities', - ], - }, - }, - additionalProperties: false, - }, - text: { - title: 'Textual description', - description: - 'Provides a textual description of additional constraints.', - type: 'string', - minLength: 1, - examples: [ - 'Copyright 2021, Example Company, All Rights Reserved.', - 'Distribute freely.', - 'Share only on a need-to-know-basis only.', - ], - }, - tlp: { - title: 'Traffic Light Protocol (TLP)', - description: - 'Provides details about the TLP classification of the document.', - type: 'object', - required: ['label'], - properties: { - label: { - title: 'Label of TLP', - description: 'Provides the TLP label of the document.', - type: 'string', - default: 'CLEAR', - enum: ['AMBER', 'AMBER+STRICT', 'CLEAR', 'GREEN', 'RED'], - }, - url: { - title: 'URL of TLP version', - description: - 'Provides a URL where to find the textual description of the TLP version which is used in this document. Default is the URL to the definition by FIRST.', - type: 'string', - default: 'https://www.first.org/tlp/', - format: 'uri', - examples: [ - 'https://www.us-cert.gov/tlp', - 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Kritis/Merkblatt_TLP.pdf', - ], - }, - }, - additionalProperties: false, - }, - }, - additionalProperties: false, - }, - lang: { - title: 'Document language', - description: - 'Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.', - $ref: '#/$defs/lang_t', - }, - license_expression: { - title: 'License expression', - description: - 'Contains the SPDX license expression for the CSAF document.', - type: 'string', - minLength: 1, - examples: [ - 'CC-BY-4.0', - 'LicenseRef-www.example.org-Example-CSAF-License-3.0+', - 'LicenseRef-scancode-public-domain', - 'MIT OR any-OSI', - ], - }, - notes: { - title: 'Document notes', - description: 'Holds notes associated with the whole document.', - $ref: '#/$defs/notes_t', - }, - publisher: { - title: 'Publisher', - description: - 'Provides information about the publisher of the document.', - type: 'object', - required: ['category', 'name', 'namespace'], - properties: { - category: { - title: 'Category of publisher', - description: - 'Provides information about the category of publisher releasing the document.', - type: 'string', - enum: [ - 'coordinator', - 'discoverer', - 'multiplier', - 'other', - 'translator', - 'user', - 'vendor', - ], - }, - contact_details: { - title: 'Contact details', - description: - 'Information on how to contact the publisher, possibly including details such as web sites, email addresses, phone numbers, and postal mail addresses.', - type: 'string', - minLength: 1, - examples: [ - 'Example Company can be reached at contact_us@example.com, or via our website at https://www.example.com/contact.', - ], - }, - issuing_authority: { - title: 'Issuing authority', - description: - "Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.", - type: 'string', - minLength: 1, - }, - name: { - title: 'Name of publisher', - description: 'Contains the name of the issuing party.', - type: 'string', - minLength: 1, - examples: ['BSI', 'Cisco PSIRT', 'Siemens ProductCERT'], - }, - namespace: { - title: 'Namespace of publisher', - description: - 'Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party.', - type: 'string', - format: 'uri', - examples: ['https://csaf.io', 'https://www.example.com'], - }, - }, - additionalProperties: false, - }, - references: { - title: 'Document references', - description: - 'Holds a list of references associated with the whole document.', - $ref: '#/$defs/references_t', - }, - source_lang: { - title: 'Source language', - description: - 'If this copy of the document is a translation then the value of this property describes from which language this document was translated.', - $ref: '#/$defs/lang_t', - }, - title: { - title: 'Title of this document', - description: - 'This SHOULD be a canonical name for the document, and sufficiently unique to distinguish it from similar documents.', - type: 'string', - minLength: 1, - examples: [ - 'Cisco IPv6 Crafted Packet Denial of Service Vulnerability', - 'Example Company Cross-Site-Scripting Vulnerability in Example Generator', - ], - }, - tracking: { - title: 'Tracking', - description: - 'Is a container designated to hold all management attributes necessary to track a CSAF document as a whole.', - type: 'object', - required: [ - 'current_release_date', - 'id', - 'initial_release_date', - 'revision_history', - 'status', - 'version', - ], - properties: { - aliases: { - title: 'Aliases', - description: - 'Contains a list of alternate names for the same document.', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - title: 'Alternate name', - description: - 'Specifies a non-empty string that represents a distinct optional alternative ID used to refer to the document.', - type: 'string', - minLength: 1, - examples: ['CVE-2019-12345'], - }, - }, - current_release_date: { - title: 'Current release date', - description: - 'The date when the current revision of this document was released', - type: 'string', - format: 'date-time', - }, - generator: { - title: 'Document generator', - description: - 'Is a container to hold all elements related to the generation of the document. These items will reference when the document was actually created, including the date it was generated and the entity that generated it.', - type: 'object', - required: ['engine'], - properties: { - date: { - title: 'Date of document generation', - description: - 'This SHOULD be the current date that the document was generated. Because documents are often generated internally by a document producer and exist for a nonzero amount of time before being released, this field MAY be different from the Initial Release Date and Current Release Date.', - type: 'string', - format: 'date-time', - }, - engine: { - title: 'Engine of document generation', - description: - 'Contains information about the engine that generated the CSAF document.', - type: 'object', - required: ['name'], - properties: { - name: { - title: 'Engine name', - description: - 'Represents the name of the engine that generated the CSAF document.', - type: 'string', - minLength: 1, - examples: ['Red Hat rhsa-to-cvrf', 'Secvisogram', 'TVCE'], - }, - version: { - title: 'Engine version', - description: - 'Contains the version of the engine that generated the CSAF document.', - type: 'string', - minLength: 1, - examples: ['0.6.0', '1.0.0-beta+exp.sha.a1c44f85', '2'], - }, - }, - additionalProperties: false, - }, - }, - additionalProperties: false, - }, - id: { - title: 'Unique identifier for the document', - description: - 'The ID is a simple label that provides for a wide range of numbering values, types, and schemes. Its value SHOULD be assigned and maintained by the original document issuing authority.', - type: 'string', - pattern: '^[\\S](.*[\\S])?$', - minLength: 1, - examples: [ - 'Example Company - 2019-YH3234', - 'RHBA-2019:0024', - 'cisco-sa-20190513-secureboot', - ], - }, - initial_release_date: { - title: 'Initial release date', - description: - 'The date when this document was first released to the specified target group.', - type: 'string', - format: 'date-time', - }, - revision_history: { - title: 'Revision history', - description: - 'Holds one revision item for each version of the CSAF document, including the initial one.', - type: 'array', - minItems: 1, - items: { - title: 'Revision', - description: - 'Contains all the information elements required to track the evolution of a CSAF document.', - type: 'object', - required: ['date', 'number', 'summary'], - properties: { - date: { - title: 'Date of the revision', - description: 'The date of the revision entry', - type: 'string', - format: 'date-time', - }, - legacy_version: { - title: 'Legacy version of the revision', - description: - 'Contains the version string used in an existing document with the same content.', - type: 'string', - minLength: 1, - }, - number: { - $ref: '#/$defs/version_t', - }, - summary: { - title: 'Summary of the revision', - description: - 'Holds a single non-empty string representing a short description of the changes.', - type: 'string', - minLength: 1, - examples: ['Initial version.'], - }, - }, - additionalProperties: false, - }, - }, - status: { - title: 'Document status', - description: 'Defines the draft status of the document.', - type: 'string', - enum: ['draft', 'final', 'interim'], - }, - version: { - $ref: '#/$defs/version_t', - }, - }, - additionalProperties: false, - }, - }, - additionalProperties: false, - }, - product_tree: { - title: 'Product tree', - description: - 'Is a container for all fully qualified product names that can be referenced elsewhere in the document.', - type: 'object', - minProperties: 1, - properties: { - branches: { - $ref: '#/$defs/branches_t', - }, - full_product_names: { - title: 'List of full product names', - description: 'Contains a list of full product names.', - type: 'array', - minItems: 1, - items: { - $ref: '#/$defs/full_product_name_t', - }, - }, - product_groups: { - title: 'List of product groups', - description: 'Contains a list of product groups.', - type: 'array', - minItems: 1, - items: { - title: 'Product group', - description: - 'Defines a new logical group of products that can then be referred to in other parts of the document to address a group of products with a single identifier.', - type: 'object', - required: ['group_id', 'product_ids'], - properties: { - group_id: { - $ref: '#/$defs/product_group_id_t', - }, - product_ids: { - title: 'List of Product IDs', - description: - 'Lists the product_ids of those products which known as one group in the document.', - type: 'array', - minItems: 2, - uniqueItems: true, - items: { - $ref: '#/$defs/product_id_t', - }, - }, - summary: { - title: 'Summary of the product group', - description: - 'Gives a short, optional description of the group.', - type: 'string', - minLength: 1, - examples: [ - 'Products supporting Modbus.', - 'The x64 versions of the operating system.', - ], - }, - }, - additionalProperties: false, - }, - }, - relationships: { - title: 'List of relationships', - description: 'Contains a list of relationships.', - type: 'array', - minItems: 1, - items: { - title: 'Relationship', - description: - 'Establishes a link between two existing full_product_name_t elements, allowing the document producer to define a combination of two products that form a new full_product_name entry.', - type: 'object', - required: [ - 'category', - 'full_product_name', - 'product_reference', - 'relates_to_product_reference', - ], - properties: { - category: { - title: 'Relationship category', - description: - 'Defines the category of relationship for the referenced component.', - type: 'string', - enum: [ - 'default_component_of', - 'external_component_of', - 'installed_on', - 'installed_with', - 'optional_component_of', - ], - }, - full_product_name: { - $ref: '#/$defs/full_product_name_t', - }, - product_reference: { - title: 'Product reference', - description: - 'Holds a Product ID that refers to the Full Product Name element, which is referenced as the first element of the relationship.', - $ref: '#/$defs/product_id_t', - }, - relates_to_product_reference: { - title: 'Relates to product reference', - description: - 'Holds a Product ID that refers to the Full Product Name element, which is referenced as the second element of the relationship.', - $ref: '#/$defs/product_id_t', - }, - }, - additionalProperties: false, - }, - }, - }, - additionalProperties: false, - }, - vulnerabilities: { - title: 'Vulnerabilities', - description: - 'Represents a list of all relevant vulnerability information items.', - type: 'array', - minItems: 1, - items: { - title: 'Vulnerability', - description: - 'Is a container for the aggregation of all fields that are related to a single vulnerability in the document.', - type: 'object', - minProperties: 1, - properties: { - acknowledgments: { - title: 'Vulnerability acknowledgments', - description: - 'Contains a list of acknowledgment elements associated with this vulnerability item.', - $ref: '#/$defs/acknowledgments_t', - }, - cve: { - title: 'CVE', - description: - 'Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.', - type: 'string', - pattern: '^CVE-[0-9]{4}-[0-9]{4,}$', - }, - cwes: { - title: 'List of CWEs', - description: 'Contains a list of CWEs.', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - title: 'CWE', - description: - 'Holds the MITRE standard Common Weakness Enumeration (CWE) for the weakness associated.', - type: 'object', - required: ['id', 'name', 'version'], - properties: { - id: { - title: 'Weakness ID', - description: 'Holds the ID for the weakness associated.', - type: 'string', - pattern: '^CWE-[1-9]\\d{0,5}$', - examples: ['CWE-22', 'CWE-352', 'CWE-79'], - }, - name: { - title: 'Weakness name', - description: - 'Holds the full name of the weakness as given in the CWE specification.', - type: 'string', - pattern: '^[^\\s\\-_\\.](.*[^\\s\\-_\\.])?$', - minLength: 1, - examples: [ - 'Cross-Site Request Forgery (CSRF)', - "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - ], - }, - version: { - title: 'CWE version', - description: - 'Holds the version string of the CWE specification this weakness was extracted from.', - type: 'string', - pattern: '^[1-9]\\d*\\.([0-9]|([1-9]\\d+))(\\.\\d+)?$', - examples: ['1.0', '3.4.1', '4.0', '4.11', '4.12'], - }, - }, - additionalProperties: false, - }, - }, - disclosure_date: { - title: 'Disclosure date', - description: - 'Holds the date and time the vulnerability was originally disclosed to the public.', - type: 'string', - format: 'date-time', - }, - discovery_date: { - title: 'Discovery date', - description: - 'Holds the date and time the vulnerability was originally discovered.', - type: 'string', - format: 'date-time', - }, - first_known_exploitation_dates: { - title: 'List of first known exploitation dates', - description: - 'Contains a list of dates of first known exploitations.', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - title: 'First known exploitation date', - description: - 'Contains information on when this vulnerability was first known to be exploited in the wild in the products specified.', - type: 'object', - minProperties: 3, - required: ['date', 'exploitation_date'], - properties: { - date: { - title: 'Date of the information', - description: - 'Contains the date when the information was last updated.', - type: 'string', - format: 'date-time', - }, - exploitation_date: { - title: 'Date of the exploitation', - description: - 'Contains the date when the exploitation happened.', - type: 'string', - format: 'date-time', - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - }, - additionalProperties: false, - }, - }, - flags: { - title: 'List of flags', - description: 'Contains a list of machine readable flags.', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - title: 'Flag', - description: - 'Contains product specific information in regard to this vulnerability as a single machine readable flag.', - type: 'object', - required: ['label'], - properties: { - date: { - title: 'Date of the flag', - description: - 'Contains the date when assessment was done or the flag was assigned.', - type: 'string', - format: 'date-time', - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - label: { - title: 'Label of the flag', - description: 'Specifies the machine readable label.', - type: 'string', - enum: [ - 'component_not_present', - 'inline_mitigations_already_exist', - 'vulnerable_code_cannot_be_controlled_by_adversary', - 'vulnerable_code_not_in_execute_path', - 'vulnerable_code_not_present', - ], - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - }, - additionalProperties: false, - }, - }, - ids: { - title: 'List of IDs', - description: - 'Represents a list of unique labels or tracking IDs for the vulnerability (if such information exists).', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - title: 'ID', - description: - 'Contains a single unique label or tracking ID for the vulnerability.', - type: 'object', - required: ['system_name', 'text'], - properties: { - system_name: { - title: 'System name', - description: - 'Indicates the name of the vulnerability tracking or numbering system.', - type: 'string', - minLength: 1, - examples: ['Cisco Bug ID', 'GitHub Issue'], - }, - text: { - title: 'Text', - description: - 'Is unique label or tracking ID for the vulnerability (if such information exists).', - type: 'string', - minLength: 1, - examples: ['CSCso66472', 'oasis-tcs/csaf#210'], - }, - }, - additionalProperties: false, - }, - }, - involvements: { - title: 'List of involvements', - description: 'Contains a list of involvements.', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - title: 'Involvement', - description: - 'Is a container, that allows the document producers to comment on the level of involvement (or engagement) of themselves or third parties in the vulnerability identification, scoping, and remediation process.', - type: 'object', - required: ['party', 'status'], - properties: { - contact: { - title: 'Party contact information', - description: - 'Contains the contact information of the party that was used in this state.', - type: 'string', - minLength: 1, - }, - date: { - title: 'Date of involvement', - description: - 'Holds the date and time of the involvement entry.', - type: 'string', - format: 'date-time', - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - party: { - title: 'Party category', - description: 'Defines the category of the involved party.', - type: 'string', - enum: [ - 'coordinator', - 'discoverer', - 'other', - 'user', - 'vendor', - ], - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - status: { - title: 'Party status', - description: 'Defines contact status of the involved party.', - type: 'string', - enum: [ - 'completed', - 'contact_attempted', - 'disputed', - 'in_progress', - 'not_contacted', - 'open', - ], - }, - summary: { - title: 'Summary of the involvement', - description: - 'Contains additional context regarding what is going on.', - type: 'string', - minLength: 1, - }, - }, - additionalProperties: false, - }, - }, - metrics: { - title: 'List of metrics', - description: - 'Contains metric objects for the current vulnerability.', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - title: 'metric', - description: - 'Contains all metadata about the metric including products it applies to and the source and the content itself.', - type: 'object', - required: ['content', 'products'], - properties: { - content: { - title: 'Content', - description: - 'Specifies information about (at least one) metric or score for the given products regarding the current vulnerability.', - type: 'object', - minProperties: 1, - properties: { - cvss_v2: { - title: 'CVSS v2', - $ref: 'https://www.first.org/cvss/cvss-v2.0.json', - }, - cvss_v3: { - title: 'CVSS v3', - oneOf: [ - { - $ref: 'https://www.first.org/cvss/cvss-v3.0.json', - }, - { - $ref: 'https://www.first.org/cvss/cvss-v3.1.json', - }, - ], - }, - cvss_v4: { - title: 'CVSS v4', - $ref: 'https://www.first.org/cvss/cvss-v4.0.1.json', - }, - epss: { - title: 'EPSS', - description: 'Contains the EPSS data.', - type: 'object', - required: ['percentile', 'probability', 'timestamp'], - properties: { - percentile: { - title: 'Percentile', - description: - 'Contains the rank ordering of probabilities from highest to lowest.', - type: 'string', - pattern: '^(([0]\\.([0-9])+)|([1]\\.[0]+))$', - }, - probability: { - title: 'Probability', - description: - 'Contains the likelihood that any exploitation activity for this Vulnerability is being observed in the 30 days following the given timestamp.', - type: 'string', - pattern: '^(([0]\\.([0-9])+)|([1]\\.[0]+))$', - }, - timestamp: { - title: 'EPSS timestamp', - description: - 'Holds the date and time the EPSS value was recorded.', - type: 'string', - format: 'date-time', - }, - }, - additionalProperties: false, - }, - qualitative_severity_rating: { - title: 'Qualitative Severity Rating', - description: - 'Contains an assessment of the severity of the vulnerability regarding the products on a qualitative scale.', - type: 'string', - enum: ['critical', 'high', 'low', 'medium', 'none'], - }, - ssvc_v2: { - title: 'SSVC v2', - $ref: 'https://certcc.github.io/SSVC/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json', - }, - }, - additionalProperties: false, - }, - products: { - $ref: '#/$defs/products_t', - }, - source: { - title: 'Source', - description: - 'Contains the URL of the source that originally determined the metric.', - type: 'string', - format: 'uri', - }, - }, - additionalProperties: false, - }, - }, - notes: { - title: 'Vulnerability notes', - description: 'Holds notes associated with this vulnerability item.', - $ref: '#/$defs/notes_t', - }, - product_status: { - title: 'Product status', - description: - 'Contains different lists of product_ids which provide details on the status of the referenced product related to the current vulnerability. ', - type: 'object', - minProperties: 1, - properties: { - first_affected: { - title: 'First affected', - description: - 'These are the first versions of the releases known to be affected by the vulnerability.', - $ref: '#/$defs/products_t', - }, - first_fixed: { - title: 'First fixed', - description: - 'These versions contain the first fix for the vulnerability but may not be the recommended fixed versions.', - $ref: '#/$defs/products_t', - }, - fixed: { - title: 'Fixed', - description: - 'These versions contain a fix for the vulnerability but may not be the recommended fixed versions.', - $ref: '#/$defs/products_t', - }, - known_affected: { - title: 'Known affected', - description: - 'These versions are known to be affected by the vulnerability.', - $ref: '#/$defs/products_t', - }, - known_not_affected: { - title: 'Known not affected', - description: - 'These versions are known not to be affected by the vulnerability.', - $ref: '#/$defs/products_t', - }, - last_affected: { - title: 'Last affected', - description: - 'These are the last versions in a release train known to be affected by the vulnerability. Subsequently released versions would contain a fix for the vulnerability.', - $ref: '#/$defs/products_t', - }, - recommended: { - title: 'Recommended', - description: - 'These versions have a fix for the vulnerability and are the vendor-recommended versions for fixing the vulnerability.', - $ref: '#/$defs/products_t', - }, - under_investigation: { - title: 'Under investigation', - description: - 'It is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation - the result will be provided in a later release of the document.', - $ref: '#/$defs/products_t', - }, - unknown: { - title: 'Unknown', - description: - 'It is not known whether these versions are or are not affected by the vulnerability. There is also no investigation and therefore the status might never be determined.', - $ref: '#/$defs/products_t', - }, - }, - additionalProperties: false, - }, - references: { - title: 'Vulnerability references', - description: - 'Holds a list of references associated with this vulnerability item.', - $ref: '#/$defs/references_t', - }, - remediations: { - title: 'List of remediations', - description: 'Contains a list of remediations.', - type: 'array', - minItems: 1, - items: { - title: 'Remediation', - description: - 'Specifies details on how to handle (and presumably, fix) a vulnerability.', - type: 'object', - required: ['category', 'details'], - properties: { - category: { - title: 'Category of the remediation', - description: - 'Specifies the category which this remediation belongs to.', - type: 'string', - enum: [ - 'fix_planned', - 'mitigation', - 'no_fix_planned', - 'none_available', - 'optional_patch', - 'vendor_fix', - 'workaround', - ], - }, - date: { - title: 'Date of the remediation', - description: - 'Contains the date from which the remediation is available.', - type: 'string', - format: 'date-time', - }, - details: { - title: 'Details of the remediation', - description: - 'Contains a thorough human-readable discussion of the remediation.', - type: 'string', - minLength: 1, - }, - entitlements: { - title: 'List of entitlements', - description: 'Contains a list of entitlements.', - type: 'array', - minItems: 1, - items: { - title: 'Entitlement of the remediation', - description: - 'Contains any possible vendor-defined constraints for obtaining fixed software or hardware that fully resolves the vulnerability.', - type: 'string', - minLength: 1, - }, - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - restart_required: { - title: 'Restart required by remediation', - description: - 'Provides information on the category of restart required by this remediation to become effective.', - type: 'object', - required: ['category'], - properties: { - category: { - title: 'Category of restart', - description: - 'Specifies what category of restart is required by this remediation to become effective.', - type: 'string', - enum: [ - 'connected', - 'dependencies', - 'machine', - 'none', - 'parent', - 'service', - 'system', - 'vulnerable_component', - 'zone', - ], - }, - details: { - title: 'Additional restart information', - description: - 'Provides additional information for the restart. This can include details on procedures, scope or impact.', - type: 'string', - minLength: 1, - }, - }, - additionalProperties: false, - }, - url: { - title: 'URL to the remediation', - description: - 'Contains the URL where to obtain the remediation.', - type: 'string', - format: 'uri', - }, - }, - additionalProperties: false, - }, - }, - threats: { - title: 'List of threats', - description: - 'Contains information about a vulnerability that can change with time.', - type: 'array', - minItems: 1, - items: { - title: 'Threat', - description: - 'Contains the vulnerability kinetic information. This information can change as the vulnerability ages and new information becomes available.', - type: 'object', - required: ['category', 'details'], - properties: { - category: { - title: 'Category of the threat', - description: - 'Categorizes the threat according to the rules of the specification.', - type: 'string', - enum: ['exploit_status', 'impact', 'target_set'], - }, - date: { - title: 'Date of the threat', - description: - 'Contains the date when the assessment was done or the threat appeared.', - type: 'string', - format: 'date-time', - }, - details: { - title: 'Details of the threat', - description: - 'Represents a thorough human-readable discussion of the threat.', - type: 'string', - minLength: 1, - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - }, - additionalProperties: false, - }, - }, - title: { - title: 'Title', - description: - 'Gives the document producer the ability to apply a canonical name or title to the vulnerability.', - type: 'string', - minLength: 1, - }, - }, - additionalProperties: false, - }, - }, - }, - additionalProperties: false, -} diff --git a/csaf-validator-lib/csaf_2_1/schemaTests/csaf_2_1_strict.js b/csaf-validator-lib/csaf_2_1/schemaTests/csaf_2_1_strict.js deleted file mode 100644 index 0b11359..0000000 --- a/csaf-validator-lib/csaf_2_1/schemaTests/csaf_2_1_strict.js +++ /dev/null @@ -1,26 +0,0 @@ -import csafAjv from '../csafAjv.js' -import schema from './csaf_2_1_strict/schema.js' - -const validate = csafAjv.compile(schema) - -/** - * @param {any} doc - */ -export default function csaf_2_1_strict(doc) { - let isValid = validate(doc) - /** - * - * @type {Array<{ - * message?: string - * instancePath: string - * }>} - */ - const errors = validate.errors ?? [] - return { - isValid, - errors: errors.map((e) => ({ - ...e, - message: e.message ?? 'unexpected empty error message', - })), - } -} diff --git a/csaf-validator-lib/csaf_2_1/schemaTests/csaf_2_1_strict/schema.js b/csaf-validator-lib/csaf_2_1/schemaTests/csaf_2_1_strict/schema.js deleted file mode 100644 index 7e2c5c3..0000000 --- a/csaf-validator-lib/csaf_2_1/schemaTests/csaf_2_1_strict/schema.js +++ /dev/null @@ -1,1645 +0,0 @@ -// created with: python ./csaf/csaf_2.1/test/generate_strict_schema.py ./csaf/csaf_2.1/json_schema/csaf.json > ./csaf_2_1/schemaTests/csaf_2_1_strict/schema.json -export default { - $id: 'https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json?strict', - $schema: 'https://docs.oasis-open.org/csaf/csaf/v2.1/schema/meta.json', - additionalProperties: false, - description: - 'Representation of security advisory information as a JSON document.', - $defs: { - acknowledgments_t: { - description: 'Contains a list of acknowledgment elements.', - items: { - additionalProperties: false, - description: - 'Acknowledges contributions by describing those that contributed.', - minProperties: 1, - properties: { - names: { - description: 'Contains the names of contributors being recognized.', - items: { - description: - 'Contains the name of a single contributor being recognized.', - examples: ['Albert Einstein', 'Johann Sebastian Bach'], - minLength: 1, - title: 'Name of the contributor', - type: 'string', - }, - minItems: 1, - title: 'List of acknowledged names', - type: 'array', - }, - organization: { - description: - 'Contains the name of a contributing organization being recognized.', - examples: ['CISA', 'Google Project Zero', 'Talos'], - minLength: 1, - title: 'Contributing organization', - type: 'string', - }, - summary: { - description: - 'SHOULD represent any contextual details the document producers wish to make known about the acknowledgment or acknowledged parties.', - examples: [ - 'First analysis of Coordinated Multi-Stream Attack (CMSA)', - ], - minLength: 1, - title: 'Summary of the acknowledgment', - type: 'string', - }, - urls: { - description: - 'Specifies a list of URLs or location of the reference to be acknowledged.', - items: { - description: - 'Contains the URL or location of the reference to be acknowledged.', - format: 'uri', - title: 'URL of acknowledgment', - type: 'string', - }, - minItems: 1, - title: 'List of URLs', - type: 'array', - }, - }, - title: 'Acknowledgment', - type: 'object', - }, - minItems: 1, - title: 'List of acknowledgments', - type: 'array', - }, - branches_t: { - description: - 'Contains branch elements as children of the current element.', - items: { - additionalProperties: false, - description: - 'Is a part of the hierarchical structure of the product tree.', - maxProperties: 3, - minProperties: 3, - properties: { - branches: { - $ref: '#/$defs/branches_t', - }, - category: { - description: 'Describes the characteristics of the labeled branch.', - enum: [ - 'architecture', - 'host_name', - 'language', - 'legacy', - 'patch_level', - 'platform', - 'product_family', - 'product_name', - 'product_version', - 'product_version_range', - 'service_pack', - 'specification', - 'vendor', - ], - title: 'Category of the branch', - type: 'string', - }, - name: { - description: - "Contains the canonical descriptor or 'friendly name' of the branch.", - examples: [ - '10', - '365', - 'Microsoft', - 'Office', - 'PCS 7', - 'SIMATIC', - 'Siemens', - 'Windows', - ], - minLength: 1, - title: 'Name of the branch', - type: 'string', - }, - product: { - $ref: '#/$defs/full_product_name_t', - }, - }, - required: ['category', 'name'], - title: 'Branch', - type: 'object', - }, - minItems: 1, - title: 'List of branches', - type: 'array', - }, - full_product_name_t: { - additionalProperties: false, - description: - 'Specifies information about the product and assigns the product_id.', - properties: { - name: { - description: - 'The value should be the product\u00e2\u20ac\u2122s full canonical name, including version number and other attributes, as it would be used in a human-friendly document.', - examples: [ - 'Cisco AnyConnect Secure Mobility Client 2.3.185', - 'Microsoft Host Integration Server 2006 Service Pack 1', - ], - minLength: 1, - title: 'Textual description of the product', - type: 'string', - }, - product_id: { - $ref: '#/$defs/product_id_t', - }, - product_identification_helper: { - additionalProperties: false, - description: - 'Provides at least one method which aids in identifying the product in an asset database.', - minProperties: 1, - properties: { - cpe: { - description: - 'The Common Platform Enumeration (CPE) attribute refers to a method for naming platforms external to this specification.', - minLength: 5, - pattern: - '^((cpe:2\\.3:[aho\\*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!"#\\$%&\'\\(\\)\\+,\\/:;<=>@\\[\\]\\^`\\{\\|\\}~]))+(\\?*|\\*?))|[\\*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\\*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!"#\\$%&\'\\(\\)\\+,\\/:;<=>@\\[\\]\\^`\\{\\|\\}~]))+(\\?*|\\*?))|[\\*\\-])){4})|([c][pP][eE]:\\/[AHOaho]?(:[A-Za-z0-9\\._\\-~%]*){0,6}))$', - title: 'Common Platform Enumeration representation', - type: 'string', - }, - hashes: { - description: - 'Contains a list of cryptographic hashes usable to identify files.', - items: { - additionalProperties: false, - description: - 'Contains all information to identify a file based on its cryptographic hash values.', - properties: { - file_hashes: { - description: - 'Contains a list of cryptographic hashes for this file.', - items: { - additionalProperties: false, - description: - 'Contains one hash value and algorithm of the file to be identified.', - properties: { - algorithm: { - default: 'sha256', - description: - 'Contains the name of the cryptographic hash algorithm used to calculate the value.', - examples: [ - 'blake2b512', - 'sha256', - 'sha3-512', - 'sha384', - 'sha512', - ], - minLength: 1, - title: 'Algorithm of the cryptographic hash', - type: 'string', - }, - value: { - description: - 'Contains the cryptographic hash value in hexadecimal representation.', - examples: [ - '37df33cb7464da5c7f077f4d56a32bc84987ec1d85b234537c1c1a4d4fc8d09dc29e2e762cb5203677bf849a2855a0283710f1f5fe1d6ce8d5ac85c645d0fcb3', - '4775203615d9534a8bfca96a93dc8b461a489f69124a130d786b42204f3341cc', - '9ea4c8200113d49d26505da0e02e2f49055dc078d1ad7a419b32e291c7afebbb84badfbd46dec42883bea0b2a1fa697c', - ], - minLength: 32, - pattern: '^[0-9a-fA-F]{32,}$', - title: 'Value of the cryptographic hash', - type: 'string', - }, - }, - required: ['algorithm', 'value'], - title: 'File hash', - type: 'object', - }, - minItems: 1, - title: 'List of file hashes', - type: 'array', - }, - filename: { - description: - 'Contains the name of the file which is identified by the hash values.', - examples: ['WINWORD.EXE', 'msotadddin.dll', 'sudoers.so'], - minLength: 1, - title: 'Filename', - type: 'string', - }, - }, - required: ['file_hashes', 'filename'], - title: 'Cryptographic hashes', - type: 'object', - }, - minItems: 1, - title: 'List of hashes', - type: 'array', - }, - model_numbers: { - description: 'Contains a list of model numbers.', - items: { - description: - 'Contains a model number of the component to identify - possibly with placeholders.', - minLength: 1, - title: 'Model number', - type: 'string', - }, - minItems: 1, - title: 'List of models', - type: 'array', - uniqueItems: true, - }, - purls: { - description: 'Contains a list of package URLs (purl).', - items: { - description: - 'The package URL (purl) attribute refers to a method for reliably identifying and locating software packages external to this specification.', - format: 'uri', - minLength: 7, - pattern: '^pkg:[A-Za-z\\.\\-\\+][A-Za-z0-9\\.\\-\\+]*\\/.+', - title: 'package URL representation', - type: 'string', - }, - minItems: 1, - title: 'List of package URLs', - type: 'array', - uniqueItems: true, - }, - sbom_urls: { - description: - 'Contains a list of URLs where SBOMs for this product can be retrieved.', - items: { - description: 'Contains a URL of one SBOM for this product.', - format: 'uri', - title: 'SBOM URL', - type: 'string', - }, - minItems: 1, - title: 'List of SBOM URLs', - type: 'array', - }, - serial_numbers: { - description: 'Contains a list of serial numbers.', - items: { - description: - 'Contains a serial number of the component to identify - possibly with placeholders.', - minLength: 1, - title: 'Serial number', - type: 'string', - }, - minItems: 1, - title: 'List of serial numbers', - type: 'array', - uniqueItems: true, - }, - skus: { - description: - 'Contains a list of full or abbreviated (partial) stock keeping units.', - items: { - description: - 'Contains a full or abbreviated (partial) stock keeping unit (SKU) which is used in the ordering process to identify the component.', - minLength: 1, - title: 'Stock keeping unit', - type: 'string', - }, - minItems: 1, - title: 'List of stock keeping units', - type: 'array', - }, - x_generic_uris: { - description: - 'Contains a list of identifiers which are either vendor-specific or derived from a standard not yet supported.', - items: { - additionalProperties: false, - description: - 'Provides a generic extension point for any identifier which is either vendor-specific or derived from a standard not yet supported.', - properties: { - namespace: { - description: - 'Refers to a URL which provides the name and knowledge about the specification used or is the namespace in which these values are valid.', - format: 'uri', - title: 'Namespace of the generic URI', - type: 'string', - }, - uri: { - description: 'Contains the identifier itself.', - format: 'uri', - title: 'URI', - type: 'string', - }, - }, - required: ['namespace', 'uri'], - title: 'Generic URI', - type: 'object', - }, - minItems: 1, - title: 'List of generic URIs', - type: 'array', - }, - }, - title: 'Helper to identify the product', - type: 'object', - }, - }, - required: ['name', 'product_id'], - title: 'Full product name', - type: 'object', - }, - lang_t: { - description: - 'Identifies a language, corresponding to IETF BCP 47 / RFC 5646. See IETF language registry: https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry', - examples: ['de', 'en', 'fr', 'frc', 'jp'], - pattern: - '^(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])$', - title: 'Language type', - type: 'string', - }, - notes_t: { - description: 'Contains notes which are specific to the current context.', - items: { - additionalProperties: false, - description: - 'Is a place to put all manner of text blobs related to the current context.', - properties: { - audience: { - description: 'Indicates who is intended to read it.', - examples: [ - 'all', - 'executives', - 'operational management and system administrators', - 'safety engineers', - ], - minLength: 1, - title: 'Audience of note', - type: 'string', - }, - category: { - description: - 'Contains the information of what kind of note this is.', - enum: [ - 'description', - 'details', - 'faq', - 'general', - 'legal_disclaimer', - 'other', - 'summary', - ], - title: 'Note category', - type: 'string', - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - text: { - description: - 'Holds the content of the note. Content varies depending on type.', - minLength: 1, - title: 'Note content', - type: 'string', - }, - title: { - description: - 'Provides a concise description of what is contained in the text of the note.', - examples: [ - 'Details', - 'Executive summary', - 'Technical summary', - 'Impact on safety systems', - ], - minLength: 1, - title: 'Title of note', - type: 'string', - }, - }, - required: ['category', 'text'], - title: 'Note', - type: 'object', - }, - minItems: 1, - title: 'List of notes', - type: 'array', - }, - product_group_id_t: { - description: - 'Token required to identify a group of products so that it can be referred to from other parts in the document. There is no predefined or required format for the product_group_id as long as it uniquely identifies a group in the context of the current document.', - examples: ['CSAFGID-0001', 'CSAFGID-0002', 'CSAFGID-0020'], - minLength: 1, - title: 'Reference token for product group instance', - type: 'string', - }, - product_groups_t: { - description: - 'Specifies a list of product_group_ids to give context to the parent item.', - items: { - $ref: '#/$defs/product_group_id_t', - }, - minItems: 1, - title: 'List of product_group_ids', - type: 'array', - uniqueItems: true, - }, - product_id_t: { - description: - 'Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document.', - examples: ['CSAFPID-0004', 'CSAFPID-0008'], - minLength: 1, - title: 'Reference token for product instance', - type: 'string', - }, - products_t: { - description: - 'Specifies a list of product_ids to give context to the parent item.', - items: { - $ref: '#/$defs/product_id_t', - }, - minItems: 1, - title: 'List of product_ids', - type: 'array', - uniqueItems: true, - }, - references_t: { - description: 'Holds a list of references.', - items: { - additionalProperties: false, - description: - 'Holds any reference to conferences, papers, advisories, and other resources that are related and considered related to either a surrounding part of or the entire document and to be of value to the document consumer.', - properties: { - category: { - default: 'external', - description: - 'Indicates whether the reference points to the same document or vulnerability in focus (depending on scope) or to an external resource.', - enum: ['external', 'self'], - title: 'Category of reference', - type: 'string', - }, - summary: { - description: 'Indicates what this reference refers to.', - minLength: 1, - title: 'Summary of the reference', - type: 'string', - }, - url: { - description: 'Provides the URL for the reference.', - format: 'uri', - title: 'URL of reference', - type: 'string', - }, - }, - required: ['summary', 'url'], - title: 'Reference', - type: 'object', - }, - minItems: 1, - title: 'List of references', - type: 'array', - }, - version_t: { - description: - 'Specifies a version string to denote clearly the evolution of the content of the document. Format must be either integer or semantic versioning.', - examples: ['1', '4', '0.9.0', '1.4.3', '2.40.0+21AF26D3'], - pattern: - '^(0|[1-9][0-9]*)$|^((0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?)$', - title: 'Version', - type: 'string', - }, - }, - properties: { - $schema: { - description: - 'Contains the URL of the CSAF JSON schema which the document promises to be valid for.', - enum: ['https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json'], - format: 'uri', - title: 'JSON schema', - type: 'string', - }, - document: { - additionalProperties: false, - description: - 'Captures the meta-data about this document describing a particular set of security advisories.', - properties: { - acknowledgments: { - $ref: '#/$defs/acknowledgments_t', - description: - 'Contains a list of acknowledgment elements associated with the whole document.', - title: 'Document acknowledgments', - }, - aggregate_severity: { - additionalProperties: false, - description: - "Is a vehicle that is provided by the document producer to convey the urgency and criticality with which the one or more vulnerabilities reported should be addressed. It is a document-level metric and applied to the document as a whole \u00e2\u20ac\u201d not any specific vulnerability. The range of values in this field is defined according to the document producer's policies and procedures.", - properties: { - namespace: { - description: 'Points to the namespace so referenced.', - format: 'uri', - title: 'Namespace of aggregate severity', - type: 'string', - }, - text: { - description: - 'Provides a severity which is independent of - and in addition to - any other standard metric for determining the impact or severity of a given vulnerability (such as CVSS).', - examples: ['Critical', 'Important', 'Moderate'], - minLength: 1, - title: 'Text of aggregate severity', - type: 'string', - }, - }, - required: ['text'], - title: 'Aggregate severity', - type: 'object', - }, - category: { - description: - 'Defines a short canonical name, chosen by the document producer, which will inform the end user as to the category of document.', - examples: [ - 'csaf_base', - 'csaf_security_advisory', - 'csaf_vex', - 'Example Company Security Notice', - ], - minLength: 1, - pattern: '^[^\\s\\-_\\.](.*[^\\s\\-_\\.])?$', - title: 'Document category', - type: 'string', - }, - csaf_version: { - description: - 'Gives the version of the CSAF specification which the document was generated for.', - enum: ['2.1'], - title: 'CSAF version', - type: 'string', - }, - distribution: { - additionalProperties: false, - description: - 'Describe any constraints on how this document might be shared.', - properties: { - sharing_group: { - additionalProperties: false, - description: - 'Contains information about the group this document is intended to be shared with.', - properties: { - id: { - description: 'Provides the unique ID for the sharing group.', - format: 'uuid', - pattern: - '^(([0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[0-9a-f]{4}-[0-9a-f]{12})|([0]{8}-([0]{4}-){3}[0]{12})|([f]{8}-([f]{4}-){3}[f]{12}))$', - title: 'Sharing Group ID', - type: 'string', - }, - name: { - description: - 'Contains a human-readable name for the sharing group.', - examples: [ - 'Customer A', - 'ISAC members', - 'NIS2 regulated important entities in Germany, sector water', - 'Pre-Sharing group for advisory discussion', - 'Users of Product A', - 'US Federal Civilian Authorities', - ], - minLength: 1, - title: 'Sharing Group Name', - type: 'string', - }, - }, - required: ['id'], - title: 'Sharing Group', - type: 'object', - }, - text: { - description: - 'Provides a textual description of additional constraints.', - examples: [ - 'Copyright 2021, Example Company, All Rights Reserved.', - 'Distribute freely.', - 'Share only on a need-to-know-basis only.', - ], - minLength: 1, - title: 'Textual description', - type: 'string', - }, - tlp: { - additionalProperties: false, - description: - 'Provides details about the TLP classification of the document.', - properties: { - label: { - default: 'CLEAR', - description: 'Provides the TLP label of the document.', - enum: ['AMBER', 'AMBER+STRICT', 'CLEAR', 'GREEN', 'RED'], - title: 'Label of TLP', - type: 'string', - }, - url: { - default: 'https://www.first.org/tlp/', - description: - 'Provides a URL where to find the textual description of the TLP version which is used in this document. Default is the URL to the definition by FIRST.', - examples: [ - 'https://www.us-cert.gov/tlp', - 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Kritis/Merkblatt_TLP.pdf', - ], - format: 'uri', - title: 'URL of TLP version', - type: 'string', - }, - }, - required: ['label'], - title: 'Traffic Light Protocol (TLP)', - type: 'object', - }, - }, - required: ['tlp'], - title: 'Rules for document sharing', - type: 'object', - }, - lang: { - $ref: '#/$defs/lang_t', - description: - 'Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.', - title: 'Document language', - }, - license_expression: { - description: - 'Contains the SPDX license expression for the CSAF document.', - examples: [ - 'CC-BY-4.0', - 'LicenseRef-www.example.org-Example-CSAF-License-3.0+', - 'LicenseRef-scancode-public-domain', - 'MIT OR any-OSI', - ], - minLength: 1, - title: 'License expression', - type: 'string', - }, - notes: { - $ref: '#/$defs/notes_t', - description: 'Holds notes associated with the whole document.', - title: 'Document notes', - }, - publisher: { - additionalProperties: false, - description: - 'Provides information about the publisher of the document.', - properties: { - category: { - description: - 'Provides information about the category of publisher releasing the document.', - enum: [ - 'coordinator', - 'discoverer', - 'multiplier', - 'other', - 'translator', - 'user', - 'vendor', - ], - title: 'Category of publisher', - type: 'string', - }, - contact_details: { - description: - 'Information on how to contact the publisher, possibly including details such as web sites, email addresses, phone numbers, and postal mail addresses.', - examples: [ - 'Example Company can be reached at contact_us@example.com, or via our website at https://www.example.com/contact.', - ], - minLength: 1, - title: 'Contact details', - type: 'string', - }, - issuing_authority: { - description: - "Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.", - minLength: 1, - title: 'Issuing authority', - type: 'string', - }, - name: { - description: 'Contains the name of the issuing party.', - examples: ['BSI', 'Cisco PSIRT', 'Siemens ProductCERT'], - minLength: 1, - title: 'Name of publisher', - type: 'string', - }, - namespace: { - description: - 'Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party.', - examples: ['https://csaf.io', 'https://www.example.com'], - format: 'uri', - title: 'Namespace of publisher', - type: 'string', - }, - }, - required: ['category', 'name', 'namespace'], - title: 'Publisher', - type: 'object', - }, - references: { - $ref: '#/$defs/references_t', - description: - 'Holds a list of references associated with the whole document.', - title: 'Document references', - }, - source_lang: { - $ref: '#/$defs/lang_t', - description: - 'If this copy of the document is a translation then the value of this property describes from which language this document was translated.', - title: 'Source language', - }, - title: { - description: - 'This SHOULD be a canonical name for the document, and sufficiently unique to distinguish it from similar documents.', - examples: [ - 'Cisco IPv6 Crafted Packet Denial of Service Vulnerability', - 'Example Company Cross-Site-Scripting Vulnerability in Example Generator', - ], - minLength: 1, - title: 'Title of this document', - type: 'string', - }, - tracking: { - additionalProperties: false, - description: - 'Is a container designated to hold all management attributes necessary to track a CSAF document as a whole.', - properties: { - aliases: { - description: - 'Contains a list of alternate names for the same document.', - items: { - description: - 'Specifies a non-empty string that represents a distinct optional alternative ID used to refer to the document.', - examples: ['CVE-2019-12345'], - minLength: 1, - title: 'Alternate name', - type: 'string', - }, - minItems: 1, - title: 'Aliases', - type: 'array', - uniqueItems: true, - }, - current_release_date: { - description: - 'The date when the current revision of this document was released', - format: 'date-time', - title: 'Current release date', - type: 'string', - }, - generator: { - additionalProperties: false, - description: - 'Is a container to hold all elements related to the generation of the document. These items will reference when the document was actually created, including the date it was generated and the entity that generated it.', - properties: { - date: { - description: - 'This SHOULD be the current date that the document was generated. Because documents are often generated internally by a document producer and exist for a nonzero amount of time before being released, this field MAY be different from the Initial Release Date and Current Release Date.', - format: 'date-time', - title: 'Date of document generation', - type: 'string', - }, - engine: { - additionalProperties: false, - description: - 'Contains information about the engine that generated the CSAF document.', - properties: { - name: { - description: - 'Represents the name of the engine that generated the CSAF document.', - examples: ['Red Hat rhsa-to-cvrf', 'Secvisogram', 'TVCE'], - minLength: 1, - title: 'Engine name', - type: 'string', - }, - version: { - description: - 'Contains the version of the engine that generated the CSAF document.', - examples: ['0.6.0', '1.0.0-beta+exp.sha.a1c44f85', '2'], - minLength: 1, - title: 'Engine version', - type: 'string', - }, - }, - required: ['name'], - title: 'Engine of document generation', - type: 'object', - }, - }, - required: ['engine'], - title: 'Document generator', - type: 'object', - }, - id: { - description: - 'The ID is a simple label that provides for a wide range of numbering values, types, and schemes. Its value SHOULD be assigned and maintained by the original document issuing authority.', - examples: [ - 'Example Company - 2019-YH3234', - 'RHBA-2019:0024', - 'cisco-sa-20190513-secureboot', - ], - minLength: 1, - pattern: '^[\\S](.*[\\S])?$', - title: 'Unique identifier for the document', - type: 'string', - }, - initial_release_date: { - description: - 'The date when this document was first released to the specified target group.', - format: 'date-time', - title: 'Initial release date', - type: 'string', - }, - revision_history: { - description: - 'Holds one revision item for each version of the CSAF document, including the initial one.', - items: { - additionalProperties: false, - description: - 'Contains all the information elements required to track the evolution of a CSAF document.', - properties: { - date: { - description: 'The date of the revision entry', - format: 'date-time', - title: 'Date of the revision', - type: 'string', - }, - legacy_version: { - description: - 'Contains the version string used in an existing document with the same content.', - minLength: 1, - title: 'Legacy version of the revision', - type: 'string', - }, - number: { - $ref: '#/$defs/version_t', - }, - summary: { - description: - 'Holds a single non-empty string representing a short description of the changes.', - examples: ['Initial version.'], - minLength: 1, - title: 'Summary of the revision', - type: 'string', - }, - }, - required: ['date', 'number', 'summary'], - title: 'Revision', - type: 'object', - }, - minItems: 1, - title: 'Revision history', - type: 'array', - }, - status: { - description: 'Defines the draft status of the document.', - enum: ['draft', 'final', 'interim'], - title: 'Document status', - type: 'string', - }, - version: { - $ref: '#/$defs/version_t', - }, - }, - required: [ - 'current_release_date', - 'id', - 'initial_release_date', - 'revision_history', - 'status', - 'version', - ], - title: 'Tracking', - type: 'object', - }, - }, - required: [ - 'category', - 'csaf_version', - 'distribution', - 'publisher', - 'title', - 'tracking', - ], - title: 'Document level meta-data', - type: 'object', - }, - product_tree: { - additionalProperties: false, - description: - 'Is a container for all fully qualified product names that can be referenced elsewhere in the document.', - minProperties: 1, - properties: { - branches: { - $ref: '#/$defs/branches_t', - }, - full_product_names: { - description: 'Contains a list of full product names.', - items: { - $ref: '#/$defs/full_product_name_t', - }, - minItems: 1, - title: 'List of full product names', - type: 'array', - }, - product_groups: { - description: 'Contains a list of product groups.', - items: { - additionalProperties: false, - description: - 'Defines a new logical group of products that can then be referred to in other parts of the document to address a group of products with a single identifier.', - properties: { - group_id: { - $ref: '#/$defs/product_group_id_t', - }, - product_ids: { - description: - 'Lists the product_ids of those products which known as one group in the document.', - items: { - $ref: '#/$defs/product_id_t', - }, - minItems: 2, - title: 'List of Product IDs', - type: 'array', - uniqueItems: true, - }, - summary: { - description: - 'Gives a short, optional description of the group.', - examples: [ - 'Products supporting Modbus.', - 'The x64 versions of the operating system.', - ], - minLength: 1, - title: 'Summary of the product group', - type: 'string', - }, - }, - required: ['group_id', 'product_ids'], - title: 'Product group', - type: 'object', - }, - minItems: 1, - title: 'List of product groups', - type: 'array', - }, - relationships: { - description: 'Contains a list of relationships.', - items: { - additionalProperties: false, - description: - 'Establishes a link between two existing full_product_name_t elements, allowing the document producer to define a combination of two products that form a new full_product_name entry.', - properties: { - category: { - description: - 'Defines the category of relationship for the referenced component.', - enum: [ - 'default_component_of', - 'external_component_of', - 'installed_on', - 'installed_with', - 'optional_component_of', - ], - title: 'Relationship category', - type: 'string', - }, - full_product_name: { - $ref: '#/$defs/full_product_name_t', - }, - product_reference: { - $ref: '#/$defs/product_id_t', - description: - 'Holds a Product ID that refers to the Full Product Name element, which is referenced as the first element of the relationship.', - title: 'Product reference', - }, - relates_to_product_reference: { - $ref: '#/$defs/product_id_t', - description: - 'Holds a Product ID that refers to the Full Product Name element, which is referenced as the second element of the relationship.', - title: 'Relates to product reference', - }, - }, - required: [ - 'category', - 'full_product_name', - 'product_reference', - 'relates_to_product_reference', - ], - title: 'Relationship', - type: 'object', - }, - minItems: 1, - title: 'List of relationships', - type: 'array', - }, - }, - title: 'Product tree', - type: 'object', - }, - vulnerabilities: { - description: - 'Represents a list of all relevant vulnerability information items.', - items: { - additionalProperties: false, - description: - 'Is a container for the aggregation of all fields that are related to a single vulnerability in the document.', - minProperties: 1, - properties: { - acknowledgments: { - $ref: '#/$defs/acknowledgments_t', - description: - 'Contains a list of acknowledgment elements associated with this vulnerability item.', - title: 'Vulnerability acknowledgments', - }, - cve: { - description: - 'Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.', - pattern: '^CVE-[0-9]{4}-[0-9]{4,}$', - title: 'CVE', - type: 'string', - }, - cwes: { - description: 'Contains a list of CWEs.', - items: { - additionalProperties: false, - description: - 'Holds the MITRE standard Common Weakness Enumeration (CWE) for the weakness associated.', - properties: { - id: { - description: 'Holds the ID for the weakness associated.', - examples: ['CWE-22', 'CWE-352', 'CWE-79'], - pattern: '^CWE-[1-9]\\d{0,5}$', - title: 'Weakness ID', - type: 'string', - }, - name: { - description: - 'Holds the full name of the weakness as given in the CWE specification.', - examples: [ - 'Cross-Site Request Forgery (CSRF)', - "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - ], - minLength: 1, - pattern: '^[^\\s\\-_\\.](.*[^\\s\\-_\\.])?$', - title: 'Weakness name', - type: 'string', - }, - version: { - description: - 'Holds the version string of the CWE specification this weakness was extracted from.', - examples: ['1.0', '3.4.1', '4.0', '4.11', '4.12'], - pattern: '^[1-9]\\d*\\.([0-9]|([1-9]\\d+))(\\.\\d+)?$', - title: 'CWE version', - type: 'string', - }, - }, - required: ['id', 'name', 'version'], - title: 'CWE', - type: 'object', - }, - minItems: 1, - title: 'List of CWEs', - type: 'array', - uniqueItems: true, - }, - disclosure_date: { - description: - 'Holds the date and time the vulnerability was originally disclosed to the public.', - format: 'date-time', - title: 'Disclosure date', - type: 'string', - }, - discovery_date: { - description: - 'Holds the date and time the vulnerability was originally discovered.', - format: 'date-time', - title: 'Discovery date', - type: 'string', - }, - first_known_exploitation_dates: { - description: - 'Contains a list of dates of first known exploitations.', - items: { - additionalProperties: false, - description: - 'Contains information on when this vulnerability was first known to be exploited in the wild in the products specified.', - minProperties: 3, - properties: { - date: { - description: - 'Contains the date when the information was last updated.', - format: 'date-time', - title: 'Date of the information', - type: 'string', - }, - exploitation_date: { - description: - 'Contains the date when the exploitation happened.', - format: 'date-time', - title: 'Date of the exploitation', - type: 'string', - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - }, - required: ['date', 'exploitation_date'], - title: 'First known exploitation date', - type: 'object', - }, - minItems: 1, - title: 'List of first known exploitation dates', - type: 'array', - uniqueItems: true, - }, - flags: { - description: 'Contains a list of machine readable flags.', - items: { - additionalProperties: false, - description: - 'Contains product specific information in regard to this vulnerability as a single machine readable flag.', - properties: { - date: { - description: - 'Contains the date when assessment was done or the flag was assigned.', - format: 'date-time', - title: 'Date of the flag', - type: 'string', - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - label: { - description: 'Specifies the machine readable label.', - enum: [ - 'component_not_present', - 'inline_mitigations_already_exist', - 'vulnerable_code_cannot_be_controlled_by_adversary', - 'vulnerable_code_not_in_execute_path', - 'vulnerable_code_not_present', - ], - title: 'Label of the flag', - type: 'string', - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - }, - required: ['label'], - title: 'Flag', - type: 'object', - }, - minItems: 1, - title: 'List of flags', - type: 'array', - uniqueItems: true, - }, - ids: { - description: - 'Represents a list of unique labels or tracking IDs for the vulnerability (if such information exists).', - items: { - additionalProperties: false, - description: - 'Contains a single unique label or tracking ID for the vulnerability.', - properties: { - system_name: { - description: - 'Indicates the name of the vulnerability tracking or numbering system.', - examples: ['Cisco Bug ID', 'GitHub Issue'], - minLength: 1, - title: 'System name', - type: 'string', - }, - text: { - description: - 'Is unique label or tracking ID for the vulnerability (if such information exists).', - examples: ['CSCso66472', 'oasis-tcs/csaf#210'], - minLength: 1, - title: 'Text', - type: 'string', - }, - }, - required: ['system_name', 'text'], - title: 'ID', - type: 'object', - }, - minItems: 1, - title: 'List of IDs', - type: 'array', - uniqueItems: true, - }, - involvements: { - description: 'Contains a list of involvements.', - items: { - additionalProperties: false, - description: - 'Is a container, that allows the document producers to comment on the level of involvement (or engagement) of themselves or third parties in the vulnerability identification, scoping, and remediation process.', - properties: { - contact: { - description: - 'Contains the contact information of the party that was used in this state.', - minLength: 1, - title: 'Party contact information', - type: 'string', - }, - date: { - description: - 'Holds the date and time of the involvement entry.', - format: 'date-time', - title: 'Date of involvement', - type: 'string', - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - party: { - description: 'Defines the category of the involved party.', - enum: [ - 'coordinator', - 'discoverer', - 'other', - 'user', - 'vendor', - ], - title: 'Party category', - type: 'string', - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - status: { - description: 'Defines contact status of the involved party.', - enum: [ - 'completed', - 'contact_attempted', - 'disputed', - 'in_progress', - 'not_contacted', - 'open', - ], - title: 'Party status', - type: 'string', - }, - summary: { - description: - 'Contains additional context regarding what is going on.', - minLength: 1, - title: 'Summary of the involvement', - type: 'string', - }, - }, - required: ['party', 'status'], - title: 'Involvement', - type: 'object', - }, - minItems: 1, - title: 'List of involvements', - type: 'array', - uniqueItems: true, - }, - metrics: { - description: - 'Contains metric objects for the current vulnerability.', - items: { - additionalProperties: false, - description: - 'Contains all metadata about the metric including products it applies to and the source and the content itself.', - properties: { - content: { - additionalProperties: false, - description: - 'Specifies information about (at least one) metric or score for the given products regarding the current vulnerability.', - minProperties: 1, - properties: { - cvss_v2: { - $ref: 'https://www.first.org/cvss/cvss-v2.0.json', - title: 'CVSS v2', - }, - cvss_v3: { - oneOf: [ - { - $ref: 'https://www.first.org/cvss/cvss-v3.0.json', - }, - { - $ref: 'https://www.first.org/cvss/cvss-v3.1.json', - }, - ], - title: 'CVSS v3', - }, - cvss_v4: { - $ref: 'https://www.first.org/cvss/cvss-v4.0.1.json', - title: 'CVSS v4', - }, - epss: { - additionalProperties: false, - description: 'Contains the EPSS data.', - properties: { - percentile: { - description: - 'Contains the rank ordering of probabilities from highest to lowest.', - pattern: '^(([0]\\.([0-9])+)|([1]\\.[0]+))$', - title: 'Percentile', - type: 'string', - }, - probability: { - description: - 'Contains the likelihood that any exploitation activity for this Vulnerability is being observed in the 30 days following the given timestamp.', - pattern: '^(([0]\\.([0-9])+)|([1]\\.[0]+))$', - title: 'Probability', - type: 'string', - }, - timestamp: { - description: - 'Holds the date and time the EPSS value was recorded.', - format: 'date-time', - title: 'EPSS timestamp', - type: 'string', - }, - }, - required: ['percentile', 'probability', 'timestamp'], - title: 'EPSS', - type: 'object', - }, - qualitative_severity_rating: { - description: - 'Contains an assessment of the severity of the vulnerability regarding the products on a qualitative scale.', - enum: ['critical', 'high', 'low', 'medium', 'none'], - title: 'Qualitative Severity Rating', - type: 'string', - }, - ssvc_v2: { - $ref: 'https://certcc.github.io/SSVC/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json', - title: 'SSVC v2', - }, - }, - title: 'Content', - type: 'object', - }, - products: { - $ref: '#/$defs/products_t', - }, - source: { - description: - 'Contains the URL of the source that originally determined the metric.', - format: 'uri', - title: 'Source', - type: 'string', - }, - }, - required: ['content', 'products'], - title: 'metric', - type: 'object', - }, - minItems: 1, - title: 'List of metrics', - type: 'array', - uniqueItems: true, - }, - notes: { - $ref: '#/$defs/notes_t', - description: 'Holds notes associated with this vulnerability item.', - title: 'Vulnerability notes', - }, - product_status: { - additionalProperties: false, - description: - 'Contains different lists of product_ids which provide details on the status of the referenced product related to the current vulnerability. ', - minProperties: 1, - properties: { - first_affected: { - $ref: '#/$defs/products_t', - description: - 'These are the first versions of the releases known to be affected by the vulnerability.', - title: 'First affected', - }, - first_fixed: { - $ref: '#/$defs/products_t', - description: - 'These versions contain the first fix for the vulnerability but may not be the recommended fixed versions.', - title: 'First fixed', - }, - fixed: { - $ref: '#/$defs/products_t', - description: - 'These versions contain a fix for the vulnerability but may not be the recommended fixed versions.', - title: 'Fixed', - }, - known_affected: { - $ref: '#/$defs/products_t', - description: - 'These versions are known to be affected by the vulnerability.', - title: 'Known affected', - }, - known_not_affected: { - $ref: '#/$defs/products_t', - description: - 'These versions are known not to be affected by the vulnerability.', - title: 'Known not affected', - }, - last_affected: { - $ref: '#/$defs/products_t', - description: - 'These are the last versions in a release train known to be affected by the vulnerability. Subsequently released versions would contain a fix for the vulnerability.', - title: 'Last affected', - }, - recommended: { - $ref: '#/$defs/products_t', - description: - 'These versions have a fix for the vulnerability and are the vendor-recommended versions for fixing the vulnerability.', - title: 'Recommended', - }, - under_investigation: { - $ref: '#/$defs/products_t', - description: - 'It is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation - the result will be provided in a later release of the document.', - title: 'Under investigation', - }, - unknown: { - $ref: '#/$defs/products_t', - description: - 'It is not known whether these versions are or are not affected by the vulnerability. There is also no investigation and therefore the status might never be determined.', - title: 'Unknown', - }, - }, - title: 'Product status', - type: 'object', - }, - references: { - $ref: '#/$defs/references_t', - description: - 'Holds a list of references associated with this vulnerability item.', - title: 'Vulnerability references', - }, - remediations: { - description: 'Contains a list of remediations.', - items: { - additionalProperties: false, - description: - 'Specifies details on how to handle (and presumably, fix) a vulnerability.', - properties: { - category: { - description: - 'Specifies the category which this remediation belongs to.', - enum: [ - 'fix_planned', - 'mitigation', - 'no_fix_planned', - 'none_available', - 'optional_patch', - 'vendor_fix', - 'workaround', - ], - title: 'Category of the remediation', - type: 'string', - }, - date: { - description: - 'Contains the date from which the remediation is available.', - format: 'date-time', - title: 'Date of the remediation', - type: 'string', - }, - details: { - description: - 'Contains a thorough human-readable discussion of the remediation.', - minLength: 1, - title: 'Details of the remediation', - type: 'string', - }, - entitlements: { - description: 'Contains a list of entitlements.', - items: { - description: - 'Contains any possible vendor-defined constraints for obtaining fixed software or hardware that fully resolves the vulnerability.', - minLength: 1, - title: 'Entitlement of the remediation', - type: 'string', - }, - minItems: 1, - title: 'List of entitlements', - type: 'array', - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - restart_required: { - additionalProperties: false, - description: - 'Provides information on the category of restart required by this remediation to become effective.', - properties: { - category: { - description: - 'Specifies what category of restart is required by this remediation to become effective.', - enum: [ - 'connected', - 'dependencies', - 'machine', - 'none', - 'parent', - 'service', - 'system', - 'vulnerable_component', - 'zone', - ], - title: 'Category of restart', - type: 'string', - }, - details: { - description: - 'Provides additional information for the restart. This can include details on procedures, scope or impact.', - minLength: 1, - title: 'Additional restart information', - type: 'string', - }, - }, - required: ['category'], - title: 'Restart required by remediation', - type: 'object', - }, - url: { - description: - 'Contains the URL where to obtain the remediation.', - format: 'uri', - title: 'URL to the remediation', - type: 'string', - }, - }, - required: ['category', 'details'], - title: 'Remediation', - type: 'object', - }, - minItems: 1, - title: 'List of remediations', - type: 'array', - }, - threats: { - description: - 'Contains information about a vulnerability that can change with time.', - items: { - additionalProperties: false, - description: - 'Contains the vulnerability kinetic information. This information can change as the vulnerability ages and new information becomes available.', - properties: { - category: { - description: - 'Categorizes the threat according to the rules of the specification.', - enum: ['exploit_status', 'impact', 'target_set'], - title: 'Category of the threat', - type: 'string', - }, - date: { - description: - 'Contains the date when the assessment was done or the threat appeared.', - format: 'date-time', - title: 'Date of the threat', - type: 'string', - }, - details: { - description: - 'Represents a thorough human-readable discussion of the threat.', - minLength: 1, - title: 'Details of the threat', - type: 'string', - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - }, - required: ['category', 'details'], - title: 'Threat', - type: 'object', - }, - minItems: 1, - title: 'List of threats', - type: 'array', - }, - title: { - description: - 'Gives the document producer the ability to apply a canonical name or title to the vulnerability.', - minLength: 1, - title: 'Title', - type: 'string', - }, - }, - title: 'Vulnerability', - type: 'object', - }, - minItems: 1, - title: 'Vulnerabilities', - type: 'array', - }, - }, - required: ['$schema', 'document'], - title: 'Common Security Advisory Framework', - type: 'object', -} diff --git a/csaf-validator-lib/csaf_2_1/shared/csafHelpers/walkHashes.js b/csaf-validator-lib/csaf_2_1/shared/csafHelpers/walkHashes.js deleted file mode 100644 index 8591290..0000000 --- a/csaf-validator-lib/csaf_2_1/shared/csafHelpers/walkHashes.js +++ /dev/null @@ -1,138 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const hashSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - file_hashes: { - elements: { additionalProperties: true, properties: {} }, - }, - }, -}) - -const fullProductNameSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product_identification_helper: { - additionalProperties: true, - optionalProperties: { - hashes: { elements: hashSchema }, - }, - }, - }, -}) - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - branches: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - product: fullProductNameSchema, - }, -}) - -const productPathSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - full_product_name: fullProductNameSchema, - }, -}) - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - branches: { - elements: branchSchema, - }, - full_product_names: { - elements: fullProductNameSchema, - }, - product_paths: { - elements: productPathSchema, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) -const validateFullProductName = ajv.compile(fullProductNameSchema) -const validateBranch = ajv.compile(branchSchema) -const validateProductPath = ajv.compile(productPathSchema) - -/** - * @param {any} doc - * @param {(params: { path: string; hash: {} }) => void} onHashFound - */ -export function walkHashes(doc, onHashFound) { - if (!validateInput(doc)) { - return - } - - doc.product_tree?.full_product_names?.forEach( - (fullProductName, fullProductNameIndex) => { - if (!validateFullProductName(fullProductName)) { - return - } - - fullProductName.product_identification_helper?.hashes?.forEach( - (hash, hashIndex) => { - onHashFound({ - path: `/product_tree/full_product_names/${fullProductNameIndex}/product_identification_helper/hashes/${hashIndex}/file_hashes`, - hash, - }) - } - ) - } - ) - - /** - * @param {string} prefix - * @param {unknown[]} branches - */ - const checkBranches = (prefix, branches) => { - branches.forEach((branch, branchIndex) => { - if (!validateBranch(branch)) { - return - } - - branch.product?.product_identification_helper?.hashes?.forEach( - (hash, hashIndex) => { - onHashFound({ - path: `${prefix}${branchIndex}/product/product_identification_helper/hashes/${hashIndex}/file_hashes`, - hash, - }) - } - ) - checkBranches( - `${prefix}${branchIndex}/branches/`, - Array.isArray(branch.branches) ? branch.branches : [] - ) - }) - } - - checkBranches('/product_tree/branches/', doc.product_tree?.branches ?? []) - - doc.product_tree?.product_paths?.forEach((productPath, productPathIndex) => { - if (!validateProductPath(productPath)) { - return - } - - productPath.full_product_name?.product_identification_helper?.hashes?.forEach( - (hash, hashIndex) => { - onHashFound({ - path: `/product_tree/product_paths/${productPathIndex}/full_product_name/product_identification_helper/hashes/${hashIndex}/file_hashes`, - hash, - }) - } - ) - }) -} diff --git a/csaf-validator-lib/csaf_2_1/sharingGroup.js b/csaf-validator-lib/csaf_2_1/sharingGroup.js deleted file mode 100644 index 2a3011b..0000000 --- a/csaf-validator-lib/csaf_2_1/sharingGroup.js +++ /dev/null @@ -1,19 +0,0 @@ -/** - * The max uuid to check the sharing_group.id for. - */ -export const MAX_UUID = 'ffffffff-ffff-ffff-ffff-ffffffffffff' - -/** - * The nil uuid to check the sharing_group.id for. - */ -export const NIL_UUID = '00000000-0000-0000-0000-000000000000' - -/** - * Reserved sharing group name for documents that are public. - */ -export const PUBLIC = 'Public' - -/** - * Reserved sharing group name for documents that must not be shared. - */ -export const NO_SHARING_ALLOWED = 'No sharing allowed' diff --git a/csaf-validator-lib/cwe.js b/csaf-validator-lib/cwe.js deleted file mode 100644 index 4a04b41..0000000 --- a/csaf-validator-lib/cwe.js +++ /dev/null @@ -1,3 +0,0 @@ -import cwe from './lib/shared/cwec.js' - -export const weaknesses = cwe.weaknesses diff --git a/csaf-validator-lib/extended.js b/csaf-validator-lib/extended.js deleted file mode 100644 index 0aa73bf..0000000 --- a/csaf-validator-lib/extended.js +++ /dev/null @@ -1,2 +0,0 @@ -export * from './basic.js' -export * from './lib/optionalTests.js' diff --git a/csaf-validator-lib/full.js b/csaf-validator-lib/full.js deleted file mode 100644 index e9ce06f..0000000 --- a/csaf-validator-lib/full.js +++ /dev/null @@ -1,2 +0,0 @@ -export * from './extended.js' -export * from './lib/informativeTests.js' diff --git a/csaf-validator-lib/hunspell.js b/csaf-validator-lib/hunspell.js deleted file mode 100644 index 6103f18..0000000 --- a/csaf-validator-lib/hunspell.js +++ /dev/null @@ -1 +0,0 @@ -export { default as getHunspellAvailableLangs } from './hunspell/getHunspellAvailableLangs.js' diff --git a/csaf-validator-lib/hunspell/getHunspellAvailableLangs.js b/csaf-validator-lib/hunspell/getHunspellAvailableLangs.js deleted file mode 100644 index a51d0fd..0000000 --- a/csaf-validator-lib/hunspell/getHunspellAvailableLangs.js +++ /dev/null @@ -1,18 +0,0 @@ -import path from 'node:path' -import { execFile } from 'node:child_process' - -export default async function getHunspellAvailableLangs() { - /** @type {string[]} */ - return await new Promise((resolve, reject) => { - const child = execFile('hunspell', ['-D'], (err, stdout, stderr) => { - if (err) reject(err) - resolve( - stderr - .split('\n') - .slice(3, -1) - .map((dct) => dct.split(path.sep).slice(-1)) - ) - }) - child.stdin?.end() - }) -} diff --git a/csaf-validator-lib/informativeTests.js b/csaf-validator-lib/informativeTests.js deleted file mode 100644 index 6b6c9a7..0000000 --- a/csaf-validator-lib/informativeTests.js +++ /dev/null @@ -1 +0,0 @@ -export * from './lib/informativeTests.js' diff --git a/csaf-validator-lib/lib/cwec.js b/csaf-validator-lib/lib/cwec.js deleted file mode 100644 index b42141a..0000000 --- a/csaf-validator-lib/lib/cwec.js +++ /dev/null @@ -1,74 +0,0 @@ -/** - * @typedef {object} CweWeakness - * @property {string} id - * @property {string} name - * @property {string} status - * @property {string} [usage] - */ - -/** - * @typedef {object} CweCatalogue - * @property {string} [date] - * @property {CweWeakness[]} weaknesses - */ - -/** @type {Map Promise<{ default: CweCatalogue }>>} */ -export const cwecMap = new Map([ - ['4.20', () => import('./cwec/4.20.js')], - ['4.19.1', () => import('./cwec/4.19.1.js')], - ['4.19', () => import('./cwec/4.19.js')], - ['4.18', () => import('./cwec/4.18.js')], - ['4.17', () => import('./cwec/4.17.js')], - ['4.16', () => import('./cwec/4.16.js')], - ['4.15', () => import('./cwec/4.15.js')], - ['4.14', () => import('./cwec/4.14.js')], - ['4.13', () => import('./cwec/4.13.js')], - ['4.12', () => import('./cwec/4.12.js')], - ['4.11', () => import('./cwec/4.11.js')], - ['4.10', () => import('./cwec/4.10.js')], - ['4.9', () => import('./cwec/4.9.js')], - ['4.8', () => import('./cwec/4.8.js')], - ['4.7', () => import('./cwec/4.7.js')], - ['4.6', () => import('./cwec/4.6.js')], - ['4.5', () => import('./cwec/4.5.js')], - ['4.4', () => import('./cwec/4.4.js')], - ['4.3', () => import('./cwec/4.3.js')], - ['4.2', () => import('./cwec/4.2.js')], - ['4.1', () => import('./cwec/4.1.js')], - ['4.0', () => import('./cwec/4.0.js')], - ['3.4.1', () => import('./cwec/3.4.1.js')], - ['3.4', () => import('./cwec/3.4.js')], - ['3.3', () => import('./cwec/3.3.js')], - ['3.2', () => import('./cwec/3.2.js')], - ['3.1', () => import('./cwec/3.1.js')], - ['3.0', () => import('./cwec/3.0.js')], - ['2.12', () => import('./cwec/2.12.js')], - ['2.11', () => import('./cwec/2.11.js')], - ['2.10', () => import('./cwec/2.10.js')], - ['2.9', () => import('./cwec/2.9.js')], - ['2.8', () => import('./cwec/2.8.js')], - ['2.7', () => import('./cwec/2.7.js')], - ['2.6', () => import('./cwec/2.6.js')], - ['2.5', () => import('./cwec/2.5.js')], - ['2.4', () => import('./cwec/2.4.js')], - ['2.3', () => import('./cwec/2.3.js')], - ['2.2', () => import('./cwec/2.2.js')], - ['2.1', () => import('./cwec/2.1.js')], - ['2.0', () => import('./cwec/2.0.js')], - ['1.13', () => import('./cwec/1.13.js')], - ['1.12', () => import('./cwec/1.12.js')], - ['1.11', () => import('./cwec/1.11.js')], - ['1.10', () => import('./cwec/1.10.js')], - ['1.9', () => import('./cwec/1.9.js')], - ['1.8.1', () => import('./cwec/1.8.1.js')], - ['1.8', () => import('./cwec/1.8.js')], - ['1.7', () => import('./cwec/1.7.js')], - ['1.6', () => import('./cwec/1.6.js')], - ['1.5', () => import('./cwec/1.5.js')], - ['1.4', () => import('./cwec/1.4.js')], - ['1.3', () => import('./cwec/1.3.js')], - ['1.2', () => import('./cwec/1.2.js')], - ['1.1', () => import('./cwec/1.1.js')], - ['1.0.1', () => import('./cwec/1.0.1.js')], - ['1.0', () => import('./cwec/1.0.js')], -]) diff --git a/csaf-validator-lib/lib/cwec/1.0.1.js b/csaf-validator-lib/lib/cwec/1.0.1.js deleted file mode 100644 index 4494af5..0000000 --- a/csaf-validator-lib/lib/cwec/1.0.1.js +++ /dev/null @@ -1,2441 +0,0 @@ -export default { - date: '2008-10-14', - weaknesses: [ - { - id: 'CWE-100', - name: 'Technology-Specific Input Validation Problems', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Insufficient Output Sanitization', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Incorrect Output Sanitization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource (aka 'Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Handling', - status: 'Draft', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Boundary Beginning Violation ('Buffer Underwrite')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { id: 'CWE-129', name: 'Unchecked Array Indexing', status: 'Draft' }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Failure to Handle Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Failure to Sanitize Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, - { - id: 'CWE-141', - name: 'Failure to Sanitize Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Failure to Sanitize Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Failure to Sanitize Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Failure to Sanitize Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Failure to Sanitize Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Failure to Sanitize Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Failure to Sanitize Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Failure to Sanitize Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Failure to Sanitize Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Failure to Sanitize Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Failure to Sanitize Comment Element', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Failure to Sanitize Macro Symbol', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Failure to Sanitize Substitution Character', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Failure to Sanitize Variable Name Delimiter', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Failure to Sanitize Wildcard or Matching Symbol', - status: 'Draft', - }, - { id: 'CWE-156', name: 'Failure to Sanitize Whitespace', status: 'Draft' }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Failure to Sanitize Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Failure to Sanitize Leading Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Failure to Sanitize Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Failure to Sanitize Trailing Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Failure to Sanitize Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Failure to Sanitize Internal Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Failure to Sanitize Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Failure to Handle Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Failure to Handle Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Failure to Resolve Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Failure to Handle Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Failure to Handle Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Failure to Handle Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Failure to Handle URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Failure to Resolve Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data Into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow (Wrap or Wraparound)', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Incorrect Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Insufficient Input Validation', status: 'Draft' }, - { - id: 'CWE-200', - name: 'Information Leak (Information Disclosure)', - status: 'Incomplete', - }, - { - id: 'CWE-201', - name: 'Information Leak Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Privacy Leak through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Discrepancy Information Leaks', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Behavioral Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Internal Behavioral Inconsistency Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'External Behavioral Inconsistency Information Leak', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Timing Discrepancy Information Leak', - status: 'Incomplete', - }, - { id: 'CWE-209', name: 'Error Message Information Leaks', status: 'Draft' }, - { - id: 'CWE-210', - name: 'Product-Generated Error Message Information Leak', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Product-External Error Message Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Cross-boundary Cleansing Information Leak', - status: 'Incomplete', - }, - { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, - { - id: 'CWE-214', - name: 'Process Environment Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Leak Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'Failure to Protect Stored Data from Modification', - status: 'Incomplete', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Failure to Fulfill API Contract (aka 'API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Failure to Handle Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { id: 'CWE-230', name: 'Failure to Handle Missing Value', status: 'Draft' }, - { id: 'CWE-231', name: 'Failure to Handle Extra Value', status: 'Draft' }, - { - id: 'CWE-232', - name: 'Failure to Handle Undefined Value', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Failure to Handle Extra Parameter', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Failure to Handle Undefined Parameter', - status: 'Draft', - }, - { id: 'CWE-237', name: 'Element Problems', status: 'Incomplete' }, - { - id: 'CWE-238', - name: 'Failure to Handle Missing Element', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Failure to Resolve Inconsistent Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Failure to Handle Wrong Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Failure to Change Working Directory in chroot Jail', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Failure to Clear Heap Memory Before Release (aka 'Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'Often Misused: Path Manipulation', - status: 'Incomplete', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Design Principle Violation: Failure to Use Least Privilege', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Misinterpreted Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Incomplete' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Insecure Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Failure to Check Whether Privileges Were Dropped Successfully', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Failure to Handle Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Insecure Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Insecure Execution-assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Failure to Handle Insufficient Permissions or Privileges', - status: 'Draft', - }, - { id: 'CWE-281', name: 'Permission Preservation Failure', status: 'Draft' }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { - id: 'CWE-284', - name: 'Access Control (Authorization) Issues', - status: 'Incomplete', - }, - { - id: 'CWE-285', - name: 'Missing or Inconsistent Access Control', - status: 'Draft', - }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Insufficient Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Failure to Follow Chain of Trust in Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Failure to Validate Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Failure to Validate Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Failure to Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint (aka 'Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Improper Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'No Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Failure to Restrict Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Failure to Encrypt Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Plaintext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Plaintext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Weak Encryption', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Incomplete', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Draft', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Failure to Handle Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { id: 'CWE-347', name: 'Improperly Verified Signature', status: 'Draft' }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Failure to Add Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Failure to Check Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Race Condition in Checking for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, - { - id: 'CWE-374', - name: 'Mutable Objects Passed by Reference', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Failure to Report Error in Status Code', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption (aka 'Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere (aka 'Resource Leak')", - status: 'Draft', - }, - { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Failure to Handle Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Failure to Resolve Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Lock on Critical Resource', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { id: 'CWE-423', name: 'Proxied Trusted Channel', status: 'Incomplete' }, - { - id: 'CWE-424', - name: 'Failure to Protect Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests (aka 'HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code (aka 'Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Failure to Use Default Case in Switch', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Unsafe Function Call from a Signal Handler', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { id: 'CWE-484', name: 'Omitted Break Statement', status: 'Draft' }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final (aka 'Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Untrusted Mobile Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Information Leak of System Data', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Information Leak through Class Cloning', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { id: 'CWE-500', name: 'Static Field Not Marked Final', status: 'Draft' }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Leak Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Leak Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Leak Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Information Leak Through CVS Repository', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Information Leak Through Core Dump Files', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Information Leak Through Access Control List Files', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Information Leak Through Backup (.~bk) Files', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Leak Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Leak Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Leak Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Leak Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Leak Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Leak Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Leak Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Leaks', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Leak Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Leak Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Leak Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Leak Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern in a Non-thread-safe Manner', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Leak Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Leak Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Use of Cookies in Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Access Control Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Failure to Resolve Links Before File Access (aka 'Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Invalid Pointer Not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Incorrect Syntactic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Leak Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { - id: 'CWE-600', - name: 'Failure to Catch All Exceptions (Missing Catch Block)', - status: 'Draft', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site (aka 'Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Design Principle Violation: Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Leak Through XML External Entity File Disclosure', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Leak Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: 'Sensitive Cookie in HTTPS Session Without "Secure" Attribute', - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Leak Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor (aka 'Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Design Principle Violation: Not Failing Securely (aka 'Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: 'Design Principle Violation: Not Using Economy of Mechanism', - status: 'Draft', - }, - { - id: 'CWE-638', - name: 'Design Principle Violation: Not Using Complete Mediation', - status: 'Draft', - }, - { - id: 'CWE-639', - name: 'Access Control Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of User State Data', - status: 'Incomplete', - }, - { - id: 'CWE-643', - name: "Failure to Sanitize Data within XPath Expressions (aka 'XPath injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Insufficient Sanitization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Improper Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Leak through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Failure to Sanitize Data within XQuery Expressions (aka 'XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Design Principle Violation: Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Design Principle Violation: Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Design Principle Violation: Failure to Satisfy Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Design Principle Violation: Reliance on Security through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Failure to Handle File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in an Unsynchronized Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Insufficient Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { - id: 'CWE-665', - name: 'Incorrect or Incomplete Initialization', - status: 'Draft', - }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Failure to Handle Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Design Principle Violation: Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Use of a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Failure to Provide Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Failure to Handle Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Error Handling', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Failure to Handle Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Failure to Enforce that Messages or Data are Well-Formed', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Apple HFS+ Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Insecure Permission Assignment for Resource', - status: 'Incomplete', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Failure to Sanitize Data into a Different Plane (aka 'Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-76', - name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', - status: 'Draft', - }, - { - id: 'CWE-77', - name: "Failure to Sanitize Data into a Control Plane (aka 'Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-78', - name: "Failure to Sanitize Data into an OS Command (aka 'OS Command Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-79', - name: "Failure to Sanitize Directives in a Web Page (aka 'Cross-site scripting' (XSS))", - status: 'Draft', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Failure to Sanitize Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Failure to Sanitize Directives in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Failure to Sanitize Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Failure to Sanitize Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-84', - name: 'Failure to Resolve Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { - id: 'CWE-87', - name: 'Failure to Sanitize Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Failure to Sanitize Data within SQL Queries (aka 'SQL Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Failure to Sanitize Data into LDAP Queries (aka 'LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'Insufficient Sanitization of Custom Special Characters', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Failure to Sanitize CRLF Sequences (aka 'CRLF Injection')", - status: 'Draft', - }, - { id: 'CWE-94', name: 'Code Injection', status: 'Draft' }, - { - id: 'CWE-95', - name: "Insufficient Control of Directives in Dynamically Evaluated Code (aka 'Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: 'Insufficient Control of Directives in Statically Saved Code (Static Code Injection)', - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Insufficient Control of Resource Identifiers (aka 'Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/1.0.js b/csaf-validator-lib/lib/cwec/1.0.js deleted file mode 100644 index 7f990de..0000000 --- a/csaf-validator-lib/lib/cwec/1.0.js +++ /dev/null @@ -1,2428 +0,0 @@ -export default { - date: '2008-09-09', - weaknesses: [ - { - id: 'CWE-100', - name: 'Technology-Specific Input Validation Problems', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Insufficient Output Sanitization', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Incorrect Output Sanitization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource (aka 'Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Handling', - status: 'Draft', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Boundary Beginning Violation ('Buffer Underwrite')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { id: 'CWE-129', name: 'Unchecked Array Indexing', status: 'Draft' }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Failure to Handle Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Failure to Sanitize Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, - { - id: 'CWE-141', - name: 'Failure to Sanitize Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Failure to Sanitize Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Failure to Sanitize Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Failure to Sanitize Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Failure to Sanitize Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Failure to Sanitize Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Failure to Sanitize Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Failure to Sanitize Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Failure to Sanitize Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Failure to Sanitize Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Failure to Sanitize Comment Element', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Failure to Sanitize Macro Symbol', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Failure to Sanitize Substitution Character', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Failure to Sanitize Variable Name Delimiter', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Failure to Sanitize Wildcard or Matching Symbol', - status: 'Draft', - }, - { id: 'CWE-156', name: 'Failure to Sanitize Whitespace', status: 'Draft' }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Failure to Sanitize Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Failure to Sanitize Leading Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Failure to Sanitize Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Failure to Sanitize Trailing Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Failure to Sanitize Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Failure to Sanitize Internal Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Failure to Sanitize Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Failure to Handle Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Failure to Handle Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Failure to Resolve Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Failure to Handle Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Failure to Handle Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Failure to Handle Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Failure to Handle URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Failure to Resolve Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data Into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow (Wrap or Wraparound)', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Incorrect Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Insufficient Input Validation', status: 'Draft' }, - { - id: 'CWE-200', - name: 'Information Leak (Information Disclosure)', - status: 'Incomplete', - }, - { - id: 'CWE-201', - name: 'Information Leak Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Privacy Leak through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Discrepancy Information Leaks', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Behavioral Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Internal Behavioral Inconsistency Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'External Behavioral Inconsistency Information Leak', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Timing Discrepancy Information Leak', - status: 'Incomplete', - }, - { id: 'CWE-209', name: 'Error Message Information Leaks', status: 'Draft' }, - { - id: 'CWE-210', - name: 'Product-Generated Error Message Information Leak', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Product-External Error Message Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Cross-boundary Cleansing Information Leak', - status: 'Incomplete', - }, - { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, - { - id: 'CWE-214', - name: 'Process Environment Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Leak Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'Failure to Protect Stored Data from Modification', - status: 'Incomplete', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Failure to Fulfill API Contract (aka 'API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Failure to Handle Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { id: 'CWE-230', name: 'Failure to Handle Missing Value', status: 'Draft' }, - { id: 'CWE-231', name: 'Failure to Handle Extra Value', status: 'Draft' }, - { - id: 'CWE-232', - name: 'Failure to Handle Undefined Value', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Failure to Handle Extra Parameter', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Failure to Handle Undefined Parameter', - status: 'Draft', - }, - { id: 'CWE-237', name: 'Element Problems', status: 'Incomplete' }, - { - id: 'CWE-238', - name: 'Failure to Handle Missing Element', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Failure to Resolve Inconsistent Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Failure to Handle Wrong Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Failure to Change Working Directory in chroot Jail', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Failure to Clear Heap Memory Before Release (aka 'Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'Often Misused: Path Manipulation', - status: 'Incomplete', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Design Principle Violation: Failure to Use Least Privilege', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Misinterpreted Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Incomplete' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Insecure Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Failure to Check Whether Privileges Were Dropped Successfully', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Failure to Handle Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Insecure Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Insecure Execution-assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Failure to Handle Insufficient Permissions or Privileges', - status: 'Draft', - }, - { id: 'CWE-281', name: 'Permission Preservation Failure', status: 'Draft' }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { - id: 'CWE-284', - name: 'Access Control (Authorization) Issues', - status: 'Incomplete', - }, - { - id: 'CWE-285', - name: 'Missing or Inconsistent Access Control', - status: 'Draft', - }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Insufficient Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Failure to Follow Chain of Trust in Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Failure to Validate Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Failure to Validate Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Failure to Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint (aka 'Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Improper Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'No Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Failure to Restrict Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Failure to Encrypt Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Plaintext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Plaintext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Weak Encryption', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Incomplete', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Draft', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Failure to Handle Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { id: 'CWE-347', name: 'Improperly Verified Signature', status: 'Draft' }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Failure to Add Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Failure to Check Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Race Condition in Checking for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, - { - id: 'CWE-374', - name: 'Mutable Objects Passed by Reference', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Failure to Report Error in Status Code', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { id: 'CWE-400', name: 'Resource Exhaustion', status: 'Incomplete' }, - { - id: 'CWE-401', - name: "Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere (aka 'Resource Leak')", - status: 'Draft', - }, - { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-406', name: 'Network Amplification', status: 'Incomplete' }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Failure to Handle Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Failure to Resolve Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Lock on Critical Resource', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { id: 'CWE-423', name: 'Proxied Trusted Channel', status: 'Incomplete' }, - { - id: 'CWE-424', - name: 'Failure to Protect Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests (aka 'HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code (aka 'Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Failure to Use Default Case in Switch', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Unsafe Function Call from a Signal Handler', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { id: 'CWE-484', name: 'Omitted Break Statement', status: 'Draft' }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final (aka 'Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Untrusted Mobile Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Information Leak of System Data', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Information Leak through Class Cloning', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { id: 'CWE-500', name: 'Static Field Not Marked Final', status: 'Draft' }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Leak Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Leak Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Leak Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Information Leak Through CVS Repository', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Information Leak Through Core Dump Files', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Information Leak Through Access Control List Files', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Information Leak Through Backup (.~bk) Files', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Leak Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Leak Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Leak Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Leak Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Leak Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Leak Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Leak Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Leaks', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Leak Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Leak Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Leak Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Leak Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern in a Non-thread-safe Manner', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Leak Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Leak Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Use of Cookies in Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Access Control Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'dirname/fakechild/../realchild/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Failure to Resolve Links Before File Access (aka 'Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Invalid Pointer Not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Incorrect Syntactic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Leak Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { - id: 'CWE-600', - name: 'Failure to Catch All Exceptions (Missing Catch Block)', - status: 'Draft', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site (aka 'Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Design Principle Violation: Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Leak Through XML External Entity File Disclosure', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Leak Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: 'Sensitive Cookie in HTTPS Session Without "Secure" Attribute', - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Leak Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor (aka 'Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Design Principle Violation: Not Failing Securely (aka 'Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: 'Design Principle Violation: Not Using Economy of Mechanism', - status: 'Draft', - }, - { - id: 'CWE-638', - name: 'Design Principle Violation: Not Using Complete Mediation', - status: 'Draft', - }, - { - id: 'CWE-639', - name: 'Access Control Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of User State Data', - status: 'Incomplete', - }, - { - id: 'CWE-643', - name: 'Unsafe Treatment of XPath Input', - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Insufficient Filtering of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Taking Actions based on File Name or Extension of a User Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Using Non-Canonical Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Improper Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Leak through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: 'Unsafe Treatment of XQuery Input', - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Design Principle Violation: Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Design Principle Violation: Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Design Principle Violation: Failure to Satisfy Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Design Principle Violation: Reliance on Security through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Failure to Handle File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in an Unsynchronized Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Insufficient Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { - id: 'CWE-665', - name: 'Incorrect or Incomplete Initialization', - status: 'Draft', - }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Failure to Handle Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Design Principle Violation: Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Use of a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Failure to Provide Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Failure to Handle Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Error Handling', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Failure to Handle Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Failure to Enforce that Messages or Data are Well-Formed', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Apple HFS+ Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Insecure Permission Assignment for Resource', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Failure to Sanitize Data into a Different Plane (aka 'Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-76', - name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', - status: 'Draft', - }, - { - id: 'CWE-77', - name: "Failure to Sanitize Data into a Control Plane (aka 'Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-78', - name: "Failure to Sanitize Data into an OS Command (aka 'OS Command Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-79', - name: "Failure to Sanitize Directives in a Web Page (aka 'Cross-site scripting' (XSS))", - status: 'Draft', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Failure to Sanitize Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Failure to Sanitize Directives in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Failure to Sanitize Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Failure to Sanitize Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-84', - name: 'Failure to Resolve Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { - id: 'CWE-87', - name: 'Failure to Sanitize Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Failure to Sanitize Data within SQL Queries (aka 'SQL Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Failure to Sanitize Data into LDAP Queries (aka 'LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'Custom Special Character Injection', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Failure to Sanitize CRLF Sequences (aka 'CRLF Injection')", - status: 'Draft', - }, - { id: 'CWE-94', name: 'Code Injection', status: 'Draft' }, - { - id: 'CWE-95', - name: "Insufficient Control of Directives in Dynamically Evaluated Code (aka 'Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: 'Insufficient Control of Directives in Statically Saved Code (Static Code Injection)', - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Insufficient Control of Resource Identifiers (aka 'Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/1.1.js b/csaf-validator-lib/lib/cwec/1.1.js deleted file mode 100644 index 44b2c7d..0000000 --- a/csaf-validator-lib/lib/cwec/1.1.js +++ /dev/null @@ -1,2458 +0,0 @@ -export default { - date: '2008-11-24', - weaknesses: [ - { - id: 'CWE-100', - name: 'Technology-Specific Input Validation Problems', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Insufficient Output Sanitization', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Incorrect Output Sanitization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource (aka 'Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Handling', - status: 'Draft', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Boundary Beginning Violation ('Buffer Underwrite')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { id: 'CWE-129', name: 'Unchecked Array Indexing', status: 'Draft' }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Failure to Handle Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Failure to Sanitize Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, - { - id: 'CWE-141', - name: 'Failure to Sanitize Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Failure to Sanitize Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Failure to Sanitize Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Failure to Sanitize Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Failure to Sanitize Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Failure to Sanitize Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Failure to Sanitize Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Failure to Sanitize Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Failure to Sanitize Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Failure to Sanitize Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Failure to Sanitize Comment Element', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Failure to Sanitize Macro Symbol', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Failure to Sanitize Substitution Character', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Failure to Sanitize Variable Name Delimiter', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Failure to Sanitize Wildcard or Matching Symbol', - status: 'Draft', - }, - { id: 'CWE-156', name: 'Failure to Sanitize Whitespace', status: 'Draft' }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Failure to Sanitize Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Failure to Sanitize Leading Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Failure to Sanitize Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Failure to Sanitize Trailing Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Failure to Sanitize Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Failure to Sanitize Internal Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Failure to Sanitize Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Failure to Handle Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Failure to Handle Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Failure to Resolve Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Failure to Handle Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Failure to Handle Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Failure to Handle Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Failure to Handle URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Failure to Resolve Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data Into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow (Wrap or Wraparound)', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Insufficient Input Validation', status: 'Draft' }, - { - id: 'CWE-200', - name: 'Information Leak (Information Disclosure)', - status: 'Incomplete', - }, - { - id: 'CWE-201', - name: 'Information Leak Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Privacy Leak through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Discrepancy Information Leaks', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Behavioral Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Internal Behavioral Inconsistency Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'External Behavioral Inconsistency Information Leak', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Timing Discrepancy Information Leak', - status: 'Incomplete', - }, - { id: 'CWE-209', name: 'Error Message Information Leaks', status: 'Draft' }, - { - id: 'CWE-210', - name: 'Product-Generated Error Message Information Leak', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Product-External Error Message Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Cross-boundary Cleansing Information Leak', - status: 'Incomplete', - }, - { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, - { - id: 'CWE-214', - name: 'Process Environment Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Leak Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'Failure to Protect Stored Data from Modification', - status: 'Incomplete', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Failure to Fulfill API Contract (aka 'API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Failure to Handle Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { id: 'CWE-230', name: 'Failure to Handle Missing Value', status: 'Draft' }, - { id: 'CWE-231', name: 'Failure to Handle Extra Value', status: 'Draft' }, - { - id: 'CWE-232', - name: 'Failure to Handle Undefined Value', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Failure to Handle Extra Parameter', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Failure to Handle Undefined Parameter', - status: 'Draft', - }, - { id: 'CWE-237', name: 'Element Problems', status: 'Incomplete' }, - { - id: 'CWE-238', - name: 'Failure to Handle Missing Element', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Failure to Resolve Inconsistent Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Failure to Handle Wrong Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Failure to Change Working Directory in chroot Jail', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Failure to Clear Heap Memory Before Release (aka 'Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'Often Misused: Path Manipulation', - status: 'Incomplete', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Design Principle Violation: Failure to Use Least Privilege', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Misinterpreted Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Incomplete' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Insecure Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Failure to Check Whether Privileges Were Dropped Successfully', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Failure to Handle Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Insecure Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Insecure Execution-assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Failure to Handle Insufficient Permissions or Privileges', - status: 'Draft', - }, - { id: 'CWE-281', name: 'Permission Preservation Failure', status: 'Draft' }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { - id: 'CWE-284', - name: 'Access Control (Authorization) Issues', - status: 'Incomplete', - }, - { - id: 'CWE-285', - name: 'Missing or Inconsistent Access Control', - status: 'Draft', - }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Insufficient Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Failure to Follow Chain of Trust in Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Failure to Validate Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Failure to Validate Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Failure to Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint (aka 'Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Improper Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'No Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Failure to Restrict Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Failure to Encrypt Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Plaintext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Plaintext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Weak Encryption', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Incomplete', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Draft', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Failure to Handle Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { id: 'CWE-347', name: 'Improperly Verified Signature', status: 'Draft' }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Failure to Add Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Failure to Check Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Race Condition in Checking for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, - { - id: 'CWE-374', - name: 'Mutable Objects Passed by Reference', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Failure to Report Error in Status Code', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption (aka 'Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere (aka 'Resource Leak')", - status: 'Draft', - }, - { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Failure to Handle Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Failure to Resolve Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Lock on Critical Resource', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Failure to Protect Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests (aka 'HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code (aka 'Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Failure to Use Default Case in Switch', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Unsafe Function Call from a Signal Handler', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final (aka 'Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Untrusted Mobile Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Information Leak of System Data', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Information Leak through Class Cloning', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Leak Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Leak Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Leak Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Information Leak Through CVS Repository', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Information Leak Through Core Dump Files', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Information Leak Through Access Control List Files', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Information Leak Through Backup (.~bk) Files', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Leak Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Leak Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Leak Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Leak Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Leak Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Leak Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Leak Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Leaks', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Leak Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Leak Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Leak Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Leak Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern in a Non-thread-safe Manner', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Leak Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Leak Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Use of Cookies in Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Access Control Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Failure to Resolve Links Before File Access (aka 'Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Invalid Pointer Not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Incorrect Syntactic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Leak Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { - id: 'CWE-600', - name: 'Failure to Catch All Exceptions (Missing Catch Block)', - status: 'Draft', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site (aka 'Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Design Principle Violation: Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Leak Through XML External Entity File Disclosure', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Leak Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: 'Sensitive Cookie in HTTPS Session Without "Secure" Attribute', - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Leak Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor (aka 'Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Design Principle Violation: Not Failing Securely (aka 'Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: 'Design Principle Violation: Not Using Economy of Mechanism', - status: 'Draft', - }, - { - id: 'CWE-638', - name: 'Design Principle Violation: Not Using Complete Mediation', - status: 'Draft', - }, - { - id: 'CWE-639', - name: 'Access Control Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of User State Data', - status: 'Incomplete', - }, - { - id: 'CWE-643', - name: "Failure to Sanitize Data within XPath Expressions (aka 'XPath injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Insufficient Sanitization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Improper Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Leak through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Failure to Sanitize Data within XQuery Expressions (aka 'XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Design Principle Violation: Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Design Principle Violation: Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Design Principle Violation: Failure to Satisfy Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Design Principle Violation: Reliance on Security through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Failure to Handle File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in an Unsynchronized Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Insufficient Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { - id: 'CWE-665', - name: 'Incorrect or Incomplete Initialization', - status: 'Draft', - }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Failure to Handle Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Design Principle Violation: Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Use of a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Failure to Provide Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Failure to Handle Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Error Handling', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Failure to Handle Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Failure to Enforce that Messages or Data are Well-Formed', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Failure to Handle Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Insecure Permission Assignment for Resource', - status: 'Incomplete', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Failure to Sanitize Data into a Different Plane (aka 'Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Insecure Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-76', - name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', - status: 'Draft', - }, - { - id: 'CWE-77', - name: "Failure to Sanitize Data into a Control Plane (aka 'Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-78', - name: "Failure to Sanitize Data into an OS Command (aka 'OS Command Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-79', - name: "Failure to Sanitize Directives in a Web Page (aka 'Cross-site scripting' (XSS))", - status: 'Draft', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Failure to Sanitize Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Failure to Sanitize Directives in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Failure to Sanitize Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Failure to Sanitize Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-84', - name: 'Failure to Resolve Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { - id: 'CWE-87', - name: 'Failure to Sanitize Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Failure to Sanitize Data within SQL Queries (aka 'SQL Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Failure to Sanitize Data into LDAP Queries (aka 'LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'Insufficient Sanitization of Custom Special Characters', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Failure to Sanitize CRLF Sequences (aka 'CRLF Injection')", - status: 'Draft', - }, - { id: 'CWE-94', name: 'Code Injection', status: 'Draft' }, - { - id: 'CWE-95', - name: "Insufficient Control of Directives in Dynamically Evaluated Code (aka 'Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: 'Insufficient Control of Directives in Statically Saved Code (Static Code Injection)', - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Insufficient Control of Resource Identifiers (aka 'Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/1.10.js b/csaf-validator-lib/lib/cwec/1.10.js deleted file mode 100644 index e33af71..0000000 --- a/csaf-validator-lib/lib/cwec/1.10.js +++ /dev/null @@ -1,2748 +0,0 @@ -export default { - date: '2010-09-27', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Failure to Resolve Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Failure to Handle Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Failure to Handle Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Failure to Handle Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Failure to Handle URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Failure to Resolve Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Privacy Leak through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Internal Behavioral Inconsistency Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Timing Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Product-Generated Error Message Information Leak', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Product-External Error Message Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, - { - id: 'CWE-214', - name: 'Process Environment Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Failure to Fulfill API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Failure to Change Working Directory in chroot Jail', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Failure to Clear Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { - id: 'CWE-284', - name: 'Access Control (Authorization) Issues', - status: 'Incomplete', - }, - { - id: 'CWE-285', - name: 'Improper Access Control (Authorization)', - status: 'Draft', - }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Improper Following of Chain of Trust for Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Failure to Add Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Failure to Report Error in Status Code', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Failure to Release Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Failure to Protect Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Unsafe Function Call from a Signal Handler', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Information Leak through Class Cloning', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Leak Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Leak Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Leak Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Leak Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Leak Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Leak Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Leak Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Leak Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Leak Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Leak Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Leak Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Leak Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Leak Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Leak Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Failure to Use a Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Leak Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Leak Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Access Control Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Leak Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { - id: 'CWE-600', - name: 'Failure to Catch All Exceptions in Servlet', - status: 'Draft', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Leak Through XML External Entity File Disclosure', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Leak Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Leak Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: 'Failure to Use Economy of Mechanism', - status: 'Draft', - }, - { - id: 'CWE-638', - name: 'Failure to Use Complete Mediation', - status: 'Draft', - }, - { - id: 'CWE-639', - name: 'Access Control Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Failure to Provide Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Failure to Handle Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Failure to Handle Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Failure to Control Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/1.11.js b/csaf-validator-lib/lib/cwec/1.11.js deleted file mode 100644 index e1a4a14..0000000 --- a/csaf-validator-lib/lib/cwec/1.11.js +++ /dev/null @@ -1,2779 +0,0 @@ -export default { - date: '2010-12-13', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Privacy Leak through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Internal Behavioral Inconsistency Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Timing Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Product-Generated Error Message Information Leak', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Product-External Error Message Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, - { - id: 'CWE-214', - name: 'Process Environment Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Failure to Fulfill API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { - id: 'CWE-284', - name: 'Access Control (Authorization) Issues', - status: 'Incomplete', - }, - { - id: 'CWE-285', - name: 'Improper Access Control (Authorization)', - status: 'Draft', - }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Improper Following of Chain of Trust for Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Information Leak through Class Cloning', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Leak Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Leak Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Leak Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Leak Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Leak Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Leak Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Leak Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Leak Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Leak Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Leak Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Leak Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Leak Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Leak Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Leak Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Leak Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Leak Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Access Control Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Leak Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Leak Through XML External Entity File Disclosure', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Leak Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Leak Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Access Control Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Failure to Provide Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Failure to Control Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/1.12.js b/csaf-validator-lib/lib/cwec/1.12.js deleted file mode 100644 index abe4037..0000000 --- a/csaf-validator-lib/lib/cwec/1.12.js +++ /dev/null @@ -1,2823 +0,0 @@ -export default { - date: '2011-03-30', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through External Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Improper Fulfillment of API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Improper Following of Chain of Trust for Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: 'Exposure of File Descriptor to Unintended Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Exposure Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Exposure Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Exposure Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Exposure Through XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/1.13.js b/csaf-validator-lib/lib/cwec/1.13.js deleted file mode 100644 index 07ce4a8..0000000 --- a/csaf-validator-lib/lib/cwec/1.13.js +++ /dev/null @@ -1,2830 +0,0 @@ -export default { - date: '2011-06-01', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through External Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Improper Fulfillment of API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Improper Following of Chain of Trust for Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: 'Exposure of File Descriptor to Unintended Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Exposure Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Exposure Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Exposure Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Exposure Through XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/1.2.js b/csaf-validator-lib/lib/cwec/1.2.js deleted file mode 100644 index 5f582bf..0000000 --- a/csaf-validator-lib/lib/cwec/1.2.js +++ /dev/null @@ -1,2458 +0,0 @@ -export default { - date: '2009-01-12', - weaknesses: [ - { - id: 'CWE-100', - name: 'Technology-Specific Input Validation Problems', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Incorrect Output Sanitization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource (aka 'Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Handling', - status: 'Draft', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Boundary Beginning Violation ('Buffer Underwrite')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { id: 'CWE-129', name: 'Unchecked Array Indexing', status: 'Draft' }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Failure to Handle Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Failure to Sanitize Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, - { - id: 'CWE-141', - name: 'Failure to Sanitize Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Failure to Sanitize Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Failure to Sanitize Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Failure to Sanitize Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Failure to Sanitize Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Failure to Sanitize Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Failure to Sanitize Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Failure to Sanitize Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Failure to Sanitize Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Failure to Sanitize Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Failure to Sanitize Comment Element', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Failure to Sanitize Macro Symbol', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Failure to Sanitize Substitution Character', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Failure to Sanitize Variable Name Delimiter', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Failure to Sanitize Wildcard or Matching Symbol', - status: 'Draft', - }, - { id: 'CWE-156', name: 'Failure to Sanitize Whitespace', status: 'Draft' }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Failure to Sanitize Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Failure to Sanitize Leading Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Failure to Sanitize Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Failure to Sanitize Trailing Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Failure to Sanitize Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Failure to Sanitize Internal Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Failure to Sanitize Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Failure to Handle Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Failure to Handle Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Failure to Resolve Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Failure to Handle Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Failure to Handle Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Failure to Handle Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Failure to Handle URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Failure to Resolve Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data Into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Draft' }, - { - id: 'CWE-200', - name: 'Information Leak (Information Disclosure)', - status: 'Incomplete', - }, - { - id: 'CWE-201', - name: 'Information Leak Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Privacy Leak through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Discrepancy Information Leaks', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Behavioral Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Internal Behavioral Inconsistency Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'External Behavioral Inconsistency Information Leak', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Timing Discrepancy Information Leak', - status: 'Incomplete', - }, - { id: 'CWE-209', name: 'Error Message Information Leak', status: 'Draft' }, - { - id: 'CWE-210', - name: 'Product-Generated Error Message Information Leak', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Product-External Error Message Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Cross-boundary Cleansing Information Leak', - status: 'Incomplete', - }, - { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, - { - id: 'CWE-214', - name: 'Process Environment Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Leak Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'Failure to Protect Stored Data from Modification', - status: 'Incomplete', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Failure to Fulfill API Contract (aka 'API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Failure to Handle Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { id: 'CWE-230', name: 'Failure to Handle Missing Value', status: 'Draft' }, - { id: 'CWE-231', name: 'Failure to Handle Extra Value', status: 'Draft' }, - { - id: 'CWE-232', - name: 'Failure to Handle Undefined Value', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Failure to Handle Extra Parameter', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Failure to Handle Undefined Parameter', - status: 'Draft', - }, - { id: 'CWE-237', name: 'Element Problems', status: 'Incomplete' }, - { - id: 'CWE-238', - name: 'Failure to Handle Missing Element', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Failure to Resolve Inconsistent Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Failure to Handle Wrong Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Failure to Change Working Directory in chroot Jail', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Failure to Clear Heap Memory Before Release (aka 'Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'Often Misused: Path Manipulation', - status: 'Incomplete', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Misinterpreted Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Insecure Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Failure to Check Whether Privileges Were Dropped Successfully', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Failure to Handle Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Insecure Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Insecure Execution-assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Failure to Handle Insufficient Permissions or Privileges', - status: 'Draft', - }, - { id: 'CWE-281', name: 'Permission Preservation Failure', status: 'Draft' }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { - id: 'CWE-284', - name: 'Access Control (Authorization) Issues', - status: 'Incomplete', - }, - { - id: 'CWE-285', - name: 'Improper Access Control (Authorization)', - status: 'Draft', - }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Failure to Follow Chain of Trust in Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Failure to Validate Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Failure to Validate Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Failure to Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint (aka 'Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Improper Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'No Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Failure to Restrict Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Failure to Encrypt Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Weak Encryption', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Draft', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Failure to Handle Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { id: 'CWE-347', name: 'Improperly Verified Signature', status: 'Draft' }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Failure to Add Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Failure to Check Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Race Condition in Checking for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, - { - id: 'CWE-374', - name: 'Mutable Objects Passed by Reference', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Failure to Report Error in Status Code', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption (aka 'Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere (aka 'Resource Leak')", - status: 'Draft', - }, - { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Failure to Handle Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Failure to Resolve Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Lock on Critical Resource', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Failure to Protect Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests (aka 'HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code (aka 'Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Failure to Use Default Case in Switch', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Unsafe Function Call from a Signal Handler', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final (aka 'Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Information Leak of System Data', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Information Leak through Class Cloning', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Leak Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Leak Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Leak Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Information Leak Through CVS Repository', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Information Leak Through Core Dump Files', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Information Leak Through Access Control List Files', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Information Leak Through Backup (.~bk) Files', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Leak Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Leak Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Leak Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Leak Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Leak Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Leak Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Leak Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Leaks', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Leak Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Leak Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Leak Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Leak Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern in a Non-thread-safe Manner', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Leak Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Leak Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Use of Cookies in Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Access Control Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Failure to Resolve Links Before File Access (aka 'Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Invalid Pointer Not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Incorrect Syntactic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Leak Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { - id: 'CWE-600', - name: 'Failure to Catch All Exceptions (Missing Catch Block)', - status: 'Draft', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site (aka 'Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Leak Through XML External Entity File Disclosure', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Leak Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: 'Sensitive Cookie in HTTPS Session Without "Secure" Attribute', - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Leak Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor (aka 'Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely (aka 'Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: 'Failure to Use Economy of Mechanism', - status: 'Draft', - }, - { - id: 'CWE-638', - name: 'Failure to Use Complete Mediation', - status: 'Draft', - }, - { - id: 'CWE-639', - name: 'Access Control Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Failure to Sanitize Data within XPath Expressions (aka 'XPath injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Insufficient Sanitization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Improper Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Leak through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Failure to Sanitize Data within XQuery Expressions (aka 'XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Failure to Satisfy Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Failure to Handle File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in an Unsynchronized Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Insufficient Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Failure to Handle Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Use of a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Failure to Provide Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Failure to Handle Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Error Handling', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Failure to Handle Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Failure to Enforce that Messages or Data are Well-Formed', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Failure to Handle Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Insecure Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Failure to Sanitize Data into a Different Plane (aka 'Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-76', - name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', - status: 'Draft', - }, - { - id: 'CWE-77', - name: "Failure to Sanitize Data into a Control Plane (aka 'Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-78', - name: "Failure to Preserve OS Command Structure (aka 'OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-79', - name: "Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')", - status: 'Draft', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Failure to Sanitize Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Failure to Sanitize Directives in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Failure to Sanitize Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Failure to Sanitize Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-84', - name: 'Failure to Resolve Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { - id: 'CWE-87', - name: 'Failure to Sanitize Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Failure to Preserve SQL Query Structure (aka 'SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Failure to Sanitize Data into LDAP Queries (aka 'LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'Insufficient Sanitization of Custom Special Characters', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Failure to Sanitize CRLF Sequences (aka 'CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Failure to Control Generation of Code (aka 'Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Insufficient Control of Directives in Dynamically Evaluated Code (aka 'Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: 'Insufficient Control of Directives in Statically Saved Code (Static Code Injection)', - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Insufficient Control of Resource Identifiers (aka 'Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/1.3.js b/csaf-validator-lib/lib/cwec/1.3.js deleted file mode 100644 index d0979a8..0000000 --- a/csaf-validator-lib/lib/cwec/1.3.js +++ /dev/null @@ -1,2505 +0,0 @@ -export default { - date: '2009-03-10', - weaknesses: [ - { - id: 'CWE-100', - name: 'Technology-Specific Input Validation Problems', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Incorrect Output Sanitization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource (aka 'Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Boundary Beginning Violation ('Buffer Underwrite')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { id: 'CWE-129', name: 'Unchecked Array Indexing', status: 'Draft' }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Sanitization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, - { - id: 'CWE-141', - name: 'Failure to Sanitize Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Failure to Sanitize Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Failure to Sanitize Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Failure to Sanitize Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Failure to Sanitize Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Failure to Sanitize Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Sanitization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Failure to Sanitize Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Failure to Sanitize Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Failure to Sanitize Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Sanitization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Sanitization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Sanitization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Sanitization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Sanitization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Sanitization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Failure to Sanitize Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Failure to Sanitize Leading Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Failure to Sanitize Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Failure to Sanitize Trailing Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Failure to Sanitize Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Failure to Sanitize Internal Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Failure to Sanitize Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Failure to Handle Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Failure to Handle Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Failure to Resolve Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Failure to Handle Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Failure to Handle Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Failure to Handle Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Failure to Handle URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Failure to Resolve Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data Into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Draft' }, - { - id: 'CWE-200', - name: 'Information Leak (Information Disclosure)', - status: 'Incomplete', - }, - { - id: 'CWE-201', - name: 'Information Leak Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Privacy Leak through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Discrepancy Information Leaks', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Behavioral Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Internal Behavioral Inconsistency Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'External Behavioral Inconsistency Information Leak', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Timing Discrepancy Information Leak', - status: 'Incomplete', - }, - { id: 'CWE-209', name: 'Error Message Information Leak', status: 'Draft' }, - { - id: 'CWE-210', - name: 'Product-Generated Error Message Information Leak', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Product-External Error Message Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Cross-boundary Cleansing Information Leak', - status: 'Incomplete', - }, - { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, - { - id: 'CWE-214', - name: 'Process Environment Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Leak Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'Failure to Protect Stored Data from Modification', - status: 'Incomplete', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Failure to Fulfill API Contract (aka 'API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Failure to Change Working Directory in chroot Jail', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Failure to Clear Heap Memory Before Release (aka 'Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'Often Misused: Path Manipulation', - status: 'Incomplete', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Insecure Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Successfully Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Failure to Handle Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Insecure Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Insecure Execution-assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { id: 'CWE-281', name: 'Permission Preservation Failure', status: 'Draft' }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { - id: 'CWE-284', - name: 'Access Control (Authorization) Issues', - status: 'Incomplete', - }, - { - id: 'CWE-285', - name: 'Improper Access Control (Authorization)', - status: 'Draft', - }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Improper Following of Chain of Trust for Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint (aka 'Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Improper Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'No Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Failure to Restrict Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Failure to Encrypt Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Weak Encryption', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Draft', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Failure to Handle Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { id: 'CWE-347', name: 'Improperly Verified Signature', status: 'Draft' }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Failure to Add Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Race Condition in Checking for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, - { - id: 'CWE-374', - name: 'Mutable Objects Passed by Reference', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Failure to Report Error in Status Code', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption (aka 'Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere (aka 'Resource Leak')", - status: 'Draft', - }, - { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Failure to Handle Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Failure to Resolve Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Lock on Critical Resource', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Failure to Protect Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests (aka 'HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code (aka 'Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Failure to Use Default Case in Switch', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Unsafe Function Call from a Signal Handler', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final (aka 'Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Information Leak of System Data', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Information Leak through Class Cloning', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Leak Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Leak Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Leak Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Information Leak Through CVS Repository', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Information Leak Through Core Dump Files', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Information Leak Through Access Control List Files', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Information Leak Through Backup (.~bk) Files', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Leak Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Leak Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Leak Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Leak Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Leak Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Leak Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Leak Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Leaks', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Leak Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Leak Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Leak Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Leak Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern in a Non-thread-safe Manner', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Failure to Use a Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Leak Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Leak Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Use of Cookies in Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Access Control Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Failure to Resolve Links Before File Access (aka 'Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Invalid Pointer Not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Incorrect Syntactic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Leak Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { - id: 'CWE-600', - name: 'Failure to Catch All Exceptions in Servlet', - status: 'Draft', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site (aka 'Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Leak Through XML External Entity File Disclosure', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Leak Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Leak Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor (aka 'Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely (aka 'Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: 'Failure to Use Economy of Mechanism', - status: 'Draft', - }, - { - id: 'CWE-638', - name: 'Failure to Use Complete Mediation', - status: 'Draft', - }, - { - id: 'CWE-639', - name: 'Access Control Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Failure to Sanitize Data within XPath Expressions (aka 'XPath injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Insufficient Sanitization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Improper Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Leak through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Failure to Sanitize Data within XQuery Expressions (aka 'XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Failure to Satisfy Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in an Unsynchronized Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Insufficient Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Use of a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Failure to Provide Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Failure to Handle Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Failure to Handle Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Failure to Enforce that Messages or Data are Well-Formed', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Failure to Handle Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Insecure Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Failure to Sanitize Data into a Different Plane (aka 'Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Failure to Sanitize Data into a Control Plane (aka 'Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-78', - name: "Failure to Preserve OS Command Structure (aka 'OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-79', - name: "Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')", - status: 'Draft', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Failure to Sanitize Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Failure to Sanitize Directives in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Failure to Sanitize Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Failure to Sanitize Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-84', - name: 'Failure to Resolve Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { - id: 'CWE-87', - name: 'Failure to Sanitize Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Failure to Preserve SQL Query Structure (aka 'SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Failure to Sanitize Data into LDAP Queries (aka 'LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'Insufficient Sanitization of Custom Special Characters', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Failure to Sanitize CRLF Sequences (aka 'CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Failure to Control Generation of Code (aka 'Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Insufficient Control of Directives in Dynamically Evaluated Code (aka 'Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: 'Insufficient Control of Directives in Statically Saved Code (Static Code Injection)', - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Insufficient Control of Resource Identifiers (aka 'Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/1.4.js b/csaf-validator-lib/lib/cwec/1.4.js deleted file mode 100644 index 1fd5057..0000000 --- a/csaf-validator-lib/lib/cwec/1.4.js +++ /dev/null @@ -1,2583 +0,0 @@ -export default { - date: '2009-05-27', - weaknesses: [ - { - id: 'CWE-100', - name: 'Technology-Specific Input Validation Problems', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Sanitization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Boundary Beginning Violation ('Buffer Underwrite')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { id: 'CWE-129', name: 'Unchecked Array Indexing', status: 'Draft' }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Sanitization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, - { - id: 'CWE-141', - name: 'Failure to Sanitize Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Failure to Sanitize Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Failure to Sanitize Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Failure to Sanitize Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Failure to Sanitize Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Failure to Sanitize Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Sanitization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Failure to Sanitize Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Failure to Sanitize Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Failure to Sanitize Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Sanitization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Sanitization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Sanitization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Sanitization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Sanitization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Sanitization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Failure to Sanitize Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Sanitization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Sanitization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Sanitization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Sanitization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Sanitization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Sanitization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Failure to Resolve Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Failure to Handle Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Failure to Handle Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Failure to Handle Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Failure to Handle URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Failure to Resolve Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data Into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Draft' }, - { - id: 'CWE-200', - name: 'Information Leak (Information Disclosure)', - status: 'Incomplete', - }, - { - id: 'CWE-201', - name: 'Information Leak Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Privacy Leak through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Discrepancy Information Leaks', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Behavioral Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Internal Behavioral Inconsistency Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'External Behavioral Inconsistency Information Leak', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Timing Discrepancy Information Leak', - status: 'Incomplete', - }, - { id: 'CWE-209', name: 'Error Message Information Leak', status: 'Draft' }, - { - id: 'CWE-210', - name: 'Product-Generated Error Message Information Leak', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Product-External Error Message Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Cross-boundary Cleansing Information Leak', - status: 'Incomplete', - }, - { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, - { - id: 'CWE-214', - name: 'Process Environment Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Leak Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Failure to Fulfill API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Failure to Change Working Directory in chroot Jail', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Failure to Clear Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'Often Misused: Path Manipulation', - status: 'Incomplete', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { - id: 'CWE-284', - name: 'Access Control (Authorization) Issues', - status: 'Incomplete', - }, - { - id: 'CWE-285', - name: 'Improper Access Control (Authorization)', - status: 'Draft', - }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Improper Following of Chain of Trust for Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'No Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Failure to Restrict Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Failure to Encrypt Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Weak Encryption', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Draft', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Failure to Add Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, - { - id: 'CWE-374', - name: 'Mutable Objects Passed by Reference', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Failure to Report Error in Status Code', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Failure to Release Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Lock on Critical Resource', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Failure to Protect Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Unsafe Function Call from a Signal Handler', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Information Leak of System Data', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Information Leak through Class Cloning', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Leak Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Leak Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Leak Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Information Leak Through CVS Repository', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Information Leak Through Core Dump Files', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Information Leak Through Access Control List Files', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Information Leak Through Backup (.~bk) Files', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Leak Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Leak Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Leak Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Leak Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Leak Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Leak Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Leak Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Leaks', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Leak Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Leak Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Leak Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Leak Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern in a Non-thread-safe Manner', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Failure to Use a Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Leak Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Leak Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Use of Cookies in Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Access Control Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Leak Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { - id: 'CWE-600', - name: 'Failure to Catch All Exceptions in Servlet', - status: 'Draft', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Leak Through XML External Entity File Disclosure', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Leak Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Leak Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: 'Failure to Use Economy of Mechanism', - status: 'Draft', - }, - { - id: 'CWE-638', - name: 'Failure to Use Complete Mediation', - status: 'Draft', - }, - { - id: 'CWE-639', - name: 'Access Control Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Failure to Sanitize Data within XPath Expressions ('XPath injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Sanitization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Leak through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Failure to Sanitize Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in an Unsynchronized Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Use of a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Failure to Provide Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Failure to Handle Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Failure to Handle Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Failure to Sanitize Data into a Different Plane ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Failure to Sanitize Data into a Control Plane ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-78', - name: "Failure to Preserve OS Command Structure ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-79', - name: "Failure to Preserve Web Page Structure ('Cross-site Scripting')", - status: 'Draft', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Sanitization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Sanitization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Failure to Sanitize Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-84', - name: 'Failure to Resolve Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { - id: 'CWE-87', - name: 'Failure to Sanitize Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Failure to Preserve SQL Query Structure ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Failure to Sanitize Data into LDAP Queries ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'Improper Sanitization of Custom Special Characters', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Failure to Sanitize CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Failure to Control Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Sanitization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/1.5.js b/csaf-validator-lib/lib/cwec/1.5.js deleted file mode 100644 index b596665..0000000 --- a/csaf-validator-lib/lib/cwec/1.5.js +++ /dev/null @@ -1,2621 +0,0 @@ -export default { - date: '2009-07-27', - weaknesses: [ - { - id: 'CWE-100', - name: 'Technology-Specific Input Validation Problems', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Sanitization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Boundary Beginning Violation ('Buffer Underwrite')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { id: 'CWE-129', name: 'Unchecked Array Indexing', status: 'Draft' }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Sanitization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, - { - id: 'CWE-141', - name: 'Failure to Sanitize Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Failure to Sanitize Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Failure to Sanitize Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Failure to Sanitize Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Failure to Sanitize Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Failure to Sanitize Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Sanitization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Failure to Sanitize Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Failure to Sanitize Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Failure to Sanitize Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Sanitization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Sanitization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Sanitization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Sanitization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Sanitization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Sanitization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Failure to Sanitize Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Sanitization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Sanitization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Sanitization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Sanitization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Sanitization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Sanitization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Failure to Resolve Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Failure to Handle Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Failure to Handle Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Failure to Handle Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Failure to Handle URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Failure to Resolve Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data Into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Draft' }, - { - id: 'CWE-200', - name: 'Information Leak (Information Disclosure)', - status: 'Incomplete', - }, - { - id: 'CWE-201', - name: 'Information Leak Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Privacy Leak through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Discrepancy Information Leaks', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Behavioral Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Internal Behavioral Inconsistency Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'External Behavioral Inconsistency Information Leak', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Timing Discrepancy Information Leak', - status: 'Incomplete', - }, - { id: 'CWE-209', name: 'Error Message Information Leak', status: 'Draft' }, - { - id: 'CWE-210', - name: 'Product-Generated Error Message Information Leak', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Product-External Error Message Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Cross-boundary Cleansing Information Leak', - status: 'Incomplete', - }, - { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, - { - id: 'CWE-214', - name: 'Process Environment Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Leak Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Failure to Fulfill API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Failure to Change Working Directory in chroot Jail', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Failure to Clear Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { - id: 'CWE-284', - name: 'Access Control (Authorization) Issues', - status: 'Incomplete', - }, - { - id: 'CWE-285', - name: 'Improper Access Control (Authorization)', - status: 'Draft', - }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Improper Following of Chain of Trust for Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'No Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Failure to Restrict Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Failure to Encrypt Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Draft', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Failure to Add Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, - { - id: 'CWE-374', - name: 'Mutable Objects Passed by Reference', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Failure to Report Error in Status Code', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Failure to Release Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Failure to Protect Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Unsafe Function Call from a Signal Handler', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Information Leak of System Data', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Information Leak through Class Cloning', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Leak Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Leak Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Leak Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Information Leak Through CVS Repository', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Information Leak Through Core Dump Files', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Information Leak Through Access Control List Files', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Information Leak Through Backup (.~bk) Files', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Leak Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Leak Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Leak Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Leak Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Leak Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Leak Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Leak Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Leaks', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Leak Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Leak Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Leak Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Leak Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern in a Non-thread-safe Manner', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Failure to Use a Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Leak Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Leak Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Access Control Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Leak Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { - id: 'CWE-600', - name: 'Failure to Catch All Exceptions in Servlet', - status: 'Draft', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Leak Through XML External Entity File Disclosure', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Leak Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Leak Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: 'Failure to Use Economy of Mechanism', - status: 'Draft', - }, - { - id: 'CWE-638', - name: 'Failure to Use Complete Mediation', - status: 'Draft', - }, - { - id: 'CWE-639', - name: 'Access Control Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Failure to Sanitize Data within XPath Expressions ('XPath injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Sanitization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Leak through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Failure to Sanitize Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in an Unsynchronized Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Use of a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Failure to Provide Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Failure to Handle Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Failure to Handle Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Failure to Sanitize Data into a Different Plane ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Sanitization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-79', - name: "Failure to Preserve Web Page Structure ('Cross-site Scripting')", - status: 'Draft', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Sanitization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Sanitization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Failure to Sanitize Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-84', - name: 'Failure to Resolve Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { - id: 'CWE-87', - name: 'Failure to Sanitize Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Failure to Sanitize Data into LDAP Queries ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-93', - name: "Failure to Sanitize CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Failure to Control Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Sanitization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/1.6.js b/csaf-validator-lib/lib/cwec/1.6.js deleted file mode 100644 index bc70ee7..0000000 --- a/csaf-validator-lib/lib/cwec/1.6.js +++ /dev/null @@ -1,2632 +0,0 @@ -export default { - date: '2009-10-29', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Sanitization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Sanitization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, - { - id: 'CWE-141', - name: 'Failure to Sanitize Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Failure to Sanitize Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Failure to Sanitize Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Failure to Sanitize Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Failure to Sanitize Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Failure to Sanitize Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Sanitization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Failure to Sanitize Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Failure to Sanitize Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Failure to Sanitize Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Sanitization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Sanitization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Sanitization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Sanitization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Sanitization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Sanitization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Failure to Sanitize Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Sanitization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Sanitization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Sanitization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Sanitization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Sanitization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Sanitization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Failure to Resolve Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Failure to Handle Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Failure to Handle Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Failure to Handle Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Failure to Handle URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Failure to Resolve Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data Into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { - id: 'CWE-200', - name: 'Information Leak (Information Disclosure)', - status: 'Incomplete', - }, - { - id: 'CWE-201', - name: 'Information Leak Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Privacy Leak through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Discrepancy Information Leaks', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Behavioral Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Internal Behavioral Inconsistency Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'External Behavioral Inconsistency Information Leak', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Timing Discrepancy Information Leak', - status: 'Incomplete', - }, - { id: 'CWE-209', name: 'Error Message Information Leak', status: 'Draft' }, - { - id: 'CWE-210', - name: 'Product-Generated Error Message Information Leak', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Product-External Error Message Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Cross-boundary Cleansing Information Leak', - status: 'Incomplete', - }, - { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, - { - id: 'CWE-214', - name: 'Process Environment Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Leak Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Failure to Fulfill API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Failure to Change Working Directory in chroot Jail', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Failure to Clear Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { - id: 'CWE-284', - name: 'Access Control (Authorization) Issues', - status: 'Incomplete', - }, - { - id: 'CWE-285', - name: 'Improper Access Control (Authorization)', - status: 'Draft', - }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Improper Following of Chain of Trust for Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'No Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Failure to Restrict Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Failure to Encrypt Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Draft', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Failure to Add Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, - { - id: 'CWE-374', - name: 'Mutable Objects Passed by Reference', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Failure to Report Error in Status Code', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Failure to Release Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Failure to Protect Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Unsafe Function Call from a Signal Handler', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Information Leak of System Data', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Information Leak through Class Cloning', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Leak Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Leak Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Leak Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Information Leak Through CVS Repository', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Information Leak Through Core Dump Files', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Information Leak Through Access Control List Files', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Information Leak Through Backup (.~bk) Files', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Leak Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Leak Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Leak Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Leak Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Leak Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Leak Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Leak Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Leaks', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Leak Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Leak Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Leak Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Leak Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern in a Non-thread-safe Manner', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Failure to Use a Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Leak Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Leak Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Access Control Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Leak Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { - id: 'CWE-600', - name: 'Failure to Catch All Exceptions in Servlet', - status: 'Draft', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Leak Through XML External Entity File Disclosure', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Leak Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Leak Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: 'Failure to Use Economy of Mechanism', - status: 'Draft', - }, - { - id: 'CWE-638', - name: 'Failure to Use Complete Mediation', - status: 'Draft', - }, - { - id: 'CWE-639', - name: 'Access Control Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Failure to Sanitize Data within XPath Expressions ('XPath injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Sanitization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Leak through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Failure to Sanitize Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in an Unsynchronized Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Use of a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Failure to Provide Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Failure to Handle Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Failure to Handle Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Failure to Sanitize Data into a Different Plane ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Sanitization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Failure to Preserve Web Page Structure ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Sanitization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Sanitization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Failure to Sanitize Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-84', - name: 'Failure to Resolve Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { - id: 'CWE-87', - name: 'Failure to Sanitize Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Failure to Sanitize Data into LDAP Queries ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-93', - name: "Failure to Sanitize CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Failure to Control Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Sanitization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/1.7.js b/csaf-validator-lib/lib/cwec/1.7.js deleted file mode 100644 index 29e2619..0000000 --- a/csaf-validator-lib/lib/cwec/1.7.js +++ /dev/null @@ -1,2672 +0,0 @@ -export default { - date: '2009-12-28', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Sanitization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Sanitization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, - { - id: 'CWE-141', - name: 'Failure to Sanitize Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Failure to Sanitize Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Failure to Sanitize Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Failure to Sanitize Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Failure to Sanitize Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Failure to Sanitize Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Sanitization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Failure to Sanitize Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Failure to Sanitize Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Failure to Sanitize Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Sanitization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Sanitization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Sanitization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Sanitization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Sanitization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Sanitization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Failure to Sanitize Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Sanitization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Sanitization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Sanitization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Sanitization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Sanitization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Sanitization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Failure to Resolve Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Failure to Handle Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Failure to Handle Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Failure to Handle Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Failure to Handle URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Failure to Resolve Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data Into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Leak Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Privacy Leak through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Internal Behavioral Inconsistency Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Timing Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Product-Generated Error Message Information Leak', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Product-External Error Message Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Cleansing', - status: 'Incomplete', - }, - { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, - { - id: 'CWE-214', - name: 'Process Environment Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Leak Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Failure to Fulfill API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Failure to Change Working Directory in chroot Jail', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Failure to Clear Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { - id: 'CWE-284', - name: 'Access Control (Authorization) Issues', - status: 'Incomplete', - }, - { - id: 'CWE-285', - name: 'Improper Access Control (Authorization)', - status: 'Draft', - }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Improper Following of Chain of Trust for Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'No Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Failure to Restrict Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Failure to Encrypt Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Failure to Add Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, - { - id: 'CWE-374', - name: 'Mutable Objects Passed by Reference', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Failure to Report Error in Status Code', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Failure to Release Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Failure to Protect Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Unsafe Function Call from a Signal Handler', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Information Leak through Class Cloning', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Leak Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Leak Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Leak Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Leak Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Leak Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Leak Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Leak Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Leak Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Leak Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Leak Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Leak Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Leak Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Leak Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Leak Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern in a Non-thread-safe Manner', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Failure to Use a Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Leak Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Leak Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Access Control Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Leak Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { - id: 'CWE-600', - name: 'Failure to Catch All Exceptions in Servlet', - status: 'Draft', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Leak Through XML External Entity File Disclosure', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Leak Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Leak Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: 'Failure to Use Economy of Mechanism', - status: 'Draft', - }, - { - id: 'CWE-638', - name: 'Failure to Use Complete Mediation', - status: 'Draft', - }, - { - id: 'CWE-639', - name: 'Access Control Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Failure to Sanitize Data within XPath Expressions ('XPath injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Sanitization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Leak through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Failure to Sanitize Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in an Unsynchronized Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Use of a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Failure to Provide Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Failure to Handle Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Failure to Handle Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Failure to Sanitize Data into a Different Plane ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Sanitization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Failure to Preserve Web Page Structure ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Sanitization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Sanitization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Failure to Sanitize Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-84', - name: 'Failure to Resolve Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { - id: 'CWE-87', - name: 'Failure to Sanitize Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Failure to Sanitize Data into LDAP Queries ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-93', - name: "Failure to Sanitize CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Failure to Control Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Sanitization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/1.8.1.js b/csaf-validator-lib/lib/cwec/1.8.1.js deleted file mode 100644 index 2810e87..0000000 --- a/csaf-validator-lib/lib/cwec/1.8.1.js +++ /dev/null @@ -1,2717 +0,0 @@ -export default { - date: '2010-04-05', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Sanitization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Failure to Sanitize Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Failure to Sanitize Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Failure to Resolve Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Failure to Handle Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Failure to Handle Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Failure to Handle Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Failure to Handle URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Failure to Resolve Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data Into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Leak Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Privacy Leak through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Internal Behavioral Inconsistency Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Timing Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Product-Generated Error Message Information Leak', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Product-External Error Message Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, - { - id: 'CWE-214', - name: 'Process Environment Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Leak Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Failure to Fulfill API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Failure to Change Working Directory in chroot Jail', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Failure to Clear Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { - id: 'CWE-284', - name: 'Access Control (Authorization) Issues', - status: 'Incomplete', - }, - { - id: 'CWE-285', - name: 'Improper Access Control (Authorization)', - status: 'Draft', - }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Improper Following of Chain of Trust for Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Failure to Add Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, - { - id: 'CWE-374', - name: 'Mutable Objects Passed by Reference', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Failure to Report Error in Status Code', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Failure to Release Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Failure to Protect Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Unsafe Function Call from a Signal Handler', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Information Leak through Class Cloning', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Leak Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Leak Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Leak Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Leak Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Leak Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Leak Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Leak Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Leak Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Leak Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Leak Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Leak Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Leak Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Leak Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Leak Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern in a Non-thread-safe Manner', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Failure to Use a Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Leak Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Leak Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Access Control Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Leak Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { - id: 'CWE-600', - name: 'Failure to Catch All Exceptions in Servlet', - status: 'Draft', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Leak Through XML External Entity File Disclosure', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Leak Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Leak Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: 'Failure to Use Economy of Mechanism', - status: 'Draft', - }, - { - id: 'CWE-638', - name: 'Failure to Use Complete Mediation', - status: 'Draft', - }, - { - id: 'CWE-639', - name: 'Access Control Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Leak through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in an Unsynchronized Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Failure to Provide Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Failure to Handle Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Failure to Handle Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Failure to Sanitize Data into a Different Plane ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Sanitization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Failure to Preserve Web Page Structure ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Sanitization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Sanitization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-84', - name: 'Failure to Resolve Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { - id: 'CWE-87', - name: 'Failure to Sanitize Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Failure to Sanitize Data into LDAP Queries ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-93', - name: "Failure to Sanitize CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Failure to Control Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/1.8.js b/csaf-validator-lib/lib/cwec/1.8.js deleted file mode 100644 index 2310fe9..0000000 --- a/csaf-validator-lib/lib/cwec/1.8.js +++ /dev/null @@ -1,2717 +0,0 @@ -export default { - date: '2010-02-16', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Sanitization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Sanitization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, - { - id: 'CWE-141', - name: 'Failure to Sanitize Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Failure to Sanitize Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Failure to Sanitize Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Failure to Sanitize Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Failure to Sanitize Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Failure to Sanitize Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Sanitization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Failure to Sanitize Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Failure to Sanitize Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Failure to Sanitize Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Sanitization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Sanitization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Sanitization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Sanitization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Sanitization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Sanitization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Failure to Sanitize Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Sanitization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Sanitization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Sanitization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Sanitization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Sanitization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Sanitization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Failure to Resolve Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Failure to Handle Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Failure to Handle Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Failure to Handle Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Failure to Handle URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Failure to Resolve Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data Into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Leak Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Privacy Leak through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Internal Behavioral Inconsistency Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Timing Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Product-Generated Error Message Information Leak', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Product-External Error Message Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, - { - id: 'CWE-214', - name: 'Process Environment Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Leak Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Failure to Fulfill API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Failure to Change Working Directory in chroot Jail', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Failure to Clear Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { - id: 'CWE-284', - name: 'Access Control (Authorization) Issues', - status: 'Incomplete', - }, - { - id: 'CWE-285', - name: 'Improper Access Control (Authorization)', - status: 'Draft', - }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Improper Following of Chain of Trust for Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Failure to Add Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, - { - id: 'CWE-374', - name: 'Mutable Objects Passed by Reference', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Failure to Report Error in Status Code', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Failure to Release Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Failure to Protect Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Unsafe Function Call from a Signal Handler', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Information Leak through Class Cloning', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Leak Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Leak Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Leak Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Leak Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Leak Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Leak Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Leak Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Leak Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Leak Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Leak Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Leak Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Leak Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Leak Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Leak Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern in a Non-thread-safe Manner', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Failure to Use a Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Leak Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Leak Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Access Control Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Leak Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { - id: 'CWE-600', - name: 'Failure to Catch All Exceptions in Servlet', - status: 'Draft', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Leak Through XML External Entity File Disclosure', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Leak Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Leak Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: 'Failure to Use Economy of Mechanism', - status: 'Draft', - }, - { - id: 'CWE-638', - name: 'Failure to Use Complete Mediation', - status: 'Draft', - }, - { - id: 'CWE-639', - name: 'Access Control Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Failure to Sanitize Data within XPath Expressions ('XPath injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Sanitization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Leak through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Failure to Sanitize Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in an Unsynchronized Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Failure to Provide Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Failure to Handle Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Failure to Handle Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Failure to Sanitize Data into a Different Plane ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Sanitization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Failure to Preserve Web Page Structure ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Sanitization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Sanitization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Failure to Sanitize Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-84', - name: 'Failure to Resolve Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { - id: 'CWE-87', - name: 'Failure to Sanitize Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Failure to Sanitize Data into LDAP Queries ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-93', - name: "Failure to Sanitize CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Failure to Control Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Sanitization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/1.9.js b/csaf-validator-lib/lib/cwec/1.9.js deleted file mode 100644 index 9981cf2..0000000 --- a/csaf-validator-lib/lib/cwec/1.9.js +++ /dev/null @@ -1,2721 +0,0 @@ -export default { - date: '2010-06-21', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Failure to Resolve Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Failure to Handle Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Failure to Handle Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Failure to Handle Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Failure to Handle URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Failure to Resolve Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Leak Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Privacy Leak through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Internal Behavioral Inconsistency Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Timing Discrepancy Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Product-Generated Error Message Information Leak', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Product-External Error Message Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, - { - id: 'CWE-214', - name: 'Process Environment Information Leak', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Leak Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Failure to Fulfill API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Failure to Change Working Directory in chroot Jail', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Failure to Clear Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { - id: 'CWE-284', - name: 'Access Control (Authorization) Issues', - status: 'Incomplete', - }, - { - id: 'CWE-285', - name: 'Improper Access Control (Authorization)', - status: 'Draft', - }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Improper Following of Chain of Trust for Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Failure to Add Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Failure to Report Error in Status Code', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Failure to Release Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Failure to Protect Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Unsafe Function Call from a Signal Handler', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Information Leak through Class Cloning', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Leak Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Leak Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Leak Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Leak Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Leak Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Leak Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Leak Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Leak Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Leak Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Leak Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Leak Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Leak Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Leak Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Leak Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern in a Non-thread-safe Manner', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Failure to Use a Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Leak Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Leak Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Access Control Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Leak Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { - id: 'CWE-600', - name: 'Failure to Catch All Exceptions in Servlet', - status: 'Draft', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Leak Through XML External Entity File Disclosure', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Leak Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Leak Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: 'Failure to Use Economy of Mechanism', - status: 'Draft', - }, - { - id: 'CWE-638', - name: 'Failure to Use Complete Mediation', - status: 'Draft', - }, - { - id: 'CWE-639', - name: 'Access Control Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Leak through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in an Unsynchronized Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Failure to Provide Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Failure to Handle Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Failure to Handle Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Failure to Control Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/2.0.js b/csaf-validator-lib/lib/cwec/2.0.js deleted file mode 100644 index 287bc3f..0000000 --- a/csaf-validator-lib/lib/cwec/2.0.js +++ /dev/null @@ -1,2830 +0,0 @@ -export default { - date: '2011-06-27', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through External Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Improper Fulfillment of API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Improper Following of Chain of Trust for Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: 'Exposure of File Descriptor to Unintended Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Exposure Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Exposure Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Exposure Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Exposure Through XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/2.1.js b/csaf-validator-lib/lib/cwec/2.1.js deleted file mode 100644 index 08d7137..0000000 --- a/csaf-validator-lib/lib/cwec/2.1.js +++ /dev/null @@ -1,2830 +0,0 @@ -export default { - date: '2011-09-13', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through External Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Improper Fulfillment of API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Improper Following of Chain of Trust for Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: 'Exposure of File Descriptor to Unintended Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Exposure Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Exposure Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Exposure Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Exposure Through XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/2.10.js b/csaf-validator-lib/lib/cwec/2.10.js deleted file mode 100644 index 02cd7fa..0000000 --- a/csaf-validator-lib/lib/cwec/2.10.js +++ /dev/null @@ -1,3009 +0,0 @@ -export default { - date: '2017-01-19', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Self-generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through Externally-generated Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Improper Fulfillment of API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: "Exposure of Private Information ('Privacy Violation')", - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Exposure Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Exposure Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Exposure Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: "Assignment to Variable without Use ('Unused Variable')", - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: "Improper Restriction of XML External Entity Reference ('XXE')", - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Overly Permissive Cross-domain Whitelist', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/2.11.js b/csaf-validator-lib/lib/cwec/2.11.js deleted file mode 100644 index 3632483..0000000 --- a/csaf-validator-lib/lib/cwec/2.11.js +++ /dev/null @@ -1,3041 +0,0 @@ -export default { - date: '2017-05-05', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Self-generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through Externally-generated Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Improper Fulfillment of API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Draft', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: "Exposure of Private Information ('Privacy Violation')", - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Draft' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Exposure Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Exposure Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Exposure Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: "Assignment to Variable without Use ('Unused Variable')", - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: "Improper Restriction of XML External Entity Reference ('XXE')", - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Blacklist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Overly Permissive Cross-domain Whitelist', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/2.12.js b/csaf-validator-lib/lib/cwec/2.12.js deleted file mode 100644 index fbedd82..0000000 --- a/csaf-validator-lib/lib/cwec/2.12.js +++ /dev/null @@ -1,3047 +0,0 @@ -export default { - date: '2017-11-08', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Improper Restriction of Cross-Origin Permission to window.opener.location', - status: 'Draft', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Self-generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through Externally-Generated Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: "Exposure of Private Information ('Privacy Violation')", - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Exposure Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Exposure Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Exposure Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: "Improper Restriction of XML External Entity Reference ('XXE')", - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'Uncontrolled File Descriptor Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Overly Permissive Cross-domain Whitelist', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/2.2.js b/csaf-validator-lib/lib/cwec/2.2.js deleted file mode 100644 index 06cdede..0000000 --- a/csaf-validator-lib/lib/cwec/2.2.js +++ /dev/null @@ -1,2830 +0,0 @@ -export default { - date: '2012-05-14', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through External Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Improper Fulfillment of API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Improper Following of Chain of Trust for Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: 'Exposure of File Descriptor to Unintended Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Exposure Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Exposure Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Exposure Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Exposure Through XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Unvalidated Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/2.3.js b/csaf-validator-lib/lib/cwec/2.3.js deleted file mode 100644 index fc74bf1..0000000 --- a/csaf-validator-lib/lib/cwec/2.3.js +++ /dev/null @@ -1,2830 +0,0 @@ -export default { - date: '2012-10-30', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Self-generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through Externally-generated Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Improper Fulfillment of API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: 'Improper Following of Chain of Trust for Certificate Validation', - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Host-specific Certificate Data', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: 'Exposure of File Descriptor to Unintended Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Exposure Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Exposure Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Exposure Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Trust of OpenSSL Certificate Without Validation', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Information Exposure Through XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/2.4.js b/csaf-validator-lib/lib/cwec/2.4.js deleted file mode 100644 index 9aa7eed..0000000 --- a/csaf-validator-lib/lib/cwec/2.4.js +++ /dev/null @@ -1,2898 +0,0 @@ -export default { - date: '2013-02-21', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Self-generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through Externally-generated Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Improper Fulfillment of API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'Reliance on DNS Lookups in a Security Decision', - status: 'Incomplete', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'Trusting Self-reported DNS Name', - status: 'Incomplete', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Plaintext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Plaintext Storage in the Registry', - status: 'Draft', - }, - { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, - { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, - { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, - { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Exposure Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Exposure Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Exposure Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: "Improper Restriction of XML External Entity Reference ('XXE')", - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/2.5.js b/csaf-validator-lib/lib/cwec/2.5.js deleted file mode 100644 index adf0662..0000000 --- a/csaf-validator-lib/lib/cwec/2.5.js +++ /dev/null @@ -1,2967 +0,0 @@ -export default { - date: '2013-07-17', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Self-generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through Externally-generated Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Improper Fulfillment of API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'UI Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Exposure Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Exposure Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Exposure Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: "Improper Restriction of XML External Entity Reference ('XXE')", - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Authentication of Endpoint in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Restriction of Content Provider Export to Other Applications', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/2.6.js b/csaf-validator-lib/lib/cwec/2.6.js deleted file mode 100644 index 08e7604..0000000 --- a/csaf-validator-lib/lib/cwec/2.6.js +++ /dev/null @@ -1,2986 +0,0 @@ -export default { - date: '2014-02-19', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Self-generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through Externally-generated Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Improper Fulfillment of API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak PRNG', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: "Exposure of Private Information ('Privacy Violation')", - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Exposure Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Exposure Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Exposure Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: "Improper Restriction of XML External Entity Reference ('XXE')", - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/2.7.js b/csaf-validator-lib/lib/cwec/2.7.js deleted file mode 100644 index 3cfe336..0000000 --- a/csaf-validator-lib/lib/cwec/2.7.js +++ /dev/null @@ -1,3000 +0,0 @@ -export default { - date: '2014-06-23', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Self-generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through Externally-generated Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Improper Fulfillment of API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: "Exposure of Private Information ('Privacy Violation')", - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Exposure Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Exposure Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Exposure Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: "Assignment to Variable without Use ('Unused Variable')", - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: "Improper Restriction of XML External Entity Reference ('XXE')", - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Overly Permissive Cross-domain Whitelist', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/2.8.js b/csaf-validator-lib/lib/cwec/2.8.js deleted file mode 100644 index d632b87..0000000 --- a/csaf-validator-lib/lib/cwec/2.8.js +++ /dev/null @@ -1,3000 +0,0 @@ -export default { - date: '2014-07-31', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Self-generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through Externally-generated Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Improper Fulfillment of API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: "Exposure of Private Information ('Privacy Violation')", - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Exposure Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Exposure Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Exposure Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: "Assignment to Variable without Use ('Unused Variable')", - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: "Improper Restriction of XML External Entity Reference ('XXE')", - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Overly Permissive Cross-domain Whitelist', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/2.9.js b/csaf-validator-lib/lib/cwec/2.9.js deleted file mode 100644 index e56d246..0000000 --- a/csaf-validator-lib/lib/cwec/2.9.js +++ /dev/null @@ -1,3004 +0,0 @@ -export default { - date: '2015-12-07', - weaknesses: [ - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Improper Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Self-generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through Externally-generated Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-227', - name: "Improper Fulfillment of API Contract ('API Abuse')", - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, - { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, - { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: "Exposure of Private Information ('Privacy Violation')", - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Exposure Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Exposure Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Exposure Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'Use of Dynamic Class Loading', - status: 'Incomplete', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: "Assignment to Variable without Use ('Unused Variable')", - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'Authentication Bypass Issues', - status: 'Incomplete', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: "Improper Restriction of XML External Entity Reference ('XXE')", - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, - { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Overly Permissive Cross-domain Whitelist', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/3.0.js b/csaf-validator-lib/lib/cwec/3.0.js deleted file mode 100644 index 50db607..0000000 --- a/csaf-validator-lib/lib/cwec/3.0.js +++ /dev/null @@ -1,3079 +0,0 @@ -export default { - date: '2017-11-08', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Improper Restriction of Cross-Origin Permission to window.opener.location', - status: 'Draft', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { - id: 'CWE-210', - name: 'Information Exposure Through Self-generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through Externally-Generated Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Draft', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: "Exposure of Private Information ('Privacy Violation')", - status: 'Incomplete', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Draft' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'Information Exposure Through Server Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-534', - name: 'Information Exposure Through Debug Log Files', - status: 'Draft', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'Information Exposure Through Cleanup Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'Incorrect Semantic Object Comparison', - status: 'Incomplete', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: "Improper Restriction of XML External Entity Reference ('XXE')", - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Blacklist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'Uncontrolled File Descriptor Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Overly Permissive Cross-domain Whitelist', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/3.1.js b/csaf-validator-lib/lib/cwec/3.1.js deleted file mode 100644 index 51b9054..0000000 --- a/csaf-validator-lib/lib/cwec/3.1.js +++ /dev/null @@ -1,3109 +0,0 @@ -export default { - date: '2018-03-29', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Self-generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through Externally-Generated Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Unprotected Storage of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Draft', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: "Exposure of Private Information ('Privacy Violation')", - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Draft' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Array-Typed Field Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: "Improper Restriction of XML External Entity Reference ('XXE')", - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Blacklist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Variable Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'Uncontrolled File Descriptor Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Overly Permissive Cross-domain Whitelist', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/3.2.js b/csaf-validator-lib/lib/cwec/3.2.js deleted file mode 100644 index e9a9cf0..0000000 --- a/csaf-validator-lib/lib/cwec/3.2.js +++ /dev/null @@ -1,3524 +0,0 @@ -export default { - date: '2019-01-03', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - }, - { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - }, - { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - }, - { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - }, - { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - }, - { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, - { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - }, - { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Self-generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through Externally-Generated Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Unprotected Storage of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Draft', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: "Exposure of Private Information ('Privacy Violation')", - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: 'Improper Release of Memory Before Removing Last Reference', - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Draft' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Information Exposure Through Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: "Improper Restriction of XML External Entity Reference ('XXE')", - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Blacklist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Overly Permissive Cross-domain Whitelist', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/3.3.js b/csaf-validator-lib/lib/cwec/3.3.js deleted file mode 100644 index 37ac299..0000000 --- a/csaf-validator-lib/lib/cwec/3.3.js +++ /dev/null @@ -1,3538 +0,0 @@ -export default { - date: '2019-06-20', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - }, - { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - }, - { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - }, - { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - }, - { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - }, - { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, - { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - }, - { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-1187', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1188', - name: 'Insecure Default Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Usable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Incomplete', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Self-generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through Externally-Generated Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Draft', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Unprotected Storage of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Incomplete', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Incomplete', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Usable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Draft', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: "Exposure of Private Information ('Privacy Violation')", - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Draft' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Inclusion of Sensitive Information in Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Blacklist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Usable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: 'Argument Injection or Modification', - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Draft', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Overly Permissive Cross-domain Whitelist', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/3.4.1.js b/csaf-validator-lib/lib/cwec/3.4.1.js deleted file mode 100644 index bfa46e8..0000000 --- a/csaf-validator-lib/lib/cwec/3.4.1.js +++ /dev/null @@ -1,3522 +0,0 @@ -export default { - date: '2019-09-23', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - }, - { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - }, - { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - }, - { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - }, - { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - }, - { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, - { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - }, - { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-1187', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1188', - name: 'Insecure Default Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Draft' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Self-generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through Externally-Generated Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Unprotected Storage of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: "Exposure of Private Information ('Privacy Violation')", - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Inclusion of Sensitive Information in Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Blacklist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Overly Permissive Cross-domain Whitelist', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/3.4.js b/csaf-validator-lib/lib/cwec/3.4.js deleted file mode 100644 index 552395f..0000000 --- a/csaf-validator-lib/lib/cwec/3.4.js +++ /dev/null @@ -1,3522 +0,0 @@ -export default { - date: '2019-09-19', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - }, - { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - }, - { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - }, - { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - }, - { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - }, - { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, - { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - }, - { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-1187', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1188', - name: 'Insecure Default Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Failure to Sanitize Special Element', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, - { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, - { id: 'CWE-200', name: 'Information Exposure', status: 'Draft' }, - { - id: 'CWE-201', - name: 'Information Exposure Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Data Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Information Exposure Through Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Response Discrepancy Information Exposure', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Information Exposure Through Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Information Exposure of Internal State Through Behavioral Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Information Exposure Through an External Behavioral Inconsistency', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Information Exposure Through Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Information Exposure Through an Error Message', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Information Exposure Through Self-generated Error Message', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Information Exposure Through Externally-Generated Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Cross-boundary Removal of Sensitive Data', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Intentional Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Information Exposure Through Process Environment', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Information Exposure Through Debug Information', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'Containment Errors (Container Errors)', - status: 'Incomplete', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - }, - { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared Before Release', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Unprotected Storage of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { - id: 'CWE-261', - name: 'Weak Cryptography for Passwords', - status: 'Incomplete', - }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Incomplete', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: "Exposure of Private Information ('Privacy Violation')", - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Incorrect Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of System Data to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Information Exposure Through Caching', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Information Exposure Through Browser Caching', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Information Exposure Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Information Exposure Through Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Inclusion of Sensitive Information in Log Files', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-535', - name: 'Information Exposure Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Information Exposure Through Servlet Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Information Exposure Through Java Runtime Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'File and Directory Information Exposure', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Information Exposure Through Persistent Cookies', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Information Exposure Through Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Information Exposure Through Include Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Information Exposure Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Information Exposure Through Server Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Information Exposure Through Query Strings in GET Request', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Information Exposure Through Indexing of Private Data', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Information Exposure Through Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Information Exposure Through WSDL File', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Blacklist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-707', - name: 'Improper Enforcement of Message or Data Structure', - status: 'Incomplete', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: "Improper Delimitation of Arguments in a Command ('Argument Injection')", - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Overly Permissive Cross-domain Whitelist', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.0.js b/csaf-validator-lib/lib/cwec/4.0.js deleted file mode 100644 index 73d912d..0000000 --- a/csaf-validator-lib/lib/cwec/4.0.js +++ /dev/null @@ -1,3699 +0,0 @@ -export default { - date: '2020-02-24', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - }, - { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - }, - { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - }, - { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - }, - { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - }, - { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, - { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - }, - { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - }, - { - id: 'CWE-1188', - name: 'Insecure Default Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-Chip (SoC)', - status: 'Draft', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - }, - { - id: 'CWE-1191', - name: 'Exposed Chip Debug Interface With Insufficient Access Control', - status: 'Draft', - }, - { - id: 'CWE-1192', - name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - }, - { - id: 'CWE-1231', - name: 'Improper Implementation of Lock Protection Registers', - status: 'Incomplete', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - }, - { - id: 'CWE-1233', - name: 'Improper Hardware Lock Protection for Security Sensitive Controls', - status: 'Incomplete', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1240', - name: 'Use of a Risky Cryptographic Primitive', - status: 'Draft', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - }, - { - id: 'CWE-1243', - name: 'Exposure of Security-Sensitive Fuse Values During Debug', - status: 'Incomplete', - }, - { - id: 'CWE-1244', - name: 'Improper Authorization on Physical Debug and Test Interfaces', - status: 'Incomplete', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - }, - { - id: 'CWE-1247', - name: 'Missing Protection Against Voltage and Clock Glitches', - status: 'Incomplete', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - }, - { - id: 'CWE-201', - name: 'Exposure of Sensitive Information Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - }, - { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared in Resource Before Release for Reuse', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Unprotected Storage of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Draft', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Exposure of Sensitive Information Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Blacklist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Overly Permissive Cross-domain Whitelist', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.1.js b/csaf-validator-lib/lib/cwec/4.1.js deleted file mode 100644 index 85de6aa..0000000 --- a/csaf-validator-lib/lib/cwec/4.1.js +++ /dev/null @@ -1,3871 +0,0 @@ -export default { - date: '2020-06-25', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - }, - { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - }, - { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - }, - { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - }, - { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - }, - { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, - { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - }, - { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - }, - { - id: 'CWE-1188', - name: 'Insecure Default Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-Chip (SoC)', - status: 'Draft', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - }, - { - id: 'CWE-1191', - name: 'Exposed Chip Debug and or Test Interface With Insufficient Access Control', - status: 'Draft', - }, - { - id: 'CWE-1192', - name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - }, - { - id: 'CWE-1231', - name: 'Improper Implementation of Lock Protection Registers', - status: 'Incomplete', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - }, - { - id: 'CWE-1233', - name: 'Improper Hardware Lock Protection for Security Sensitive Controls', - status: 'Incomplete', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1240', - name: 'Use of a Risky Cryptographic Primitive', - status: 'Draft', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - }, - { - id: 'CWE-1243', - name: 'Exposure of Security-Sensitive Fuse Values During Debug', - status: 'Incomplete', - }, - { - id: 'CWE-1244', - name: 'Improper Authorization on Physical Debug and Test Interfaces', - status: 'Incomplete', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - }, - { - id: 'CWE-1247', - name: 'Missing Protection Against Voltage and Clock Glitches', - status: 'Incomplete', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - }, - { - id: 'CWE-1256', - name: 'Hardware Features Enable Physical Attacks from Software', - status: 'Incomplete', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - }, - { - id: 'CWE-1258', - name: 'Sensitive Information Uncleared During Hardware Debug Flows', - status: 'Draft', - }, - { - id: 'CWE-1259', - name: 'Improper Protection of Security Identifiers', - status: 'Incomplete', - }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Draft', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - }, - { - id: 'CWE-1262', - name: 'Register Interface Allows Software Access to Sensitive Data or Security Settings', - status: 'Incomplete', - }, - { - id: 'CWE-1263', - name: 'Insufficient Physical Protection Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - }, - { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, - { - id: 'CWE-1268', - name: 'Agents Included in Control Policy are not Contained in Less-Privileged Policy', - status: 'Draft', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-1271', - name: 'Missing Known Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - }, - { - id: 'CWE-1272', - name: 'Debug/Power State Transitions Leak Information', - status: 'Incomplete', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - }, - { - id: 'CWE-1274', - name: 'Insufficient Protections on the Volatile Memory Containing Boot Code', - status: 'Incomplete', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - }, - { - id: 'CWE-1276', - name: 'Hardware Block Incorrectly Connected to Larger System', - status: 'Incomplete', - }, - { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Incomplete' }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Primitives used without Successful Self-Test', - status: 'Incomplete', - }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior (Halt and Catch Fire)', - status: 'Incomplete', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data Stored in Writable Memory', - status: 'Incomplete', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - }, - { - id: 'CWE-201', - name: 'Exposure of Sensitive Information Through Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - }, - { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information Uncleared in Resource Before Release for Reuse', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Unprotected Storage of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { - id: 'CWE-325', - name: 'Missing Required Cryptographic Step', - status: 'Draft', - }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Exposure of Sensitive Information Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Policy with Untrusted Domains', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.10.js b/csaf-validator-lib/lib/cwec/4.10.js deleted file mode 100644 index f63854f..0000000 --- a/csaf-validator-lib/lib/cwec/4.10.js +++ /dev/null @@ -1,4167 +0,0 @@ -export default { - date: '2023-01-31', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - }, - { - id: 'CWE-1059', - name: 'Insufficient Technical Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - }, - { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - }, - { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - }, - { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - }, - { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, - { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - }, - { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - }, - { - id: 'CWE-1188', - name: 'Insecure Default Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Stable', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - }, - { - id: 'CWE-1191', - name: 'On-Chip Debug and Test Interface With Improper Access Control', - status: 'Stable', - }, - { - id: 'CWE-1192', - name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - }, - { - id: 'CWE-1231', - name: 'Improper Prevention of Lock Bit Modification', - status: 'Stable', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - }, - { - id: 'CWE-1233', - name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', - status: 'Stable', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1240', - name: 'Use of a Cryptographic Primitive with a Risky Implementation', - status: 'Draft', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - }, - { - id: 'CWE-1244', - name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', - status: 'Stable', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - }, - { - id: 'CWE-1247', - name: 'Improper Protection Against Voltage and Clock Glitches', - status: 'Stable', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - }, - { - id: 'CWE-1256', - name: 'Improper Restriction of Software Interfaces to Hardware Features', - status: 'Stable', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Stable', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - }, - { - id: 'CWE-1262', - name: 'Improper Access Control for Register Interface', - status: 'Stable', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - }, - { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Stable', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - }, - { - id: 'CWE-1274', - name: 'Improper Access Control for Volatile Memory Containing Boot Code', - status: 'Stable', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - }, - { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Draft' }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-1300', - name: 'Improper Protection of Physical Side Channels', - status: 'Stable', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - }, - { - id: 'CWE-1302', - name: 'Missing Security Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - }, - { - id: 'CWE-1317', - name: 'Improper Access Control in Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - }, - { - id: 'CWE-132', - name: 'DEPRECATED: Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Outbound Error Messages and Alert Signals', - status: 'Draft', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - }, - { - id: 'CWE-1324', - name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Deprecated', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', - status: 'Stable', - }, - { - id: 'CWE-1332', - name: 'Improper Handling of Faults that Lead to Instruction Skips', - status: 'Stable', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - }, - { - id: 'CWE-1335', - name: 'Incorrect Bitwise Shift of Integer', - status: 'Draft', - }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - status: 'Incomplete', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - status: 'Draft', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-1341', - name: 'Multiple Releases of Same Resource or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-1342', - name: 'Information Exposure through Microarchitectural State after Transient Execution', - status: 'Incomplete', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - status: 'Incomplete', - }, - { - id: 'CWE-1357', - name: 'Reliance on Insufficiently Trustworthy Component', - status: 'Incomplete', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-1384', - name: 'Improper Handling of Physical or Environmental Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-1385', - name: 'Missing Origin Validation in WebSockets', - status: 'Incomplete', - }, - { - id: 'CWE-1386', - name: 'Insecure Operation on Windows Junction / Mount Point', - status: 'Incomplete', - }, - { - id: 'CWE-1389', - name: 'Incorrect Parsing of Numbers with Different Radices', - status: 'Incomplete', - }, - { id: 'CWE-1390', name: 'Weak Authentication', status: 'Incomplete' }, - { id: 'CWE-1391', name: 'Use of Weak Credentials', status: 'Incomplete' }, - { - id: 'CWE-1392', - name: 'Use of Default Credentials', - status: 'Incomplete', - }, - { id: 'CWE-1393', name: 'Use of Default Password', status: 'Incomplete' }, - { - id: 'CWE-1394', - name: 'Use of Default Cryptographic Key', - status: 'Incomplete', - }, - { - id: 'CWE-1395', - name: 'Dependency on Vulnerable Third-Party Component', - status: 'Incomplete', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - }, - { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED: Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Use of Weak Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Generation of Predictable IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-365', - name: 'DEPRECATED: Race Condition in Switch', - status: 'Deprecated', - }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED: Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED: HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Multiple Condition Expression', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED: Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Cleartext Storage of Sensitive Information in an Environment Variable', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Improper Isolation or Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Multiple Operations on Resource in Single-Operation Context', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Policy with Untrusted Domains', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.11.js b/csaf-validator-lib/lib/cwec/4.11.js deleted file mode 100644 index a10e8da..0000000 --- a/csaf-validator-lib/lib/cwec/4.11.js +++ /dev/null @@ -1,4167 +0,0 @@ -export default { - date: '2023-04-27', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - }, - { - id: 'CWE-1059', - name: 'Insufficient Technical Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - }, - { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - }, - { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - }, - { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - }, - { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, - { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - }, - { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - }, - { - id: 'CWE-1188', - name: 'Insecure Default Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Stable', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - }, - { - id: 'CWE-1191', - name: 'On-Chip Debug and Test Interface With Improper Access Control', - status: 'Stable', - }, - { - id: 'CWE-1192', - name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - }, - { - id: 'CWE-1231', - name: 'Improper Prevention of Lock Bit Modification', - status: 'Stable', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - }, - { - id: 'CWE-1233', - name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', - status: 'Stable', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1240', - name: 'Use of a Cryptographic Primitive with a Risky Implementation', - status: 'Draft', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - }, - { - id: 'CWE-1244', - name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', - status: 'Stable', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - }, - { - id: 'CWE-1247', - name: 'Improper Protection Against Voltage and Clock Glitches', - status: 'Stable', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - }, - { - id: 'CWE-1256', - name: 'Improper Restriction of Software Interfaces to Hardware Features', - status: 'Stable', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Stable', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - }, - { - id: 'CWE-1262', - name: 'Improper Access Control for Register Interface', - status: 'Stable', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - }, - { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Stable', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - }, - { - id: 'CWE-1274', - name: 'Improper Access Control for Volatile Memory Containing Boot Code', - status: 'Stable', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - }, - { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Draft' }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-1300', - name: 'Improper Protection of Physical Side Channels', - status: 'Stable', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - }, - { - id: 'CWE-1302', - name: 'Missing Security Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - }, - { - id: 'CWE-1317', - name: 'Improper Access Control in Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - }, - { - id: 'CWE-132', - name: 'DEPRECATED: Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Outbound Error Messages and Alert Signals', - status: 'Draft', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - }, - { - id: 'CWE-1324', - name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Deprecated', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', - status: 'Stable', - }, - { - id: 'CWE-1332', - name: 'Improper Handling of Faults that Lead to Instruction Skips', - status: 'Stable', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - }, - { - id: 'CWE-1335', - name: 'Incorrect Bitwise Shift of Integer', - status: 'Draft', - }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - status: 'Incomplete', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - status: 'Draft', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-1341', - name: 'Multiple Releases of Same Resource or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-1342', - name: 'Information Exposure through Microarchitectural State after Transient Execution', - status: 'Incomplete', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - status: 'Incomplete', - }, - { - id: 'CWE-1357', - name: 'Reliance on Insufficiently Trustworthy Component', - status: 'Incomplete', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-1384', - name: 'Improper Handling of Physical or Environmental Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-1385', - name: 'Missing Origin Validation in WebSockets', - status: 'Incomplete', - }, - { - id: 'CWE-1386', - name: 'Insecure Operation on Windows Junction / Mount Point', - status: 'Incomplete', - }, - { - id: 'CWE-1389', - name: 'Incorrect Parsing of Numbers with Different Radices', - status: 'Incomplete', - }, - { id: 'CWE-1390', name: 'Weak Authentication', status: 'Incomplete' }, - { id: 'CWE-1391', name: 'Use of Weak Credentials', status: 'Incomplete' }, - { - id: 'CWE-1392', - name: 'Use of Default Credentials', - status: 'Incomplete', - }, - { id: 'CWE-1393', name: 'Use of Default Password', status: 'Incomplete' }, - { - id: 'CWE-1394', - name: 'Use of Default Cryptographic Key', - status: 'Incomplete', - }, - { - id: 'CWE-1395', - name: 'Dependency on Vulnerable Third-Party Component', - status: 'Incomplete', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - }, - { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED: Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Use of Weak Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Generation of Predictable IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-365', - name: 'DEPRECATED: Race Condition in Switch', - status: 'Deprecated', - }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED: Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED: HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Multiple Condition Expression', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED: Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Cleartext Storage of Sensitive Information in an Environment Variable', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Improper Isolation or Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Multiple Operations on Resource in Single-Operation Context', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Policy with Untrusted Domains', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.12.js b/csaf-validator-lib/lib/cwec/4.12.js deleted file mode 100644 index b978372..0000000 --- a/csaf-validator-lib/lib/cwec/4.12.js +++ /dev/null @@ -1,5728 +0,0 @@ -export default { - date: '2023-06-29', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1041', - name: 'Use of Redundant Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1059', - name: 'Insufficient Technical Documentation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1069', - name: 'Empty Exception Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-107', - name: 'Struts: Unused Validation Form', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1071', - name: 'Empty Code Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-109', - name: 'Struts: Validator Turned Off', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-111', - name: 'Direct Use of Unsafe JNI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1116', - name: 'Inaccurate Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-112', - name: 'Missing XML Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1120', - name: 'Excessive Code Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1124', - name: 'Excessively Deep Nesting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1125', - name: 'Excessive Attack Surface', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-114', - name: 'Process Control', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-115', - name: 'Misinterpretation of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1164', - name: 'Irrelevant Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1177', - name: 'Use of Prohibited Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1188', - name: 'Insecure Default Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1191', - name: 'On-Chip Debug and Test Interface With Improper Access Control', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1192', - name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-121', - name: 'Stack-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-122', - name: 'Heap-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-123', - name: 'Write-what-where Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1231', - name: 'Improper Prevention of Lock Bit Modification', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1233', - name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1240', - name: 'Use of a Cryptographic Primitive with a Risky Implementation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1244', - name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1247', - name: 'Improper Protection Against Voltage and Clock Glitches', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-125', - name: 'Out-of-bounds Read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1256', - name: 'Improper Restriction of Software Interfaces to Hardware Features', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-126', - name: 'Buffer Over-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1262', - name: 'Improper Access Control for Register Interface', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1267', - name: 'Policy Uses Obsolete Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-127', - name: 'Buffer Under-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1274', - name: 'Improper Access Control for Volatile Memory Containing Boot Code', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1277', - name: 'Firmware Not Updateable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-128', - name: 'Wrap-around Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1300', - name: 'Improper Protection of Physical Side Channels', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1302', - name: 'Missing Security Identifier', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1317', - name: 'Improper Access Control in Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-132', - name: 'DEPRECATED: Miscalculated Null Termination', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Outbound Error Messages and Alert Signals', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1324', - name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1332', - name: 'Improper Handling of Faults that Lead to Instruction Skips', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1335', - name: 'Incorrect Bitwise Shift of Integer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1341', - name: 'Multiple Releases of Same Resource or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1342', - name: 'Information Exposure through Microarchitectural State after Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1357', - name: 'Reliance on Insufficiently Trustworthy Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1384', - name: 'Improper Handling of Physical or Environmental Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1385', - name: 'Missing Origin Validation in WebSockets', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1386', - name: 'Insecure Operation on Windows Junction / Mount Point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1389', - name: 'Incorrect Parsing of Numbers with Different Radices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1390', - name: 'Weak Authentication', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1391', - name: 'Use of Weak Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1392', - name: 'Use of Default Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1393', - name: 'Use of Default Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1394', - name: 'Use of Default Cryptographic Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1395', - name: 'Dependency on Vulnerable Third-Party Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-170', - name: 'Improper Null Termination', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-172', - name: 'Encoding Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-185', - name: 'Incorrect Regular Expression', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-187', - name: 'Partial String Comparison', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-188', - name: 'Reliance on Data/Memory Layout', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-192', - name: 'Integer Coercion Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-193', - name: 'Off-by-one Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-194', - name: 'Unexpected Sign Extension', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-197', - name: 'Numeric Truncation Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-198', - name: 'Use of Incorrect Byte Ordering', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-20', - name: 'Improper Input Validation', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-203', - name: 'Observable Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-23', - name: 'Relative Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-248', - name: 'Uncaught Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-252', - name: 'Unchecked Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-259', - name: 'Use of Hard-coded Password', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-261', - name: 'Weak Encoding for Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-262', - name: 'Not Using Password Aging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-266', - name: 'Incorrect Privilege Assignment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-268', - name: 'Privilege Chaining', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-272', - name: 'Least Privilege Violation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-276', - name: 'Incorrect Default Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-277', - name: 'Insecure Inherited Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-282', - name: 'Improper Ownership Management', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-283', - name: 'Unverified Ownership', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-284', - name: 'Improper Access Control', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-285', - name: 'Improper Authorization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-286', - name: 'Incorrect User Management', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-287', - name: 'Improper Authentication', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-292', - name: 'DEPRECATED: Trusting Self-reported DNS Name', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-325', - name: 'Missing Cryptographic Step', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-326', - name: 'Inadequate Encryption Strength', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-328', - name: 'Use of Weak Hash', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-329', - name: 'Generation of Predictable IV with CBC Mode', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-331', - name: 'Insufficient Entropy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-332', - name: 'Insufficient Entropy in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-334', - name: 'Small Space of Random Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-339', - name: 'Small Seed Space in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-34', - name: "Path Traversal: '....//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-346', - name: 'Origin Validation Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-348', - name: 'Use of Less Trusted Source', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-35', - name: "Path Traversal: '.../...//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-351', - name: 'Insufficient Type Distinction', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-36', - name: 'Absolute Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-360', - name: 'Trust of System Event Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-365', - name: 'DEPRECATED: Race Condition in Switch', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-366', - name: 'Race Condition within a Thread', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-369', - name: 'Divide By Zero', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-377', - name: 'Insecure Temporary File', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-384', - name: 'Session Fixation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-385', - name: 'Covert Timing Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-39', - name: "Path Traversal: 'C:dirname'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-391', - name: 'Unchecked Error Condition', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-393', - name: 'Return of Wrong Status Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-410', - name: 'Insufficient Resource Pool', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-413', - name: 'Improper Resource Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-414', - name: 'Missing Lock Check', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-416', - name: 'Use After Free', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-419', - name: 'Unprotected Primary Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-420', - name: 'Unprotected Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-423', - name: 'DEPRECATED: Proxied Trusted Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-426', - name: 'Untrusted Search Path', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-428', - name: 'Unquoted Search Path or Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-431', - name: 'Missing Handler', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-436', - name: 'Interpretation Conflict', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-440', - name: 'Expected Behavior Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-443', - name: 'DEPRECATED: HTTP response splitting', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-448', - name: 'Obsolete Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-457', - name: 'Use of Uninitialized Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-459', - name: 'Incomplete Cleanup', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-468', - name: 'Incorrect Pointer Scaling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-476', - name: 'NULL Pointer Dereference', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-477', - name: 'Use of Obsolete Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-478', - name: 'Missing Default Case in Multiple Condition Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-480', - name: 'Use of Incorrect Operator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-481', - name: 'Assigning instead of Comparing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-482', - name: 'Comparing instead of Assigning', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-483', - name: 'Incorrect Block Delimitation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-486', - name: 'Comparison of Classes by Name', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-489', - name: 'Active Debug Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-501', - name: 'Trust Boundary Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-506', - name: 'Embedded Malicious Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-507', - name: 'Trojan Horse', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-511', - name: 'Logic/Time Bomb', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-514', - name: 'Covert Channel', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-515', - name: 'Covert Storage Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-516', - name: 'DEPRECATED: Covert Timing Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-521', - name: 'Weak Password Requirements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-526', - name: 'Cleartext Storage of Sensitive Information in an Environment Variable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-546', - name: 'Suspicious Comment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-549', - name: 'Missing Password Field Masking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-564', - name: 'SQL Injection: Hibernate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-570', - name: 'Expression is Always False', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-571', - name: 'Expression is Always True', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-584', - name: 'Return Inside Finally Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-585', - name: 'Empty Synchronized Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-586', - name: 'Explicit Call to Finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-589', - name: 'Call to Non-ubiquitous API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-600', - name: 'Uncaught Exception in Servlet', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-605', - name: 'Multiple Binds to the Same Port', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-609', - name: 'Double-Checked Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-617', - name: 'Reachable Assertion', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-62', - name: 'UNIX Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-620', - name: 'Unverified Password Change', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-621', - name: 'Variable Extraction Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-625', - name: 'Permissive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-638', - name: 'Not Using Complete Mediation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-65', - name: 'Windows Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-653', - name: 'Improper Isolation or Compartmentalization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-662', - name: 'Improper Synchronization', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-665', - name: 'Improper Initialization', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-667', - name: 'Improper Locking', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-674', - name: 'Uncontrolled Recursion', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-675', - name: 'Multiple Operations on Resource in Single-Operation Context', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-682', - name: 'Incorrect Calculation', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-693', - name: 'Protection Mechanism Failure', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-696', - name: 'Incorrect Behavior Order', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-697', - name: 'Incorrect Comparison', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-707', - name: 'Improper Neutralization', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-756', - name: 'Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-778', - name: 'Insufficient Logging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-779', - name: 'Logging of Excessive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-783', - name: 'Operator Precedence Logic Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-787', - name: 'Out-of-bounds Write', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-804', - name: 'Guessable CAPTCHA', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-820', - name: 'Missing Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-821', - name: 'Incorrect Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-834', - name: 'Excessive Iteration', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-862', - name: 'Missing Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-863', - name: 'Incorrect Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-912', - name: 'Hidden Functionality', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Policy with Untrusted Domains', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.13.js b/csaf-validator-lib/lib/cwec/4.13.js deleted file mode 100644 index 2de44bb..0000000 --- a/csaf-validator-lib/lib/cwec/4.13.js +++ /dev/null @@ -1,5734 +0,0 @@ -export default { - date: '2023-10-26', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1041', - name: 'Use of Redundant Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1059', - name: 'Insufficient Technical Documentation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1069', - name: 'Empty Exception Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-107', - name: 'Struts: Unused Validation Form', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1071', - name: 'Empty Code Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-109', - name: 'Struts: Validator Turned Off', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-111', - name: 'Direct Use of Unsafe JNI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1116', - name: 'Inaccurate Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-112', - name: 'Missing XML Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1120', - name: 'Excessive Code Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1124', - name: 'Excessively Deep Nesting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1125', - name: 'Excessive Attack Surface', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-114', - name: 'Process Control', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-115', - name: 'Misinterpretation of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1164', - name: 'Irrelevant Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1177', - name: 'Use of Prohibited Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1188', - name: 'Initialization of a Resource with an Insecure Default', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1191', - name: 'On-Chip Debug and Test Interface With Improper Access Control', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1192', - name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-121', - name: 'Stack-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-122', - name: 'Heap-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-123', - name: 'Write-what-where Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1231', - name: 'Improper Prevention of Lock Bit Modification', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1233', - name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1240', - name: 'Use of a Cryptographic Primitive with a Risky Implementation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1244', - name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1247', - name: 'Improper Protection Against Voltage and Clock Glitches', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-125', - name: 'Out-of-bounds Read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1256', - name: 'Improper Restriction of Software Interfaces to Hardware Features', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-126', - name: 'Buffer Over-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1262', - name: 'Improper Access Control for Register Interface', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1267', - name: 'Policy Uses Obsolete Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-127', - name: 'Buffer Under-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1274', - name: 'Improper Access Control for Volatile Memory Containing Boot Code', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1277', - name: 'Firmware Not Updateable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-128', - name: 'Wrap-around Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1300', - name: 'Improper Protection of Physical Side Channels', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1302', - name: 'Missing Security Identifier', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1317', - name: 'Improper Access Control in Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-132', - name: 'DEPRECATED: Miscalculated Null Termination', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Outbound Error Messages and Alert Signals', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1324', - name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1332', - name: 'Improper Handling of Faults that Lead to Instruction Skips', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1335', - name: 'Incorrect Bitwise Shift of Integer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1341', - name: 'Multiple Releases of Same Resource or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1342', - name: 'Information Exposure through Microarchitectural State after Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1357', - name: 'Reliance on Insufficiently Trustworthy Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1384', - name: 'Improper Handling of Physical or Environmental Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1385', - name: 'Missing Origin Validation in WebSockets', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1386', - name: 'Insecure Operation on Windows Junction / Mount Point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1389', - name: 'Incorrect Parsing of Numbers with Different Radices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1390', - name: 'Weak Authentication', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1391', - name: 'Use of Weak Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1392', - name: 'Use of Default Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1393', - name: 'Use of Default Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1394', - name: 'Use of Default Cryptographic Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1395', - name: 'Dependency on Vulnerable Third-Party Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1419', - name: 'Incorrect Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-170', - name: 'Improper Null Termination', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-172', - name: 'Encoding Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-185', - name: 'Incorrect Regular Expression', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-187', - name: 'Partial String Comparison', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-188', - name: 'Reliance on Data/Memory Layout', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-192', - name: 'Integer Coercion Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-193', - name: 'Off-by-one Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-194', - name: 'Unexpected Sign Extension', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-197', - name: 'Numeric Truncation Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-198', - name: 'Use of Incorrect Byte Ordering', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-20', - name: 'Improper Input Validation', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-203', - name: 'Observable Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-23', - name: 'Relative Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-248', - name: 'Uncaught Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-252', - name: 'Unchecked Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-259', - name: 'Use of Hard-coded Password', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-261', - name: 'Weak Encoding for Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-262', - name: 'Not Using Password Aging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-266', - name: 'Incorrect Privilege Assignment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-268', - name: 'Privilege Chaining', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-272', - name: 'Least Privilege Violation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-276', - name: 'Incorrect Default Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-277', - name: 'Insecure Inherited Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-282', - name: 'Improper Ownership Management', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-283', - name: 'Unverified Ownership', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-284', - name: 'Improper Access Control', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-285', - name: 'Improper Authorization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-286', - name: 'Incorrect User Management', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-287', - name: 'Improper Authentication', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-292', - name: 'DEPRECATED: Trusting Self-reported DNS Name', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-325', - name: 'Missing Cryptographic Step', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-326', - name: 'Inadequate Encryption Strength', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-328', - name: 'Use of Weak Hash', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-329', - name: 'Generation of Predictable IV with CBC Mode', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-331', - name: 'Insufficient Entropy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-332', - name: 'Insufficient Entropy in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-334', - name: 'Small Space of Random Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-339', - name: 'Small Seed Space in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-34', - name: "Path Traversal: '....//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-346', - name: 'Origin Validation Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-348', - name: 'Use of Less Trusted Source', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-35', - name: "Path Traversal: '.../...//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-351', - name: 'Insufficient Type Distinction', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-36', - name: 'Absolute Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-360', - name: 'Trust of System Event Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-365', - name: 'DEPRECATED: Race Condition in Switch', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-366', - name: 'Race Condition within a Thread', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-369', - name: 'Divide By Zero', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-377', - name: 'Insecure Temporary File', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-384', - name: 'Session Fixation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-385', - name: 'Covert Timing Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-39', - name: "Path Traversal: 'C:dirname'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-391', - name: 'Unchecked Error Condition', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-393', - name: 'Return of Wrong Status Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-410', - name: 'Insufficient Resource Pool', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-413', - name: 'Improper Resource Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-414', - name: 'Missing Lock Check', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-416', - name: 'Use After Free', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-419', - name: 'Unprotected Primary Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-420', - name: 'Unprotected Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-423', - name: 'DEPRECATED: Proxied Trusted Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-426', - name: 'Untrusted Search Path', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-428', - name: 'Unquoted Search Path or Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-431', - name: 'Missing Handler', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-436', - name: 'Interpretation Conflict', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-440', - name: 'Expected Behavior Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-443', - name: 'DEPRECATED: HTTP response splitting', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-448', - name: 'Obsolete Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-457', - name: 'Use of Uninitialized Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-459', - name: 'Incomplete Cleanup', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-468', - name: 'Incorrect Pointer Scaling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-476', - name: 'NULL Pointer Dereference', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-477', - name: 'Use of Obsolete Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-478', - name: 'Missing Default Case in Multiple Condition Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-480', - name: 'Use of Incorrect Operator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-481', - name: 'Assigning instead of Comparing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-482', - name: 'Comparing instead of Assigning', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-483', - name: 'Incorrect Block Delimitation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-486', - name: 'Comparison of Classes by Name', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-489', - name: 'Active Debug Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-501', - name: 'Trust Boundary Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-506', - name: 'Embedded Malicious Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-507', - name: 'Trojan Horse', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-511', - name: 'Logic/Time Bomb', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-514', - name: 'Covert Channel', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-515', - name: 'Covert Storage Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-516', - name: 'DEPRECATED: Covert Timing Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-521', - name: 'Weak Password Requirements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-526', - name: 'Cleartext Storage of Sensitive Information in an Environment Variable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-546', - name: 'Suspicious Comment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-549', - name: 'Missing Password Field Masking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-564', - name: 'SQL Injection: Hibernate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-570', - name: 'Expression is Always False', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-571', - name: 'Expression is Always True', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-584', - name: 'Return Inside Finally Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-585', - name: 'Empty Synchronized Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-586', - name: 'Explicit Call to Finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-589', - name: 'Call to Non-ubiquitous API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-600', - name: 'Uncaught Exception in Servlet', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-605', - name: 'Multiple Binds to the Same Port', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-609', - name: 'Double-Checked Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-617', - name: 'Reachable Assertion', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-62', - name: 'UNIX Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-620', - name: 'Unverified Password Change', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-621', - name: 'Variable Extraction Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-625', - name: 'Permissive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-638', - name: 'Not Using Complete Mediation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-65', - name: 'Windows Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-653', - name: 'Improper Isolation or Compartmentalization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-662', - name: 'Improper Synchronization', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-665', - name: 'Improper Initialization', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-667', - name: 'Improper Locking', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-674', - name: 'Uncontrolled Recursion', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-675', - name: 'Multiple Operations on Resource in Single-Operation Context', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-682', - name: 'Incorrect Calculation', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-693', - name: 'Protection Mechanism Failure', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-696', - name: 'Incorrect Behavior Order', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-697', - name: 'Incorrect Comparison', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-707', - name: 'Improper Neutralization', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-756', - name: 'Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-778', - name: 'Insufficient Logging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-779', - name: 'Logging of Excessive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-783', - name: 'Operator Precedence Logic Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-787', - name: 'Out-of-bounds Write', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-804', - name: 'Guessable CAPTCHA', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-820', - name: 'Missing Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-821', - name: 'Incorrect Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-834', - name: 'Excessive Iteration', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-862', - name: 'Missing Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-863', - name: 'Incorrect Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-912', - name: 'Hidden Functionality', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Policy with Untrusted Domains', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.14.js b/csaf-validator-lib/lib/cwec/4.14.js deleted file mode 100644 index e6adb6d..0000000 --- a/csaf-validator-lib/lib/cwec/4.14.js +++ /dev/null @@ -1,5758 +0,0 @@ -export default { - date: '2024-02-29', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1041', - name: 'Use of Redundant Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1059', - name: 'Insufficient Technical Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1069', - name: 'Empty Exception Block', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-107', - name: 'Struts: Unused Validation Form', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1071', - name: 'Empty Code Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-109', - name: 'Struts: Validator Turned Off', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-111', - name: 'Direct Use of Unsafe JNI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1116', - name: 'Inaccurate Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-112', - name: 'Missing XML Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1120', - name: 'Excessive Code Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1124', - name: 'Excessively Deep Nesting', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1125', - name: 'Excessive Attack Surface', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-114', - name: 'Process Control', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-115', - name: 'Misinterpretation of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1164', - name: 'Irrelevant Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1177', - name: 'Use of Prohibited Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1188', - name: 'Initialization of a Resource with an Insecure Default', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1191', - name: 'On-Chip Debug and Test Interface With Improper Access Control', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1192', - name: 'Improper Identifier for IP Block used in System-On-Chip (SOC)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-121', - name: 'Stack-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-122', - name: 'Heap-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-123', - name: 'Write-what-where Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1231', - name: 'Improper Prevention of Lock Bit Modification', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1233', - name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1240', - name: 'Use of a Cryptographic Primitive with a Risky Implementation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1244', - name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1247', - name: 'Improper Protection Against Voltage and Clock Glitches', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-125', - name: 'Out-of-bounds Read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1256', - name: 'Improper Restriction of Software Interfaces to Hardware Features', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-126', - name: 'Buffer Over-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1262', - name: 'Improper Access Control for Register Interface', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1267', - name: 'Policy Uses Obsolete Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-127', - name: 'Buffer Under-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1274', - name: 'Improper Access Control for Volatile Memory Containing Boot Code', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1277', - name: 'Firmware Not Updateable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-128', - name: 'Wrap-around Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1300', - name: 'Improper Protection of Physical Side Channels', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1302', - name: 'Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1317', - name: 'Improper Access Control in Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-132', - name: 'DEPRECATED: Miscalculated Null Termination', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Outbound Error Messages and Alert Signals', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1324', - name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1332', - name: 'Improper Handling of Faults that Lead to Instruction Skips', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1335', - name: 'Incorrect Bitwise Shift of Integer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1341', - name: 'Multiple Releases of Same Resource or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1342', - name: 'Information Exposure through Microarchitectural State after Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1357', - name: 'Reliance on Insufficiently Trustworthy Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-1384', - name: 'Improper Handling of Physical or Environmental Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1385', - name: 'Missing Origin Validation in WebSockets', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1386', - name: 'Insecure Operation on Windows Junction / Mount Point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1389', - name: 'Incorrect Parsing of Numbers with Different Radices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1390', - name: 'Weak Authentication', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1391', - name: 'Use of Weak Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1392', - name: 'Use of Default Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1393', - name: 'Use of Default Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1394', - name: 'Use of Default Cryptographic Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1395', - name: 'Dependency on Vulnerable Third-Party Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1419', - name: 'Incorrect Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1420', - name: 'Exposure of Sensitive Information during Transient Execution', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1421', - name: 'Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1422', - name: 'Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1423', - name: 'Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-170', - name: 'Improper Null Termination', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-172', - name: 'Encoding Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-185', - name: 'Incorrect Regular Expression', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-187', - name: 'Partial String Comparison', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-188', - name: 'Reliance on Data/Memory Layout', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-192', - name: 'Integer Coercion Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-193', - name: 'Off-by-one Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-194', - name: 'Unexpected Sign Extension', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-197', - name: 'Numeric Truncation Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-198', - name: 'Use of Incorrect Byte Ordering', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-20', - name: 'Improper Input Validation', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-203', - name: 'Observable Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-23', - name: 'Relative Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-248', - name: 'Uncaught Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-252', - name: 'Unchecked Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-259', - name: 'Use of Hard-coded Password', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-261', - name: 'Weak Encoding for Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-262', - name: 'Not Using Password Aging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-266', - name: 'Incorrect Privilege Assignment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-268', - name: 'Privilege Chaining', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-272', - name: 'Least Privilege Violation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-276', - name: 'Incorrect Default Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-277', - name: 'Insecure Inherited Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-282', - name: 'Improper Ownership Management', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-283', - name: 'Unverified Ownership', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-284', - name: 'Improper Access Control', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-285', - name: 'Improper Authorization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-286', - name: 'Incorrect User Management', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-287', - name: 'Improper Authentication', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-292', - name: 'DEPRECATED: Trusting Self-reported DNS Name', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-325', - name: 'Missing Cryptographic Step', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-326', - name: 'Inadequate Encryption Strength', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-328', - name: 'Use of Weak Hash', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-329', - name: 'Generation of Predictable IV with CBC Mode', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-331', - name: 'Insufficient Entropy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-332', - name: 'Insufficient Entropy in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-334', - name: 'Small Space of Random Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-339', - name: 'Small Seed Space in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-34', - name: "Path Traversal: '....//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-346', - name: 'Origin Validation Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-348', - name: 'Use of Less Trusted Source', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-35', - name: "Path Traversal: '.../...//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-351', - name: 'Insufficient Type Distinction', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-36', - name: 'Absolute Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-360', - name: 'Trust of System Event Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-365', - name: 'DEPRECATED: Race Condition in Switch', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-366', - name: 'Race Condition within a Thread', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-369', - name: 'Divide By Zero', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-377', - name: 'Insecure Temporary File', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-384', - name: 'Session Fixation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-385', - name: 'Covert Timing Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-39', - name: "Path Traversal: 'C:dirname'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-391', - name: 'Unchecked Error Condition', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-393', - name: 'Return of Wrong Status Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-410', - name: 'Insufficient Resource Pool', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-413', - name: 'Improper Resource Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-414', - name: 'Missing Lock Check', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-416', - name: 'Use After Free', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-419', - name: 'Unprotected Primary Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-420', - name: 'Unprotected Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-423', - name: 'DEPRECATED: Proxied Trusted Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-426', - name: 'Untrusted Search Path', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-428', - name: 'Unquoted Search Path or Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-431', - name: 'Missing Handler', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-436', - name: 'Interpretation Conflict', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-440', - name: 'Expected Behavior Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-443', - name: 'DEPRECATED: HTTP response splitting', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-448', - name: 'Obsolete Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-457', - name: 'Use of Uninitialized Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-459', - name: 'Incomplete Cleanup', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-468', - name: 'Incorrect Pointer Scaling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-476', - name: 'NULL Pointer Dereference', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-477', - name: 'Use of Obsolete Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-478', - name: 'Missing Default Case in Multiple Condition Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-480', - name: 'Use of Incorrect Operator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-481', - name: 'Assigning instead of Comparing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-482', - name: 'Comparing instead of Assigning', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-483', - name: 'Incorrect Block Delimitation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-486', - name: 'Comparison of Classes by Name', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-489', - name: 'Active Debug Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-501', - name: 'Trust Boundary Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-506', - name: 'Embedded Malicious Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-507', - name: 'Trojan Horse', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-511', - name: 'Logic/Time Bomb', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-514', - name: 'Covert Channel', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-515', - name: 'Covert Storage Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-516', - name: 'DEPRECATED: Covert Timing Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-521', - name: 'Weak Password Requirements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-526', - name: 'Cleartext Storage of Sensitive Information in an Environment Variable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-546', - name: 'Suspicious Comment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-549', - name: 'Missing Password Field Masking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-564', - name: 'SQL Injection: Hibernate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-570', - name: 'Expression is Always False', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-571', - name: 'Expression is Always True', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-584', - name: 'Return Inside Finally Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-585', - name: 'Empty Synchronized Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-586', - name: 'Explicit Call to Finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-589', - name: 'Call to Non-ubiquitous API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-600', - name: 'Uncaught Exception in Servlet', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-605', - name: 'Multiple Binds to the Same Port', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-609', - name: 'Double-Checked Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-617', - name: 'Reachable Assertion', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-62', - name: 'UNIX Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-620', - name: 'Unverified Password Change', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-621', - name: 'Variable Extraction Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-625', - name: 'Permissive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-638', - name: 'Not Using Complete Mediation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-65', - name: 'Windows Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-653', - name: 'Improper Isolation or Compartmentalization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-662', - name: 'Improper Synchronization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-665', - name: 'Improper Initialization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-667', - name: 'Improper Locking', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-674', - name: 'Uncontrolled Recursion', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-675', - name: 'Multiple Operations on Resource in Single-Operation Context', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-682', - name: 'Incorrect Calculation', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-693', - name: 'Protection Mechanism Failure', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-696', - name: 'Incorrect Behavior Order', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-697', - name: 'Incorrect Comparison', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-707', - name: 'Improper Neutralization', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-756', - name: 'Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-778', - name: 'Insufficient Logging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-779', - name: 'Logging of Excessive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-783', - name: 'Operator Precedence Logic Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-787', - name: 'Out-of-bounds Write', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-804', - name: 'Guessable CAPTCHA', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-820', - name: 'Missing Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-821', - name: 'Incorrect Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-834', - name: 'Excessive Iteration', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-862', - name: 'Missing Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-863', - name: 'Incorrect Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-912', - name: 'Hidden Functionality', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Policy with Untrusted Domains', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.15.js b/csaf-validator-lib/lib/cwec/4.15.js deleted file mode 100644 index 212fac1..0000000 --- a/csaf-validator-lib/lib/cwec/4.15.js +++ /dev/null @@ -1,5764 +0,0 @@ -export default { - date: '2024-07-16', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1041', - name: 'Use of Redundant Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1059', - name: 'Insufficient Technical Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1069', - name: 'Empty Exception Block', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-107', - name: 'Struts: Unused Validation Form', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1071', - name: 'Empty Code Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-109', - name: 'Struts: Validator Turned Off', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-111', - name: 'Direct Use of Unsafe JNI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1116', - name: 'Inaccurate Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-112', - name: 'Missing XML Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1120', - name: 'Excessive Code Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1124', - name: 'Excessively Deep Nesting', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1125', - name: 'Excessive Attack Surface', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-114', - name: 'Process Control', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-115', - name: 'Misinterpretation of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1164', - name: 'Irrelevant Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1177', - name: 'Use of Prohibited Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1188', - name: 'Initialization of a Resource with an Insecure Default', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1191', - name: 'On-Chip Debug and Test Interface With Improper Access Control', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1192', - name: 'Improper Identifier for IP Block used in System-On-Chip (SOC)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-121', - name: 'Stack-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-122', - name: 'Heap-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-123', - name: 'Write-what-where Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1231', - name: 'Improper Prevention of Lock Bit Modification', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1233', - name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1240', - name: 'Use of a Cryptographic Primitive with a Risky Implementation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1244', - name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1247', - name: 'Improper Protection Against Voltage and Clock Glitches', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-125', - name: 'Out-of-bounds Read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1256', - name: 'Improper Restriction of Software Interfaces to Hardware Features', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-126', - name: 'Buffer Over-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1262', - name: 'Improper Access Control for Register Interface', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1267', - name: 'Policy Uses Obsolete Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-127', - name: 'Buffer Under-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1274', - name: 'Improper Access Control for Volatile Memory Containing Boot Code', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1277', - name: 'Firmware Not Updateable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-128', - name: 'Wrap-around Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1300', - name: 'Improper Protection of Physical Side Channels', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1302', - name: 'Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1317', - name: 'Improper Access Control in Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-132', - name: 'DEPRECATED: Miscalculated Null Termination', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Outbound Error Messages and Alert Signals', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1324', - name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1332', - name: 'Improper Handling of Faults that Lead to Instruction Skips', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1335', - name: 'Incorrect Bitwise Shift of Integer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1341', - name: 'Multiple Releases of Same Resource or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1342', - name: 'Information Exposure through Microarchitectural State after Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1357', - name: 'Reliance on Insufficiently Trustworthy Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-1384', - name: 'Improper Handling of Physical or Environmental Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1385', - name: 'Missing Origin Validation in WebSockets', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1386', - name: 'Insecure Operation on Windows Junction / Mount Point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1389', - name: 'Incorrect Parsing of Numbers with Different Radices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1390', - name: 'Weak Authentication', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1391', - name: 'Use of Weak Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1392', - name: 'Use of Default Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1393', - name: 'Use of Default Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1394', - name: 'Use of Default Cryptographic Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1395', - name: 'Dependency on Vulnerable Third-Party Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1419', - name: 'Incorrect Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1420', - name: 'Exposure of Sensitive Information during Transient Execution', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1421', - name: 'Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1422', - name: 'Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1423', - name: 'Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1426', - name: 'Improper Validation of Generative AI Output', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-170', - name: 'Improper Null Termination', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-172', - name: 'Encoding Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-185', - name: 'Incorrect Regular Expression', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-187', - name: 'Partial String Comparison', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-188', - name: 'Reliance on Data/Memory Layout', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-192', - name: 'Integer Coercion Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-193', - name: 'Off-by-one Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-194', - name: 'Unexpected Sign Extension', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-197', - name: 'Numeric Truncation Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-198', - name: 'Use of Incorrect Byte Ordering', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-20', - name: 'Improper Input Validation', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-203', - name: 'Observable Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-23', - name: 'Relative Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-248', - name: 'Uncaught Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-252', - name: 'Unchecked Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-259', - name: 'Use of Hard-coded Password', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-261', - name: 'Weak Encoding for Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-262', - name: 'Not Using Password Aging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-266', - name: 'Incorrect Privilege Assignment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-268', - name: 'Privilege Chaining', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-272', - name: 'Least Privilege Violation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-276', - name: 'Incorrect Default Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-277', - name: 'Insecure Inherited Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-282', - name: 'Improper Ownership Management', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-283', - name: 'Unverified Ownership', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-284', - name: 'Improper Access Control', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-285', - name: 'Improper Authorization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-286', - name: 'Incorrect User Management', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-287', - name: 'Improper Authentication', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-292', - name: 'DEPRECATED: Trusting Self-reported DNS Name', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-325', - name: 'Missing Cryptographic Step', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-326', - name: 'Inadequate Encryption Strength', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-328', - name: 'Use of Weak Hash', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-329', - name: 'Generation of Predictable IV with CBC Mode', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-331', - name: 'Insufficient Entropy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-332', - name: 'Insufficient Entropy in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-334', - name: 'Small Space of Random Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-339', - name: 'Small Seed Space in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-34', - name: "Path Traversal: '....//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-346', - name: 'Origin Validation Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-348', - name: 'Use of Less Trusted Source', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-35', - name: "Path Traversal: '.../...//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-351', - name: 'Insufficient Type Distinction', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-36', - name: 'Absolute Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-360', - name: 'Trust of System Event Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-365', - name: 'DEPRECATED: Race Condition in Switch', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-366', - name: 'Race Condition within a Thread', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-369', - name: 'Divide By Zero', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-377', - name: 'Insecure Temporary File', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-384', - name: 'Session Fixation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-385', - name: 'Covert Timing Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-39', - name: "Path Traversal: 'C:dirname'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-391', - name: 'Unchecked Error Condition', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-393', - name: 'Return of Wrong Status Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-410', - name: 'Insufficient Resource Pool', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-413', - name: 'Improper Resource Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-414', - name: 'Missing Lock Check', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-416', - name: 'Use After Free', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-419', - name: 'Unprotected Primary Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-420', - name: 'Unprotected Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-423', - name: 'DEPRECATED: Proxied Trusted Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-426', - name: 'Untrusted Search Path', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-428', - name: 'Unquoted Search Path or Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-431', - name: 'Missing Handler', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-436', - name: 'Interpretation Conflict', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-440', - name: 'Expected Behavior Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-443', - name: 'DEPRECATED: HTTP response splitting', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-448', - name: 'Obsolete Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-457', - name: 'Use of Uninitialized Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-459', - name: 'Incomplete Cleanup', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-468', - name: 'Incorrect Pointer Scaling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-476', - name: 'NULL Pointer Dereference', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-477', - name: 'Use of Obsolete Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-478', - name: 'Missing Default Case in Multiple Condition Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-480', - name: 'Use of Incorrect Operator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-481', - name: 'Assigning instead of Comparing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-482', - name: 'Comparing instead of Assigning', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-483', - name: 'Incorrect Block Delimitation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-486', - name: 'Comparison of Classes by Name', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-489', - name: 'Active Debug Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-501', - name: 'Trust Boundary Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-506', - name: 'Embedded Malicious Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-507', - name: 'Trojan Horse', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-511', - name: 'Logic/Time Bomb', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-514', - name: 'Covert Channel', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-515', - name: 'Covert Storage Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-516', - name: 'DEPRECATED: Covert Timing Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-521', - name: 'Weak Password Requirements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-526', - name: 'Cleartext Storage of Sensitive Information in an Environment Variable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-546', - name: 'Suspicious Comment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-549', - name: 'Missing Password Field Masking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-564', - name: 'SQL Injection: Hibernate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-570', - name: 'Expression is Always False', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-571', - name: 'Expression is Always True', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-584', - name: 'Return Inside Finally Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-585', - name: 'Empty Synchronized Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-586', - name: 'Explicit Call to Finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-589', - name: 'Call to Non-ubiquitous API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-600', - name: 'Uncaught Exception in Servlet', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-605', - name: 'Multiple Binds to the Same Port', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-609', - name: 'Double-Checked Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-617', - name: 'Reachable Assertion', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-62', - name: 'UNIX Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-620', - name: 'Unverified Password Change', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-621', - name: 'Variable Extraction Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-625', - name: 'Permissive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-638', - name: 'Not Using Complete Mediation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-65', - name: 'Windows Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-653', - name: 'Improper Isolation or Compartmentalization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-662', - name: 'Improper Synchronization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-665', - name: 'Improper Initialization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-667', - name: 'Improper Locking', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-674', - name: 'Uncontrolled Recursion', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-675', - name: 'Multiple Operations on Resource in Single-Operation Context', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-682', - name: 'Incorrect Calculation', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-693', - name: 'Protection Mechanism Failure', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-696', - name: 'Incorrect Behavior Order', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-697', - name: 'Incorrect Comparison', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-707', - name: 'Improper Neutralization', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-756', - name: 'Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-778', - name: 'Insufficient Logging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-779', - name: 'Logging of Excessive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-783', - name: 'Operator Precedence Logic Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-787', - name: 'Out-of-bounds Write', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-804', - name: 'Guessable CAPTCHA', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-820', - name: 'Missing Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-821', - name: 'Incorrect Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-834', - name: 'Excessive Iteration', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-862', - name: 'Missing Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-863', - name: 'Incorrect Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-912', - name: 'Hidden Functionality', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Policy with Untrusted Domains', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.16.js b/csaf-validator-lib/lib/cwec/4.16.js deleted file mode 100644 index 319b96e..0000000 --- a/csaf-validator-lib/lib/cwec/4.16.js +++ /dev/null @@ -1,5770 +0,0 @@ -export default { - date: '2024-11-19', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1041', - name: 'Use of Redundant Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1059', - name: 'Insufficient Technical Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1069', - name: 'Empty Exception Block', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-107', - name: 'Struts: Unused Validation Form', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1071', - name: 'Empty Code Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-109', - name: 'Struts: Validator Turned Off', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-111', - name: 'Direct Use of Unsafe JNI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1116', - name: 'Inaccurate Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-112', - name: 'Missing XML Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1120', - name: 'Excessive Code Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1124', - name: 'Excessively Deep Nesting', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1125', - name: 'Excessive Attack Surface', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-114', - name: 'Process Control', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-115', - name: 'Misinterpretation of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1164', - name: 'Irrelevant Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1177', - name: 'Use of Prohibited Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1188', - name: 'Initialization of a Resource with an Insecure Default', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1191', - name: 'On-Chip Debug and Test Interface With Improper Access Control', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1192', - name: 'Improper Identifier for IP Block used in System-On-Chip (SOC)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-121', - name: 'Stack-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-122', - name: 'Heap-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-123', - name: 'Write-what-where Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1231', - name: 'Improper Prevention of Lock Bit Modification', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1233', - name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1240', - name: 'Use of a Cryptographic Primitive with a Risky Implementation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1244', - name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1247', - name: 'Improper Protection Against Voltage and Clock Glitches', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-125', - name: 'Out-of-bounds Read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1256', - name: 'Improper Restriction of Software Interfaces to Hardware Features', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-126', - name: 'Buffer Over-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1262', - name: 'Improper Access Control for Register Interface', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1267', - name: 'Policy Uses Obsolete Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-127', - name: 'Buffer Under-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1274', - name: 'Improper Access Control for Volatile Memory Containing Boot Code', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1277', - name: 'Firmware Not Updateable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-128', - name: 'Wrap-around Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1300', - name: 'Improper Protection of Physical Side Channels', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1302', - name: 'Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1317', - name: 'Improper Access Control in Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-132', - name: 'DEPRECATED: Miscalculated Null Termination', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Outbound Error Messages and Alert Signals', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1324', - name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1332', - name: 'Improper Handling of Faults that Lead to Instruction Skips', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1335', - name: 'Incorrect Bitwise Shift of Integer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1341', - name: 'Multiple Releases of Same Resource or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1342', - name: 'Information Exposure through Microarchitectural State after Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1357', - name: 'Reliance on Insufficiently Trustworthy Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-1384', - name: 'Improper Handling of Physical or Environmental Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1385', - name: 'Missing Origin Validation in WebSockets', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1386', - name: 'Insecure Operation on Windows Junction / Mount Point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1389', - name: 'Incorrect Parsing of Numbers with Different Radices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1390', - name: 'Weak Authentication', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1391', - name: 'Use of Weak Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1392', - name: 'Use of Default Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1393', - name: 'Use of Default Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1394', - name: 'Use of Default Cryptographic Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1395', - name: 'Dependency on Vulnerable Third-Party Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1419', - name: 'Incorrect Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1420', - name: 'Exposure of Sensitive Information during Transient Execution', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1421', - name: 'Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1422', - name: 'Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1423', - name: 'Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1426', - name: 'Improper Validation of Generative AI Output', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-1427', - name: 'Improper Neutralization of Input Used for LLM Prompting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-170', - name: 'Improper Null Termination', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-172', - name: 'Encoding Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-185', - name: 'Incorrect Regular Expression', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-187', - name: 'Partial String Comparison', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-188', - name: 'Reliance on Data/Memory Layout', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-192', - name: 'Integer Coercion Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-193', - name: 'Off-by-one Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-194', - name: 'Unexpected Sign Extension', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-197', - name: 'Numeric Truncation Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-198', - name: 'Use of Incorrect Byte Ordering', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-20', - name: 'Improper Input Validation', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-203', - name: 'Observable Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-23', - name: 'Relative Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-248', - name: 'Uncaught Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-252', - name: 'Unchecked Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-259', - name: 'Use of Hard-coded Password', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-261', - name: 'Weak Encoding for Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-262', - name: 'Not Using Password Aging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-266', - name: 'Incorrect Privilege Assignment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-268', - name: 'Privilege Chaining', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-272', - name: 'Least Privilege Violation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-276', - name: 'Incorrect Default Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-277', - name: 'Insecure Inherited Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-282', - name: 'Improper Ownership Management', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-283', - name: 'Unverified Ownership', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-284', - name: 'Improper Access Control', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-285', - name: 'Improper Authorization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-286', - name: 'Incorrect User Management', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-287', - name: 'Improper Authentication', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-292', - name: 'DEPRECATED: Trusting Self-reported DNS Name', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-325', - name: 'Missing Cryptographic Step', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-326', - name: 'Inadequate Encryption Strength', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-328', - name: 'Use of Weak Hash', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-329', - name: 'Generation of Predictable IV with CBC Mode', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-331', - name: 'Insufficient Entropy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-332', - name: 'Insufficient Entropy in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-334', - name: 'Small Space of Random Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-339', - name: 'Small Seed Space in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-34', - name: "Path Traversal: '....//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-346', - name: 'Origin Validation Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-348', - name: 'Use of Less Trusted Source', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-35', - name: "Path Traversal: '.../...//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-351', - name: 'Insufficient Type Distinction', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-36', - name: 'Absolute Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-360', - name: 'Trust of System Event Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-365', - name: 'DEPRECATED: Race Condition in Switch', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-366', - name: 'Race Condition within a Thread', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-369', - name: 'Divide By Zero', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-377', - name: 'Insecure Temporary File', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-384', - name: 'Session Fixation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-385', - name: 'Covert Timing Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-39', - name: "Path Traversal: 'C:dirname'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-391', - name: 'Unchecked Error Condition', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-393', - name: 'Return of Wrong Status Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-410', - name: 'Insufficient Resource Pool', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-413', - name: 'Improper Resource Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-414', - name: 'Missing Lock Check', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-416', - name: 'Use After Free', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-419', - name: 'Unprotected Primary Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-420', - name: 'Unprotected Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-423', - name: 'DEPRECATED: Proxied Trusted Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-426', - name: 'Untrusted Search Path', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-428', - name: 'Unquoted Search Path or Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-431', - name: 'Missing Handler', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-436', - name: 'Interpretation Conflict', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-440', - name: 'Expected Behavior Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-443', - name: 'DEPRECATED: HTTP response splitting', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-448', - name: 'Obsolete Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-457', - name: 'Use of Uninitialized Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-459', - name: 'Incomplete Cleanup', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-468', - name: 'Incorrect Pointer Scaling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-476', - name: 'NULL Pointer Dereference', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-477', - name: 'Use of Obsolete Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-478', - name: 'Missing Default Case in Multiple Condition Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-480', - name: 'Use of Incorrect Operator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-481', - name: 'Assigning instead of Comparing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-482', - name: 'Comparing instead of Assigning', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-483', - name: 'Incorrect Block Delimitation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-486', - name: 'Comparison of Classes by Name', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-489', - name: 'Active Debug Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-501', - name: 'Trust Boundary Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-506', - name: 'Embedded Malicious Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-507', - name: 'Trojan Horse', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-511', - name: 'Logic/Time Bomb', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-514', - name: 'Covert Channel', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-515', - name: 'Covert Storage Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-516', - name: 'DEPRECATED: Covert Timing Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-521', - name: 'Weak Password Requirements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-526', - name: 'Cleartext Storage of Sensitive Information in an Environment Variable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-546', - name: 'Suspicious Comment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-549', - name: 'Missing Password Field Masking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-564', - name: 'SQL Injection: Hibernate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-570', - name: 'Expression is Always False', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-571', - name: 'Expression is Always True', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-584', - name: 'Return Inside Finally Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-585', - name: 'Empty Synchronized Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-586', - name: 'Explicit Call to Finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-589', - name: 'Call to Non-ubiquitous API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-600', - name: 'Uncaught Exception in Servlet', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-605', - name: 'Multiple Binds to the Same Port', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-609', - name: 'Double-Checked Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-617', - name: 'Reachable Assertion', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-62', - name: 'UNIX Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-620', - name: 'Unverified Password Change', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-621', - name: 'Variable Extraction Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-625', - name: 'Permissive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-638', - name: 'Not Using Complete Mediation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-65', - name: 'Windows Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-653', - name: 'Improper Isolation or Compartmentalization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-662', - name: 'Improper Synchronization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-665', - name: 'Improper Initialization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-667', - name: 'Improper Locking', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-674', - name: 'Uncontrolled Recursion', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-675', - name: 'Multiple Operations on Resource in Single-Operation Context', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-682', - name: 'Incorrect Calculation', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-693', - name: 'Protection Mechanism Failure', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-696', - name: 'Incorrect Behavior Order', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-697', - name: 'Incorrect Comparison', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-707', - name: 'Improper Neutralization', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-756', - name: 'Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-778', - name: 'Insufficient Logging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-779', - name: 'Logging of Excessive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-783', - name: 'Operator Precedence Logic Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-787', - name: 'Out-of-bounds Write', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-804', - name: 'Guessable CAPTCHA', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-820', - name: 'Missing Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-821', - name: 'Incorrect Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-834', - name: 'Excessive Iteration', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-862', - name: 'Missing Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-863', - name: 'Incorrect Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-912', - name: 'Hidden Functionality', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Policy with Untrusted Domains', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.17.js b/csaf-validator-lib/lib/cwec/4.17.js deleted file mode 100644 index bb57183..0000000 --- a/csaf-validator-lib/lib/cwec/4.17.js +++ /dev/null @@ -1,5788 +0,0 @@ -export default { - date: '2025-04-03', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1039', - name: 'Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1041', - name: 'Use of Redundant Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1059', - name: 'Insufficient Technical Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1069', - name: 'Empty Exception Block', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-107', - name: 'Struts: Unused Validation Form', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1071', - name: 'Empty Code Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-109', - name: 'Struts: Validator Turned Off', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-111', - name: 'Direct Use of Unsafe JNI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1116', - name: 'Inaccurate Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-112', - name: 'Missing XML Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1120', - name: 'Excessive Code Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1124', - name: 'Excessively Deep Nesting', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1125', - name: 'Excessive Attack Surface', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-114', - name: 'Process Control', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-115', - name: 'Misinterpretation of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1164', - name: 'Irrelevant Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1177', - name: 'Use of Prohibited Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1188', - name: 'Initialization of a Resource with an Insecure Default', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1191', - name: 'On-Chip Debug and Test Interface With Improper Access Control', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1192', - name: 'Improper Identifier for IP Block used in System-On-Chip (SOC)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-121', - name: 'Stack-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-122', - name: 'Heap-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-123', - name: 'Write-what-where Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1231', - name: 'Improper Prevention of Lock Bit Modification', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1233', - name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1240', - name: 'Use of a Cryptographic Primitive with a Risky Implementation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1244', - name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1247', - name: 'Improper Protection Against Voltage and Clock Glitches', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-125', - name: 'Out-of-bounds Read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1256', - name: 'Improper Restriction of Software Interfaces to Hardware Features', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-126', - name: 'Buffer Over-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1262', - name: 'Improper Access Control for Register Interface', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1267', - name: 'Policy Uses Obsolete Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-127', - name: 'Buffer Under-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1274', - name: 'Improper Access Control for Volatile Memory Containing Boot Code', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1277', - name: 'Firmware Not Updateable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-128', - name: 'Wrap-around Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1300', - name: 'Improper Protection of Physical Side Channels', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1302', - name: 'Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1317', - name: 'Improper Access Control in Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-132', - name: 'DEPRECATED: Miscalculated Null Termination', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Outbound Error Messages and Alert Signals', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1324', - name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1332', - name: 'Improper Handling of Faults that Lead to Instruction Skips', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1335', - name: 'Incorrect Bitwise Shift of Integer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1341', - name: 'Multiple Releases of Same Resource or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1342', - name: 'Information Exposure through Microarchitectural State after Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1357', - name: 'Reliance on Insufficiently Trustworthy Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-1384', - name: 'Improper Handling of Physical or Environmental Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1385', - name: 'Missing Origin Validation in WebSockets', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1386', - name: 'Insecure Operation on Windows Junction / Mount Point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1389', - name: 'Incorrect Parsing of Numbers with Different Radices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1390', - name: 'Weak Authentication', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1391', - name: 'Use of Weak Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1392', - name: 'Use of Default Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1393', - name: 'Use of Default Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1394', - name: 'Use of Default Cryptographic Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1395', - name: 'Dependency on Vulnerable Third-Party Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1419', - name: 'Incorrect Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1420', - name: 'Exposure of Sensitive Information during Transient Execution', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1421', - name: 'Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1422', - name: 'Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1423', - name: 'Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1426', - name: 'Improper Validation of Generative AI Output', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-1427', - name: 'Improper Neutralization of Input Used for LLM Prompting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1428', - name: 'Reliance on HTTP instead of HTTPS', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1429', - name: 'Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1431', - name: 'Driving Intermediate Cryptographic State/Results to Hardware Module Outputs', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-170', - name: 'Improper Null Termination', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-172', - name: 'Encoding Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-185', - name: 'Incorrect Regular Expression', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-187', - name: 'Partial String Comparison', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-188', - name: 'Reliance on Data/Memory Layout', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-192', - name: 'Integer Coercion Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-193', - name: 'Off-by-one Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-194', - name: 'Unexpected Sign Extension', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-197', - name: 'Numeric Truncation Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-198', - name: 'Use of Incorrect Byte Ordering', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-20', - name: 'Improper Input Validation', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-203', - name: 'Observable Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-23', - name: 'Relative Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-248', - name: 'Uncaught Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-252', - name: 'Unchecked Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-259', - name: 'Use of Hard-coded Password', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-261', - name: 'Weak Encoding for Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-262', - name: 'Not Using Password Aging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-266', - name: 'Incorrect Privilege Assignment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-268', - name: 'Privilege Chaining', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-272', - name: 'Least Privilege Violation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-276', - name: 'Incorrect Default Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-277', - name: 'Insecure Inherited Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-282', - name: 'Improper Ownership Management', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-283', - name: 'Unverified Ownership', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-284', - name: 'Improper Access Control', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-285', - name: 'Improper Authorization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-286', - name: 'Incorrect User Management', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-287', - name: 'Improper Authentication', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-292', - name: 'DEPRECATED: Trusting Self-reported DNS Name', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-325', - name: 'Missing Cryptographic Step', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-326', - name: 'Inadequate Encryption Strength', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-328', - name: 'Use of Weak Hash', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-329', - name: 'Generation of Predictable IV with CBC Mode', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-331', - name: 'Insufficient Entropy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-332', - name: 'Insufficient Entropy in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-334', - name: 'Small Space of Random Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-339', - name: 'Small Seed Space in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-34', - name: "Path Traversal: '....//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-346', - name: 'Origin Validation Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-348', - name: 'Use of Less Trusted Source', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-35', - name: "Path Traversal: '.../...//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-351', - name: 'Insufficient Type Distinction', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-36', - name: 'Absolute Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-360', - name: 'Trust of System Event Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-365', - name: 'DEPRECATED: Race Condition in Switch', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-366', - name: 'Race Condition within a Thread', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-369', - name: 'Divide By Zero', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-377', - name: 'Insecure Temporary File', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-384', - name: 'Session Fixation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-385', - name: 'Covert Timing Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-39', - name: "Path Traversal: 'C:dirname'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-391', - name: 'Unchecked Error Condition', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-393', - name: 'Return of Wrong Status Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-410', - name: 'Insufficient Resource Pool', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-413', - name: 'Improper Resource Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-414', - name: 'Missing Lock Check', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-416', - name: 'Use After Free', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-419', - name: 'Unprotected Primary Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-420', - name: 'Unprotected Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-423', - name: 'DEPRECATED: Proxied Trusted Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-426', - name: 'Untrusted Search Path', - status: 'Stable', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-428', - name: 'Unquoted Search Path or Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-431', - name: 'Missing Handler', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-436', - name: 'Interpretation Conflict', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-440', - name: 'Expected Behavior Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-443', - name: 'DEPRECATED: HTTP response splitting', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-448', - name: 'Obsolete Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-457', - name: 'Use of Uninitialized Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-459', - name: 'Incomplete Cleanup', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-468', - name: 'Incorrect Pointer Scaling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-476', - name: 'NULL Pointer Dereference', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-477', - name: 'Use of Obsolete Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-478', - name: 'Missing Default Case in Multiple Condition Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-480', - name: 'Use of Incorrect Operator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-481', - name: 'Assigning instead of Comparing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-482', - name: 'Comparing instead of Assigning', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-483', - name: 'Incorrect Block Delimitation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-486', - name: 'Comparison of Classes by Name', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-489', - name: 'Active Debug Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-501', - name: 'Trust Boundary Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-506', - name: 'Embedded Malicious Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-507', - name: 'Trojan Horse', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-511', - name: 'Logic/Time Bomb', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-514', - name: 'Covert Channel', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-515', - name: 'Covert Storage Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-516', - name: 'DEPRECATED: Covert Timing Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-521', - name: 'Weak Password Requirements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-526', - name: 'Cleartext Storage of Sensitive Information in an Environment Variable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-546', - name: 'Suspicious Comment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-549', - name: 'Missing Password Field Masking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-564', - name: 'SQL Injection: Hibernate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-570', - name: 'Expression is Always False', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-571', - name: 'Expression is Always True', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-584', - name: 'Return Inside Finally Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-585', - name: 'Empty Synchronized Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-586', - name: 'Explicit Call to Finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-589', - name: 'Call to Non-ubiquitous API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-600', - name: 'Uncaught Exception in Servlet', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-605', - name: 'Multiple Binds to the Same Port', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-609', - name: 'Double-Checked Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-617', - name: 'Reachable Assertion', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-62', - name: 'UNIX Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-620', - name: 'Unverified Password Change', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-621', - name: 'Variable Extraction Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-625', - name: 'Permissive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-638', - name: 'Not Using Complete Mediation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-65', - name: 'Windows Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-653', - name: 'Improper Isolation or Compartmentalization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-662', - name: 'Improper Synchronization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-665', - name: 'Improper Initialization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-667', - name: 'Improper Locking', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-674', - name: 'Uncontrolled Recursion', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-675', - name: 'Multiple Operations on Resource in Single-Operation Context', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-682', - name: 'Incorrect Calculation', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-693', - name: 'Protection Mechanism Failure', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-696', - name: 'Incorrect Behavior Order', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-697', - name: 'Incorrect Comparison', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-707', - name: 'Improper Neutralization', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-756', - name: 'Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-778', - name: 'Insufficient Logging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-779', - name: 'Logging of Excessive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-783', - name: 'Operator Precedence Logic Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-787', - name: 'Out-of-bounds Write', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-804', - name: 'Guessable CAPTCHA', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-820', - name: 'Missing Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-821', - name: 'Incorrect Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-834', - name: 'Excessive Iteration', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-862', - name: 'Missing Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-863', - name: 'Incorrect Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-912', - name: 'Hidden Functionality', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Policy with Untrusted Domains', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.18.js b/csaf-validator-lib/lib/cwec/4.18.js deleted file mode 100644 index 3a718ef..0000000 --- a/csaf-validator-lib/lib/cwec/4.18.js +++ /dev/null @@ -1,5794 +0,0 @@ -export default { - date: '2025-09-09', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1039', - name: 'Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1041', - name: 'Use of Redundant Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1059', - name: 'Insufficient Technical Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1069', - name: 'Empty Exception Block', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-107', - name: 'Struts: Unused Validation Form', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1071', - name: 'Empty Code Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-109', - name: 'Struts: Validator Turned Off', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-111', - name: 'Direct Use of Unsafe JNI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1116', - name: 'Inaccurate Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-112', - name: 'Missing XML Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1120', - name: 'Excessive Code Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1124', - name: 'Excessively Deep Nesting', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1125', - name: 'Excessive Attack Surface', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-114', - name: 'Process Control', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-115', - name: 'Misinterpretation of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1164', - name: 'Irrelevant Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1177', - name: 'Use of Prohibited Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1188', - name: 'Initialization of a Resource with an Insecure Default', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1191', - name: 'On-Chip Debug and Test Interface With Improper Access Control', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1192', - name: 'Improper Identifier for IP Block used in System-On-Chip (SOC)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-121', - name: 'Stack-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-122', - name: 'Heap-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-123', - name: 'Write-what-where Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1231', - name: 'Improper Prevention of Lock Bit Modification', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1233', - name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1240', - name: 'Use of a Cryptographic Primitive with a Risky Implementation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1244', - name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1247', - name: 'Improper Protection Against Voltage and Clock Glitches', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-125', - name: 'Out-of-bounds Read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1256', - name: 'Improper Restriction of Software Interfaces to Hardware Features', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-126', - name: 'Buffer Over-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1262', - name: 'Improper Access Control for Register Interface', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1267', - name: 'Policy Uses Obsolete Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-127', - name: 'Buffer Under-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1274', - name: 'Improper Access Control for Volatile Memory Containing Boot Code', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1277', - name: 'Firmware Not Updateable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-128', - name: 'Wrap-around Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1300', - name: 'Improper Protection of Physical Side Channels', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1302', - name: 'Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1317', - name: 'Improper Access Control in Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-132', - name: 'DEPRECATED: Miscalculated Null Termination', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Outbound Error Messages and Alert Signals', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1324', - name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1332', - name: 'Improper Handling of Faults that Lead to Instruction Skips', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1335', - name: 'Incorrect Bitwise Shift of Integer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1341', - name: 'Multiple Releases of Same Resource or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1342', - name: 'Information Exposure through Microarchitectural State after Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1357', - name: 'Reliance on Insufficiently Trustworthy Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-1384', - name: 'Improper Handling of Physical or Environmental Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1385', - name: 'Missing Origin Validation in WebSockets', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1386', - name: 'Insecure Operation on Windows Junction / Mount Point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1389', - name: 'Incorrect Parsing of Numbers with Different Radices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1390', - name: 'Weak Authentication', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1391', - name: 'Use of Weak Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1392', - name: 'Use of Default Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1393', - name: 'Use of Default Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1394', - name: 'Use of Default Cryptographic Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1395', - name: 'Dependency on Vulnerable Third-Party Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1419', - name: 'Incorrect Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1420', - name: 'Exposure of Sensitive Information during Transient Execution', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1421', - name: 'Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1422', - name: 'Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1423', - name: 'Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1426', - name: 'Improper Validation of Generative AI Output', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-1427', - name: 'Improper Neutralization of Input Used for LLM Prompting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1428', - name: 'Reliance on HTTP instead of HTTPS', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1429', - name: 'Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1431', - name: 'Driving Intermediate Cryptographic State/Results to Hardware Module Outputs', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1434', - name: 'Insecure Setting of Generative AI/ML Model Inference Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-170', - name: 'Improper Null Termination', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-172', - name: 'Encoding Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-185', - name: 'Incorrect Regular Expression', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-187', - name: 'Partial String Comparison', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-188', - name: 'Reliance on Data/Memory Layout', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-192', - name: 'Integer Coercion Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-193', - name: 'Off-by-one Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-194', - name: 'Unexpected Sign Extension', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-197', - name: 'Numeric Truncation Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-198', - name: 'Use of Incorrect Byte Ordering', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-20', - name: 'Improper Input Validation', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-203', - name: 'Observable Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-23', - name: 'Relative Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-248', - name: 'Uncaught Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-252', - name: 'Unchecked Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-259', - name: 'Use of Hard-coded Password', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-261', - name: 'Weak Encoding for Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-262', - name: 'Not Using Password Aging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-266', - name: 'Incorrect Privilege Assignment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-268', - name: 'Privilege Chaining', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-272', - name: 'Least Privilege Violation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-276', - name: 'Incorrect Default Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-277', - name: 'Insecure Inherited Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-282', - name: 'Improper Ownership Management', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-283', - name: 'Unverified Ownership', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-284', - name: 'Improper Access Control', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-285', - name: 'Improper Authorization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-286', - name: 'Incorrect User Management', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-287', - name: 'Improper Authentication', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-292', - name: 'DEPRECATED: Trusting Self-reported DNS Name', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-325', - name: 'Missing Cryptographic Step', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-326', - name: 'Inadequate Encryption Strength', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-328', - name: 'Use of Weak Hash', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-329', - name: 'Generation of Predictable IV with CBC Mode', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-331', - name: 'Insufficient Entropy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-332', - name: 'Insufficient Entropy in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-334', - name: 'Small Space of Random Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-339', - name: 'Small Seed Space in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-34', - name: "Path Traversal: '....//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-346', - name: 'Origin Validation Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-348', - name: 'Use of Less Trusted Source', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-35', - name: "Path Traversal: '.../...//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-351', - name: 'Insufficient Type Distinction', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-36', - name: 'Absolute Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-360', - name: 'Trust of System Event Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-365', - name: 'DEPRECATED: Race Condition in Switch', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-366', - name: 'Race Condition within a Thread', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-369', - name: 'Divide By Zero', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-377', - name: 'Insecure Temporary File', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-384', - name: 'Session Fixation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-385', - name: 'Covert Timing Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-39', - name: "Path Traversal: 'C:dirname'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-391', - name: 'Unchecked Error Condition', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-393', - name: 'Return of Wrong Status Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-410', - name: 'Insufficient Resource Pool', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-413', - name: 'Improper Resource Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-414', - name: 'Missing Lock Check', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-416', - name: 'Use After Free', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-419', - name: 'Unprotected Primary Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-420', - name: 'Unprotected Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-423', - name: 'DEPRECATED: Proxied Trusted Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-426', - name: 'Untrusted Search Path', - status: 'Stable', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-428', - name: 'Unquoted Search Path or Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-431', - name: 'Missing Handler', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-436', - name: 'Interpretation Conflict', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-440', - name: 'Expected Behavior Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-443', - name: 'DEPRECATED: HTTP response splitting', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-448', - name: 'Obsolete Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-457', - name: 'Use of Uninitialized Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-459', - name: 'Incomplete Cleanup', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-468', - name: 'Incorrect Pointer Scaling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-476', - name: 'NULL Pointer Dereference', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-477', - name: 'Use of Obsolete Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-478', - name: 'Missing Default Case in Multiple Condition Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-480', - name: 'Use of Incorrect Operator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-481', - name: 'Assigning instead of Comparing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-482', - name: 'Comparing instead of Assigning', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-483', - name: 'Incorrect Block Delimitation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-486', - name: 'Comparison of Classes by Name', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-489', - name: 'Active Debug Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-501', - name: 'Trust Boundary Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-506', - name: 'Embedded Malicious Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-507', - name: 'Trojan Horse', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-511', - name: 'Logic/Time Bomb', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-514', - name: 'Covert Channel', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-515', - name: 'Covert Storage Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-516', - name: 'DEPRECATED: Covert Timing Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-521', - name: 'Weak Password Requirements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-526', - name: 'Cleartext Storage of Sensitive Information in an Environment Variable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-546', - name: 'Suspicious Comment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-549', - name: 'Missing Password Field Masking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-564', - name: 'SQL Injection: Hibernate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-570', - name: 'Expression is Always False', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-571', - name: 'Expression is Always True', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-584', - name: 'Return Inside Finally Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-585', - name: 'Empty Synchronized Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-586', - name: 'Explicit Call to Finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-589', - name: 'Call to Non-ubiquitous API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-600', - name: 'Uncaught Exception in Servlet', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-605', - name: 'Multiple Binds to the Same Port', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-609', - name: 'Double-Checked Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-617', - name: 'Reachable Assertion', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-62', - name: 'UNIX Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-620', - name: 'Unverified Password Change', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-621', - name: 'Variable Extraction Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-625', - name: 'Permissive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-638', - name: 'Not Using Complete Mediation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-65', - name: 'Windows Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-653', - name: 'Improper Isolation or Compartmentalization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-662', - name: 'Improper Synchronization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-665', - name: 'Improper Initialization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-667', - name: 'Improper Locking', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-674', - name: 'Uncontrolled Recursion', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-675', - name: 'Multiple Operations on Resource in Single-Operation Context', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-682', - name: 'Incorrect Calculation', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-693', - name: 'Protection Mechanism Failure', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-696', - name: 'Incorrect Behavior Order', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-697', - name: 'Incorrect Comparison', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-707', - name: 'Improper Neutralization', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-756', - name: 'Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-778', - name: 'Insufficient Logging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-779', - name: 'Logging of Excessive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-783', - name: 'Operator Precedence Logic Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-787', - name: 'Out-of-bounds Write', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-804', - name: 'Guessable CAPTCHA', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-820', - name: 'Missing Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-821', - name: 'Incorrect Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-834', - name: 'Excessive Iteration', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-862', - name: 'Missing Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-863', - name: 'Incorrect Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-912', - name: 'Hidden Functionality', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Security Policy with Untrusted Domains', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.19.1.js b/csaf-validator-lib/lib/cwec/4.19.1.js deleted file mode 100644 index 51fb9d4..0000000 --- a/csaf-validator-lib/lib/cwec/4.19.1.js +++ /dev/null @@ -1,5794 +0,0 @@ -export default { - date: '2026-01-21', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1039', - name: 'Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1041', - name: 'Use of Redundant Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1059', - name: 'Insufficient Technical Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1069', - name: 'Empty Exception Block', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-107', - name: 'Struts: Unused Validation Form', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1071', - name: 'Empty Code Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-109', - name: 'Struts: Validator Turned Off', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-111', - name: 'Direct Use of Unsafe JNI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1116', - name: 'Inaccurate Source Code Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-112', - name: 'Missing XML Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1120', - name: 'Excessive Code Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1124', - name: 'Excessively Deep Nesting', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1125', - name: 'Excessive Attack Surface', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-114', - name: 'Process Control', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-115', - name: 'Misinterpretation of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1164', - name: 'Irrelevant Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1177', - name: 'Use of Prohibited Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1188', - name: 'Initialization of a Resource with an Insecure Default', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1191', - name: 'On-Chip Debug and Test Interface With Improper Access Control', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1192', - name: 'Improper Identifier for IP Block used in System-On-Chip (SOC)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-121', - name: 'Stack-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-122', - name: 'Heap-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-123', - name: 'Write-what-where Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1231', - name: 'Improper Prevention of Lock Bit Modification', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1233', - name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1240', - name: 'Use of a Cryptographic Primitive with a Risky Implementation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1244', - name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1247', - name: 'Improper Protection Against Voltage and Clock Glitches', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-125', - name: 'Out-of-bounds Read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1256', - name: 'Improper Restriction of Software Interfaces to Hardware Features', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-126', - name: 'Buffer Over-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1262', - name: 'Improper Access Control for Register Interface', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1267', - name: 'Policy Uses Obsolete Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-127', - name: 'Buffer Under-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1274', - name: 'Improper Access Control for Volatile Memory Containing Boot Code', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1277', - name: 'Firmware Not Updateable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-128', - name: 'Wrap-around Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1300', - name: 'Improper Protection of Physical Side Channels', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1302', - name: 'Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1317', - name: 'Improper Access Control in Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-132', - name: 'DEPRECATED: Miscalculated Null Termination', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Outbound Error Messages and Alert Signals', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1324', - name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1332', - name: 'Improper Handling of Faults that Lead to Instruction Skips', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1335', - name: 'Incorrect Bitwise Shift of Integer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1341', - name: 'Multiple Releases of Same Resource or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1342', - name: 'Information Exposure through Microarchitectural State after Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1357', - name: 'Reliance on Insufficiently Trustworthy Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-1384', - name: 'Improper Handling of Physical or Environmental Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1385', - name: 'Missing Origin Validation in WebSockets', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1386', - name: 'Insecure Operation on Windows Junction / Mount Point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1389', - name: 'Incorrect Parsing of Numbers with Different Radices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1390', - name: 'Weak Authentication', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1391', - name: 'Use of Weak Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1392', - name: 'Use of Default Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1393', - name: 'Use of Default Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1394', - name: 'Use of Default Cryptographic Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1395', - name: 'Dependency on Vulnerable Third-Party Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1419', - name: 'Incorrect Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1420', - name: 'Exposure of Sensitive Information during Transient Execution', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1421', - name: 'Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1422', - name: 'Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1423', - name: 'Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1426', - name: 'Improper Validation of Generative AI Output', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-1427', - name: 'Improper Neutralization of Input Used for LLM Prompting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1428', - name: 'Reliance on HTTP instead of HTTPS', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1429', - name: 'Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1431', - name: 'Driving Intermediate Cryptographic State/Results to Hardware Module Outputs', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1434', - name: 'Insecure Setting of Generative AI/ML Model Inference Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-170', - name: 'Improper Null Termination', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-172', - name: 'Encoding Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-185', - name: 'Incorrect Regular Expression', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-187', - name: 'Partial String Comparison', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-188', - name: 'Reliance on Data/Memory Layout', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-192', - name: 'Integer Coercion Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-193', - name: 'Off-by-one Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-194', - name: 'Unexpected Sign Extension', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-197', - name: 'Numeric Truncation Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-198', - name: 'Use of Incorrect Byte Ordering', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-20', - name: 'Improper Input Validation', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-203', - name: 'Observable Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-23', - name: 'Relative Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-248', - name: 'Uncaught Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-252', - name: 'Unchecked Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-259', - name: 'Use of Hard-coded Password', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-261', - name: 'Weak Encoding for Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-262', - name: 'Not Using Password Aging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-266', - name: 'Incorrect Privilege Assignment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-268', - name: 'Privilege Chaining', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-272', - name: 'Least Privilege Violation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-276', - name: 'Incorrect Default Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-277', - name: 'Insecure Inherited Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-282', - name: 'Improper Ownership Management', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-283', - name: 'Unverified Ownership', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-284', - name: 'Improper Access Control', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-285', - name: 'Improper Authorization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-286', - name: 'Incorrect User Management', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-287', - name: 'Improper Authentication', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-292', - name: 'DEPRECATED: Trusting Self-reported DNS Name', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-325', - name: 'Missing Cryptographic Step', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-326', - name: 'Inadequate Encryption Strength', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-328', - name: 'Use of Weak Hash', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-329', - name: 'Generation of Predictable IV with CBC Mode', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-331', - name: 'Insufficient Entropy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-332', - name: 'Insufficient Entropy in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-334', - name: 'Small Space of Random Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-339', - name: 'Small Seed Space in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-34', - name: "Path Traversal: '....//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-346', - name: 'Origin Validation Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-348', - name: 'Use of Less Trusted Source', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-35', - name: "Path Traversal: '.../...//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-351', - name: 'Insufficient Type Distinction', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-36', - name: 'Absolute Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-360', - name: 'Trust of System Event Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-365', - name: 'DEPRECATED: Race Condition in Switch', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-366', - name: 'Race Condition within a Thread', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-369', - name: 'Divide By Zero', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-377', - name: 'Insecure Temporary File', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-384', - name: 'Session Fixation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-385', - name: 'Covert Timing Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-39', - name: "Path Traversal: 'C:dirname'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-391', - name: 'Unchecked Error Condition', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-393', - name: 'Return of Wrong Status Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-410', - name: 'Insufficient Resource Pool', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-413', - name: 'Improper Resource Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-414', - name: 'Missing Lock Check', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-416', - name: 'Use After Free', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-419', - name: 'Unprotected Primary Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-420', - name: 'Unprotected Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-423', - name: 'DEPRECATED: Proxied Trusted Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-426', - name: 'Untrusted Search Path', - status: 'Stable', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-428', - name: 'Unquoted Search Path or Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-431', - name: 'Missing Handler', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-436', - name: 'Interpretation Conflict', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-440', - name: 'Expected Behavior Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-443', - name: 'DEPRECATED: HTTP response splitting', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-448', - name: 'Obsolete Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-457', - name: 'Use of Uninitialized Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-459', - name: 'Incomplete Cleanup', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-468', - name: 'Incorrect Pointer Scaling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-476', - name: 'NULL Pointer Dereference', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-477', - name: 'Use of Obsolete Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-478', - name: 'Missing Default Case in Multiple Condition Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-480', - name: 'Use of Incorrect Operator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-481', - name: 'Assigning instead of Comparing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-482', - name: 'Comparing instead of Assigning', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-483', - name: 'Incorrect Block Delimitation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-486', - name: 'Comparison of Classes by Name', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-489', - name: 'Active Debug Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-501', - name: 'Trust Boundary Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-506', - name: 'Embedded Malicious Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-507', - name: 'Trojan Horse', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-511', - name: 'Logic/Time Bomb', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-514', - name: 'Covert Channel', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-515', - name: 'Covert Storage Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-516', - name: 'DEPRECATED: Covert Timing Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-521', - name: 'Weak Password Requirements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-526', - name: 'Cleartext Storage of Sensitive Information in an Environment Variable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-546', - name: 'Suspicious Comment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-549', - name: 'Missing Password Field Masking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-564', - name: 'SQL Injection: Hibernate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-570', - name: 'Expression is Always False', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-571', - name: 'Expression is Always True', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-584', - name: 'Return Inside Finally Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-585', - name: 'Empty Synchronized Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-586', - name: 'Explicit Call to Finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-589', - name: 'Call to Non-ubiquitous API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-600', - name: 'Uncaught Exception in Servlet', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-605', - name: 'Multiple Binds to the Same Port', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-609', - name: 'Double-Checked Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-617', - name: 'Reachable Assertion', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-62', - name: 'UNIX Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-620', - name: 'Unverified Password Change', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-621', - name: 'Variable Extraction Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-625', - name: 'Permissive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-638', - name: 'Not Using Complete Mediation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-65', - name: 'Windows Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-653', - name: 'Improper Isolation or Compartmentalization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-662', - name: 'Improper Synchronization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-665', - name: 'Improper Initialization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-667', - name: 'Improper Locking', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-674', - name: 'Uncontrolled Recursion', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-675', - name: 'Multiple Operations on Resource in Single-Operation Context', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-682', - name: 'Incorrect Calculation', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-693', - name: 'Protection Mechanism Failure', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-696', - name: 'Incorrect Behavior Order', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-697', - name: 'Incorrect Comparison', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-707', - name: 'Improper Neutralization', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-756', - name: 'Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-778', - name: 'Insufficient Logging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-779', - name: 'Logging of Excessive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-783', - name: 'Operator Precedence Logic Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-787', - name: 'Out-of-bounds Write', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-804', - name: 'Guessable CAPTCHA', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-820', - name: 'Missing Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-821', - name: 'Incorrect Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-834', - name: 'Excessive Iteration', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-862', - name: 'Missing Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-863', - name: 'Incorrect Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-912', - name: 'Hidden Functionality', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Security Policy with Untrusted Domains', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.19.js b/csaf-validator-lib/lib/cwec/4.19.js deleted file mode 100644 index c4a60a3..0000000 --- a/csaf-validator-lib/lib/cwec/4.19.js +++ /dev/null @@ -1,5794 +0,0 @@ -export default { - date: '2025-12-11', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1039', - name: 'Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1041', - name: 'Use of Redundant Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1059', - name: 'Insufficient Technical Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1069', - name: 'Empty Exception Block', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-107', - name: 'Struts: Unused Validation Form', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1071', - name: 'Empty Code Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-109', - name: 'Struts: Validator Turned Off', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-111', - name: 'Direct Use of Unsafe JNI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1116', - name: 'Inaccurate Source Code Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-112', - name: 'Missing XML Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1120', - name: 'Excessive Code Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1124', - name: 'Excessively Deep Nesting', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1125', - name: 'Excessive Attack Surface', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-114', - name: 'Process Control', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-115', - name: 'Misinterpretation of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1164', - name: 'Irrelevant Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1177', - name: 'Use of Prohibited Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1188', - name: 'Initialization of a Resource with an Insecure Default', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1191', - name: 'On-Chip Debug and Test Interface With Improper Access Control', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1192', - name: 'Improper Identifier for IP Block used in System-On-Chip (SOC)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-121', - name: 'Stack-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-122', - name: 'Heap-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-123', - name: 'Write-what-where Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1231', - name: 'Improper Prevention of Lock Bit Modification', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1233', - name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1240', - name: 'Use of a Cryptographic Primitive with a Risky Implementation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1244', - name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1247', - name: 'Improper Protection Against Voltage and Clock Glitches', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-125', - name: 'Out-of-bounds Read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1256', - name: 'Improper Restriction of Software Interfaces to Hardware Features', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-126', - name: 'Buffer Over-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1262', - name: 'Improper Access Control for Register Interface', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1267', - name: 'Policy Uses Obsolete Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-127', - name: 'Buffer Under-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1274', - name: 'Improper Access Control for Volatile Memory Containing Boot Code', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1277', - name: 'Firmware Not Updateable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-128', - name: 'Wrap-around Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1300', - name: 'Improper Protection of Physical Side Channels', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1302', - name: 'Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1317', - name: 'Improper Access Control in Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-132', - name: 'DEPRECATED: Miscalculated Null Termination', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Outbound Error Messages and Alert Signals', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1324', - name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1332', - name: 'Improper Handling of Faults that Lead to Instruction Skips', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1335', - name: 'Incorrect Bitwise Shift of Integer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1341', - name: 'Multiple Releases of Same Resource or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1342', - name: 'Information Exposure through Microarchitectural State after Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1357', - name: 'Reliance on Insufficiently Trustworthy Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-1384', - name: 'Improper Handling of Physical or Environmental Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1385', - name: 'Missing Origin Validation in WebSockets', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1386', - name: 'Insecure Operation on Windows Junction / Mount Point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1389', - name: 'Incorrect Parsing of Numbers with Different Radices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1390', - name: 'Weak Authentication', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1391', - name: 'Use of Weak Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1392', - name: 'Use of Default Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1393', - name: 'Use of Default Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1394', - name: 'Use of Default Cryptographic Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1395', - name: 'Dependency on Vulnerable Third-Party Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1419', - name: 'Incorrect Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1420', - name: 'Exposure of Sensitive Information during Transient Execution', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1421', - name: 'Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1422', - name: 'Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1423', - name: 'Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1426', - name: 'Improper Validation of Generative AI Output', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-1427', - name: 'Improper Neutralization of Input Used for LLM Prompting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1428', - name: 'Reliance on HTTP instead of HTTPS', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1429', - name: 'Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1431', - name: 'Driving Intermediate Cryptographic State/Results to Hardware Module Outputs', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1434', - name: 'Insecure Setting of Generative AI/ML Model Inference Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-170', - name: 'Improper Null Termination', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-172', - name: 'Encoding Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-185', - name: 'Incorrect Regular Expression', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-187', - name: 'Partial String Comparison', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-188', - name: 'Reliance on Data/Memory Layout', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-192', - name: 'Integer Coercion Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-193', - name: 'Off-by-one Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-194', - name: 'Unexpected Sign Extension', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-197', - name: 'Numeric Truncation Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-198', - name: 'Use of Incorrect Byte Ordering', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-20', - name: 'Improper Input Validation', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-203', - name: 'Observable Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-23', - name: 'Relative Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-248', - name: 'Uncaught Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-252', - name: 'Unchecked Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-259', - name: 'Use of Hard-coded Password', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-261', - name: 'Weak Encoding for Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-262', - name: 'Not Using Password Aging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-266', - name: 'Incorrect Privilege Assignment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-268', - name: 'Privilege Chaining', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-272', - name: 'Least Privilege Violation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-276', - name: 'Incorrect Default Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-277', - name: 'Insecure Inherited Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-282', - name: 'Improper Ownership Management', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-283', - name: 'Unverified Ownership', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-284', - name: 'Improper Access Control', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-285', - name: 'Improper Authorization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-286', - name: 'Incorrect User Management', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-287', - name: 'Improper Authentication', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-292', - name: 'DEPRECATED: Trusting Self-reported DNS Name', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-325', - name: 'Missing Cryptographic Step', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-326', - name: 'Inadequate Encryption Strength', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-328', - name: 'Use of Weak Hash', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-329', - name: 'Generation of Predictable IV with CBC Mode', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-331', - name: 'Insufficient Entropy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-332', - name: 'Insufficient Entropy in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-334', - name: 'Small Space of Random Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-339', - name: 'Small Seed Space in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-34', - name: "Path Traversal: '....//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-346', - name: 'Origin Validation Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-348', - name: 'Use of Less Trusted Source', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-35', - name: "Path Traversal: '.../...//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-351', - name: 'Insufficient Type Distinction', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-36', - name: 'Absolute Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-360', - name: 'Trust of System Event Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-365', - name: 'DEPRECATED: Race Condition in Switch', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-366', - name: 'Race Condition within a Thread', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-369', - name: 'Divide By Zero', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-377', - name: 'Insecure Temporary File', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-384', - name: 'Session Fixation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-385', - name: 'Covert Timing Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-39', - name: "Path Traversal: 'C:dirname'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-391', - name: 'Unchecked Error Condition', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-393', - name: 'Return of Wrong Status Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-410', - name: 'Insufficient Resource Pool', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-413', - name: 'Improper Resource Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-414', - name: 'Missing Lock Check', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-416', - name: 'Use After Free', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-419', - name: 'Unprotected Primary Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-420', - name: 'Unprotected Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-423', - name: 'DEPRECATED: Proxied Trusted Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-426', - name: 'Untrusted Search Path', - status: 'Stable', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-428', - name: 'Unquoted Search Path or Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-431', - name: 'Missing Handler', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-436', - name: 'Interpretation Conflict', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-440', - name: 'Expected Behavior Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-443', - name: 'DEPRECATED: HTTP response splitting', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-448', - name: 'Obsolete Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-457', - name: 'Use of Uninitialized Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-459', - name: 'Incomplete Cleanup', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-468', - name: 'Incorrect Pointer Scaling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-476', - name: 'NULL Pointer Dereference', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-477', - name: 'Use of Obsolete Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-478', - name: 'Missing Default Case in Multiple Condition Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-480', - name: 'Use of Incorrect Operator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-481', - name: 'Assigning instead of Comparing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-482', - name: 'Comparing instead of Assigning', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-483', - name: 'Incorrect Block Delimitation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-486', - name: 'Comparison of Classes by Name', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-489', - name: 'Active Debug Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-501', - name: 'Trust Boundary Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-506', - name: 'Embedded Malicious Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-507', - name: 'Trojan Horse', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-511', - name: 'Logic/Time Bomb', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-514', - name: 'Covert Channel', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-515', - name: 'Covert Storage Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-516', - name: 'DEPRECATED: Covert Timing Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-521', - name: 'Weak Password Requirements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-526', - name: 'Cleartext Storage of Sensitive Information in an Environment Variable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-546', - name: 'Suspicious Comment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-549', - name: 'Missing Password Field Masking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-564', - name: 'SQL Injection: Hibernate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-570', - name: 'Expression is Always False', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-571', - name: 'Expression is Always True', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-584', - name: 'Return Inside Finally Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-585', - name: 'Empty Synchronized Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-586', - name: 'Explicit Call to Finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-589', - name: 'Call to Non-ubiquitous API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-600', - name: 'Uncaught Exception in Servlet', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-605', - name: 'Multiple Binds to the Same Port', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-609', - name: 'Double-Checked Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-617', - name: 'Reachable Assertion', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-62', - name: 'UNIX Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-620', - name: 'Unverified Password Change', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-621', - name: 'Variable Extraction Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-625', - name: 'Permissive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-638', - name: 'Not Using Complete Mediation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-65', - name: 'Windows Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-653', - name: 'Improper Isolation or Compartmentalization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-662', - name: 'Improper Synchronization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-665', - name: 'Improper Initialization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-667', - name: 'Improper Locking', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-674', - name: 'Uncontrolled Recursion', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-675', - name: 'Multiple Operations on Resource in Single-Operation Context', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-682', - name: 'Incorrect Calculation', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-693', - name: 'Protection Mechanism Failure', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-696', - name: 'Incorrect Behavior Order', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-697', - name: 'Incorrect Comparison', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-707', - name: 'Improper Neutralization', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-756', - name: 'Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-778', - name: 'Insufficient Logging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-779', - name: 'Logging of Excessive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-783', - name: 'Operator Precedence Logic Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-787', - name: 'Out-of-bounds Write', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-804', - name: 'Guessable CAPTCHA', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-820', - name: 'Missing Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-821', - name: 'Incorrect Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-834', - name: 'Excessive Iteration', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-862', - name: 'Missing Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-863', - name: 'Incorrect Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-912', - name: 'Hidden Functionality', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Security Policy with Untrusted Domains', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.2.js b/csaf-validator-lib/lib/cwec/4.2.js deleted file mode 100644 index 04885e2..0000000 --- a/csaf-validator-lib/lib/cwec/4.2.js +++ /dev/null @@ -1,3951 +0,0 @@ -export default { - date: '2020-08-20', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - }, - { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - }, - { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - }, - { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - }, - { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - }, - { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, - { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - }, - { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - }, - { - id: 'CWE-1188', - name: 'Insecure Default Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Draft', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - }, - { - id: 'CWE-1191', - name: 'Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization', - status: 'Draft', - }, - { - id: 'CWE-1192', - name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - }, - { - id: 'CWE-1231', - name: 'Improper Implementation of Lock Protection Registers', - status: 'Incomplete', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - }, - { - id: 'CWE-1233', - name: 'Improper Hardware Lock Protection for Security Sensitive Controls', - status: 'Incomplete', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1240', - name: 'Use of a Risky Cryptographic Primitive', - status: 'Draft', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - }, - { - id: 'CWE-1244', - name: 'Improper Access to Sensitive Information Using Debug and Test Interfaces', - status: 'Incomplete', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - }, - { - id: 'CWE-1247', - name: 'Missing or Improperly Implemented Protection Against Voltage and Clock Glitches', - status: 'Incomplete', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - }, - { - id: 'CWE-1256', - name: 'Hardware Features Enable Physical Attacks from Software', - status: 'Incomplete', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Draft', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - }, - { - id: 'CWE-1262', - name: 'Register Interface Allows Software Access to Sensitive Data or Security Settings', - status: 'Incomplete', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - }, - { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - }, - { - id: 'CWE-1271', - name: 'Unitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Incomplete', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - }, - { - id: 'CWE-1274', - name: 'Insufficient Protections on the Volatile Memory Containing Boot Code', - status: 'Incomplete', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - }, - { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Incomplete' }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior (Halt and Catch Fire)', - status: 'Incomplete', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-1300', - name: 'Improper Protection Against Physical Side Channels', - status: 'Incomplete', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - }, - { - id: 'CWE-1302', - name: 'Missing Security Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - }, - { - id: 'CWE-203', - name: 'Observable Differences in Behavior to Error Inputs', - status: 'Incomplete', - }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Unprotected Storage of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Exposure of Sensitive Information Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Policy with Untrusted Domains', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.20.js b/csaf-validator-lib/lib/cwec/4.20.js deleted file mode 100644 index 32359a2..0000000 --- a/csaf-validator-lib/lib/cwec/4.20.js +++ /dev/null @@ -1,5794 +0,0 @@ -export default { - date: '2026-04-30', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1039', - name: 'Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1041', - name: 'Use of Redundant Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1059', - name: 'Insufficient Technical Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1069', - name: 'Empty Exception Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-107', - name: 'Struts: Unused Validation Form', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1071', - name: 'Empty Code Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-109', - name: 'Struts: Validator Turned Off', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-111', - name: 'Direct Use of Unsafe JNI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1116', - name: 'Inaccurate Source Code Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-112', - name: 'Missing XML Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1120', - name: 'Excessive Code Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1124', - name: 'Excessively Deep Nesting', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1125', - name: 'Excessive Attack Surface', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-114', - name: 'Process Control', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-115', - name: 'Misinterpretation of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1164', - name: 'Irrelevant Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1177', - name: 'Use of Prohibited Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1188', - name: 'Initialization of a Resource with an Insecure Default', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1191', - name: 'On-Chip Debug and Test Interface With Improper Access Control', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1192', - name: 'Improper Identifier for IP Block used in System-On-Chip (SOC)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-121', - name: 'Stack-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-122', - name: 'Heap-based Buffer Overflow', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-123', - name: 'Write-what-where Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1231', - name: 'Improper Prevention of Lock Bit Modification', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1233', - name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1240', - name: 'Use of a Cryptographic Primitive with a Risky Implementation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1244', - name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1247', - name: 'Improper Protection Against Voltage and Clock Glitches', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-125', - name: 'Out-of-bounds Read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1256', - name: 'Improper Restriction of Software Interfaces to Hardware Features', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-126', - name: 'Buffer Over-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1262', - name: 'Improper Access Control for Register Interface', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1267', - name: 'Policy Uses Obsolete Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-127', - name: 'Buffer Under-read', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1274', - name: 'Improper Access Control for Volatile Memory Containing Boot Code', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1277', - name: 'Firmware Not Updateable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-128', - name: 'Wrap-around Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1300', - name: 'Improper Protection of Physical Side Channels', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1302', - name: 'Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1317', - name: 'Improper Access Control in Fabric Bridge', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-132', - name: 'DEPRECATED: Miscalculated Null Termination', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Outbound Error Messages and Alert Signals', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1324', - name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1332', - name: 'Improper Handling of Faults that Lead to Instruction Skips', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1335', - name: 'Incorrect Bitwise Shift of Integer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1341', - name: 'Multiple Releases of Same Resource or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1342', - name: 'Information Exposure through Microarchitectural State after Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1357', - name: 'Reliance on Insufficiently Trustworthy Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-1384', - name: 'Improper Handling of Physical or Environmental Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1385', - name: 'Missing Origin Validation in WebSockets', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1386', - name: 'Insecure Operation on Windows Junction / Mount Point', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1389', - name: 'Incorrect Parsing of Numbers with Different Radices', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1390', - name: 'Weak Authentication', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1391', - name: 'Use of Weak Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1392', - name: 'Use of Default Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1393', - name: 'Use of Default Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1394', - name: 'Use of Default Cryptographic Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1395', - name: 'Dependency on Vulnerable Third-Party Component', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1419', - name: 'Incorrect Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1420', - name: 'Exposure of Sensitive Information during Transient Execution', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-1421', - name: 'Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1422', - name: 'Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1423', - name: 'Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1426', - name: 'Improper Validation of Generative AI Output', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-1427', - name: 'Improper Neutralization of Input Used for LLM Prompting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1428', - name: 'Reliance on HTTP instead of HTTPS', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1429', - name: 'Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-1431', - name: 'Driving Intermediate Cryptographic State/Results to Hardware Module Outputs', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-1434', - name: 'Insecure Setting of Generative AI/ML Model Inference Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-170', - name: 'Improper Null Termination', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-172', - name: 'Encoding Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-185', - name: 'Incorrect Regular Expression', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-187', - name: 'Partial String Comparison', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-188', - name: 'Reliance on Data/Memory Layout', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-190', - name: 'Integer Overflow or Wraparound', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-192', - name: 'Integer Coercion Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-193', - name: 'Off-by-one Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-194', - name: 'Unexpected Sign Extension', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-197', - name: 'Numeric Truncation Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-198', - name: 'Use of Incorrect Byte Ordering', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-20', - name: 'Improper Input Validation', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-203', - name: 'Observable Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-23', - name: 'Relative Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-248', - name: 'Uncaught Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-252', - name: 'Unchecked Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-259', - name: 'Use of Hard-coded Password', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-261', - name: 'Weak Encoding for Password', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-262', - name: 'Not Using Password Aging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-266', - name: 'Incorrect Privilege Assignment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-268', - name: 'Privilege Chaining', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-269', - name: 'Improper Privilege Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-272', - name: 'Least Privilege Violation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-276', - name: 'Incorrect Default Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-277', - name: 'Insecure Inherited Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-282', - name: 'Improper Ownership Management', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-283', - name: 'Unverified Ownership', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-284', - name: 'Improper Access Control', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-285', - name: 'Improper Authorization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-286', - name: 'Incorrect User Management', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-287', - name: 'Improper Authentication', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-292', - name: 'DEPRECATED: Trusting Self-reported DNS Name', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-295', - name: 'Improper Certificate Validation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-325', - name: 'Missing Cryptographic Step', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-326', - name: 'Inadequate Encryption Strength', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-328', - name: 'Use of Weak Hash', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-329', - name: 'Generation of Predictable IV with CBC Mode', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - usage: 'Discouraged', - }, - { - id: 'CWE-331', - name: 'Insufficient Entropy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-332', - name: 'Insufficient Entropy in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-334', - name: 'Small Space of Random Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-339', - name: 'Small Seed Space in PRNG', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-34', - name: "Path Traversal: '....//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-346', - name: 'Origin Validation Error', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-348', - name: 'Use of Less Trusted Source', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-35', - name: "Path Traversal: '.../...//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-351', - name: 'Insufficient Type Distinction', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-36', - name: 'Absolute Path Traversal', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-360', - name: 'Trust of System Event Data', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-365', - name: 'DEPRECATED: Race Condition in Switch', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-366', - name: 'Race Condition within a Thread', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-369', - name: 'Divide By Zero', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-377', - name: 'Insecure Temporary File', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-384', - name: 'Session Fixation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-385', - name: 'Covert Timing Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-39', - name: "Path Traversal: 'C:dirname'", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-391', - name: 'Unchecked Error Condition', - status: 'Incomplete', - usage: 'Prohibited', - }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-393', - name: 'Return of Wrong Status Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-410', - name: 'Insufficient Resource Pool', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-413', - name: 'Improper Resource Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-414', - name: 'Missing Lock Check', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-416', - name: 'Use After Free', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-419', - name: 'Unprotected Primary Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-420', - name: 'Unprotected Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-423', - name: 'DEPRECATED: Proxied Trusted Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-426', - name: 'Untrusted Search Path', - status: 'Stable', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-428', - name: 'Unquoted Search Path or Element', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-431', - name: 'Missing Handler', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-436', - name: 'Interpretation Conflict', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-440', - name: 'Expected Behavior Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-443', - name: 'DEPRECATED: HTTP response splitting', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-448', - name: 'Obsolete Feature in UI', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-457', - name: 'Use of Uninitialized Variable', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-459', - name: 'Incomplete Cleanup', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-468', - name: 'Incorrect Pointer Scaling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-476', - name: 'NULL Pointer Dereference', - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-477', - name: 'Use of Obsolete Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-478', - name: 'Missing Default Case in Multiple Condition Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-480', - name: 'Use of Incorrect Operator', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-481', - name: 'Assigning instead of Comparing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-482', - name: 'Comparing instead of Assigning', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-483', - name: 'Incorrect Block Delimitation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-486', - name: 'Comparison of Classes by Name', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-489', - name: 'Active Debug Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-501', - name: 'Trust Boundary Violation', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-506', - name: 'Embedded Malicious Code', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-507', - name: 'Trojan Horse', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-511', - name: 'Logic/Time Bomb', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-514', - name: 'Covert Channel', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-515', - name: 'Covert Storage Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-516', - name: 'DEPRECATED: Covert Timing Channel', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-521', - name: 'Weak Password Requirements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-526', - name: 'Cleartext Storage of Sensitive Information in an Environment Variable', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-546', - name: 'Suspicious Comment', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-549', - name: 'Missing Password Field Masking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - usage: 'Allowed', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft', usage: 'Allowed' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-564', - name: 'SQL Injection: Hibernate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-570', - name: 'Expression is Always False', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-571', - name: 'Expression is Always True', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-584', - name: 'Return Inside Finally Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-585', - name: 'Empty Synchronized Block', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-586', - name: 'Explicit Call to Finalize()', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-589', - name: 'Call to Non-ubiquitous API', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-598', - name: 'Use of HTTP Request With Sensitive Query String', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-600', - name: 'Uncaught Exception in Servlet', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-605', - name: 'Multiple Binds to the Same Port', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-609', - name: 'Double-Checked Locking', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-617', - name: 'Reachable Assertion', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-62', - name: 'UNIX Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-620', - name: 'Unverified Password Change', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-621', - name: 'Variable Extraction Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-625', - name: 'Permissive Regular Expression', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-638', - name: 'Not Using Complete Mediation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-65', - name: 'Windows Hard Link', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-653', - name: 'Improper Isolation or Compartmentalization', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-662', - name: 'Improper Synchronization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-665', - name: 'Improper Initialization', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-667', - name: 'Improper Locking', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-674', - name: 'Uncontrolled Recursion', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-675', - name: 'Multiple Operations on Resource in Single-Operation Context', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-682', - name: 'Incorrect Calculation', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-693', - name: 'Protection Mechanism Failure', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-696', - name: 'Incorrect Behavior Order', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-697', - name: 'Incorrect Comparison', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-707', - name: 'Improper Neutralization', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - usage: 'Discouraged', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-756', - name: 'Missing Custom Error Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-778', - name: 'Insufficient Logging', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-779', - name: 'Logging of Excessive Data', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-783', - name: 'Operator Precedence Logic Error', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-787', - name: 'Out-of-bounds Write', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-798', - name: 'Use of Hard-coded Credentials', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-804', - name: 'Guessable CAPTCHA', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-820', - name: 'Missing Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-821', - name: 'Incorrect Synchronization', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - usage: 'Allowed', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete', usage: 'Allowed' }, - { - id: 'CWE-834', - name: 'Excessive Iteration', - status: 'Incomplete', - usage: 'Discouraged', - }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-862', - name: 'Missing Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-863', - name: 'Incorrect Authorization', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - usage: 'Allowed', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-912', - name: 'Hidden Functionality', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - usage: 'Prohibited', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Security Policy with Untrusted Domains', - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - usage: 'Allowed-with-Review', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - usage: 'Allowed', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - usage: 'Allowed', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - usage: 'Allowed-with-Review', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.3.js b/csaf-validator-lib/lib/cwec/4.3.js deleted file mode 100644 index 955461a..0000000 --- a/csaf-validator-lib/lib/cwec/4.3.js +++ /dev/null @@ -1,4076 +0,0 @@ -export default { - date: '2020-12-10', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - }, - { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - }, - { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - }, - { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - }, - { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - }, - { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, - { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - }, - { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - }, - { - id: 'CWE-1188', - name: 'Insecure Default Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Draft', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - }, - { - id: 'CWE-1191', - name: 'Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization', - status: 'Draft', - }, - { - id: 'CWE-1192', - name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - }, - { - id: 'CWE-1231', - name: 'Improper Implementation of Lock Protection Registers', - status: 'Incomplete', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - }, - { - id: 'CWE-1233', - name: 'Improper Hardware Lock Protection for Security Sensitive Controls', - status: 'Incomplete', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1240', - name: 'Use of a Risky Cryptographic Primitive', - status: 'Draft', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - }, - { - id: 'CWE-1244', - name: 'Improper Access to Sensitive Information Using Debug and Test Interfaces', - status: 'Incomplete', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - }, - { - id: 'CWE-1247', - name: 'Missing or Improperly Implemented Protection Against Voltage and Clock Glitches', - status: 'Incomplete', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - }, - { - id: 'CWE-1256', - name: 'Hardware Features Enable Physical Attacks from Software', - status: 'Incomplete', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Draft', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - }, - { - id: 'CWE-1262', - name: 'Register Interface Allows Software Access to Sensitive Data or Security Settings', - status: 'Incomplete', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - }, - { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - }, - { - id: 'CWE-1271', - name: 'Unitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Incomplete', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - }, - { - id: 'CWE-1274', - name: 'Insufficient Protections on the Volatile Memory Containing Boot Code', - status: 'Incomplete', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - }, - { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Incomplete' }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior (Halt and Catch Fire)', - status: 'Incomplete', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-1300', - name: 'Improper Protection Against Physical Side Channels', - status: 'Incomplete', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - }, - { - id: 'CWE-1302', - name: 'Missing Security Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - }, - { - id: 'CWE-1317', - name: 'Missing Security Checks in Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Out of Bounds Signal Level Alerts', - status: 'Draft', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - }, - { - id: 'CWE-1324', - name: 'Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Draft', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip', - status: 'Draft', - }, - { - id: 'CWE-1332', - name: 'Insufficient Protection Against Instruction Skipping Via Fault Injection', - status: 'Incomplete', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - }, - { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Unprotected Storage of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using a Random IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Exposure of Sensitive Information Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Policy with Untrusted Domains', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.4.js b/csaf-validator-lib/lib/cwec/4.4.js deleted file mode 100644 index dddc7df..0000000 --- a/csaf-validator-lib/lib/cwec/4.4.js +++ /dev/null @@ -1,4086 +0,0 @@ -export default { - date: '2021-03-15', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - }, - { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - }, - { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - }, - { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - }, - { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - }, - { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, - { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - }, - { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - }, - { - id: 'CWE-1188', - name: 'Insecure Default Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Draft', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - }, - { - id: 'CWE-1191', - name: 'Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization', - status: 'Draft', - }, - { - id: 'CWE-1192', - name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - }, - { - id: 'CWE-1231', - name: 'Improper Implementation of Lock Protection Registers', - status: 'Incomplete', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - }, - { - id: 'CWE-1233', - name: 'Improper Hardware Lock Protection for Security Sensitive Controls', - status: 'Incomplete', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1240', - name: 'Use of a Risky Cryptographic Primitive', - status: 'Draft', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - }, - { - id: 'CWE-1244', - name: 'Improper Access to Sensitive Information Using Debug and Test Interfaces', - status: 'Incomplete', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - }, - { - id: 'CWE-1247', - name: 'Missing or Improperly Implemented Protection Against Voltage and Clock Glitches', - status: 'Incomplete', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - }, - { - id: 'CWE-1256', - name: 'Hardware Features Enable Physical Attacks from Software', - status: 'Incomplete', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Draft', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - }, - { - id: 'CWE-1262', - name: 'Register Interface Allows Software Access to Sensitive Data or Security Settings', - status: 'Incomplete', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - }, - { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Incomplete', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - }, - { - id: 'CWE-1274', - name: 'Insufficient Protections on the Volatile Memory Containing Boot Code', - status: 'Incomplete', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - }, - { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Incomplete' }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior (Halt and Catch Fire)', - status: 'Incomplete', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-1300', - name: 'Improper Protection Against Physical Side Channels', - status: 'Incomplete', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - }, - { - id: 'CWE-1302', - name: 'Missing Security Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - }, - { - id: 'CWE-1317', - name: 'Missing Security Checks in Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - }, - { - id: 'CWE-132', - name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Out of Bounds Signal Level Alerts', - status: 'Draft', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - }, - { - id: 'CWE-1324', - name: 'Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Draft', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip', - status: 'Draft', - }, - { - id: 'CWE-1332', - name: 'Insufficient Protection Against Instruction Skipping Via Fault Injection', - status: 'Incomplete', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - }, - { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED (Duplicate): General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Unprotected Storage of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Not Using an Unpredictable IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED (Duplicate): HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED (Duplicate): Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Exposure of Sensitive Information Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Policy with Untrusted Domains', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.5.js b/csaf-validator-lib/lib/cwec/4.5.js deleted file mode 100644 index e169d72..0000000 --- a/csaf-validator-lib/lib/cwec/4.5.js +++ /dev/null @@ -1,4106 +0,0 @@ -export default { - date: '2021-07-20', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - }, - { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - }, - { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - }, - { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - }, - { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - }, - { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, - { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - }, - { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - }, - { - id: 'CWE-1188', - name: 'Insecure Default Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Draft', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - }, - { - id: 'CWE-1191', - name: 'Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization', - status: 'Draft', - }, - { - id: 'CWE-1192', - name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - }, - { - id: 'CWE-1231', - name: 'Improper Implementation of Lock Protection Registers', - status: 'Incomplete', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - }, - { - id: 'CWE-1233', - name: 'Improper Hardware Lock Protection for Security Sensitive Controls', - status: 'Incomplete', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1240', - name: 'Use of a Risky Cryptographic Primitive', - status: 'Draft', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - }, - { - id: 'CWE-1244', - name: 'Improper Access to Sensitive Information Using Debug and Test Interfaces', - status: 'Incomplete', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - }, - { - id: 'CWE-1247', - name: 'Missing or Improperly Implemented Protection Against Voltage and Clock Glitches', - status: 'Incomplete', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - }, - { - id: 'CWE-1256', - name: 'Hardware Features Enable Physical Attacks from Software', - status: 'Incomplete', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Draft', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - }, - { - id: 'CWE-1262', - name: 'Register Interface Allows Software Access to Sensitive Data or Security Settings', - status: 'Incomplete', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - }, - { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Incomplete', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - }, - { - id: 'CWE-1274', - name: 'Insufficient Protections on the Volatile Memory Containing Boot Code', - status: 'Incomplete', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - }, - { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Incomplete' }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-1300', - name: 'Improper Protection Against Physical Side Channels', - status: 'Incomplete', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - }, - { - id: 'CWE-1302', - name: 'Missing Security Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - }, - { - id: 'CWE-1317', - name: 'Missing Security Checks in Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - }, - { - id: 'CWE-132', - name: 'DEPRECATED: Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Out of Bounds Signal Level Alerts', - status: 'Draft', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - }, - { - id: 'CWE-1324', - name: 'Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Draft', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip', - status: 'Draft', - }, - { - id: 'CWE-1332', - name: 'Insufficient Protection Against Instruction Skipping Via Fault Injection', - status: 'Incomplete', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - }, - { - id: 'CWE-1335', - name: 'Incorrect Bitwise Shift of Integer', - status: 'Draft', - }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - status: 'Incomplete', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - status: 'Draft', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - status: 'Incomplete', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - }, - { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED: Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Generation of Predictable IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED: Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED: HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED: Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Exposure of Sensitive Information Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Insufficient Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Duplicate Operations on Resource', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Policy with Untrusted Domains', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.6.js b/csaf-validator-lib/lib/cwec/4.6.js deleted file mode 100644 index fe87f0b..0000000 --- a/csaf-validator-lib/lib/cwec/4.6.js +++ /dev/null @@ -1,4116 +0,0 @@ -export default { - date: '2021-10-28', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - }, - { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - }, - { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - }, - { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - }, - { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - }, - { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, - { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - }, - { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - }, - { - id: 'CWE-1188', - name: 'Insecure Default Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Stable', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - }, - { - id: 'CWE-1191', - name: 'On-Chip Debug and Test Interface With Improper Access Control', - status: 'Stable', - }, - { - id: 'CWE-1192', - name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - }, - { - id: 'CWE-1231', - name: 'Improper Prevention of Lock Bit Modification', - status: 'Stable', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - }, - { - id: 'CWE-1233', - name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', - status: 'Stable', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1240', - name: 'Use of a Cryptographic Primitive with a Risky Implementation', - status: 'Draft', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - }, - { - id: 'CWE-1244', - name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', - status: 'Stable', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - }, - { - id: 'CWE-1247', - name: 'Improper Protection Against Voltage and Clock Glitches', - status: 'Stable', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - }, - { - id: 'CWE-1256', - name: 'Improper Restriction of Software Interfaces to Hardware Features', - status: 'Stable', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Stable', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - }, - { - id: 'CWE-1262', - name: 'Improper Access Control for Register Interface', - status: 'Stable', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - }, - { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Stable', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - }, - { - id: 'CWE-1274', - name: 'Improper Access Control for Volatile Memory Containing Boot Code', - status: 'Stable', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - }, - { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Draft' }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-1300', - name: 'Improper Protection of Physical Side Channels', - status: 'Stable', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - }, - { - id: 'CWE-1302', - name: 'Missing Security Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - }, - { - id: 'CWE-1317', - name: 'Missing Security Checks in Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - }, - { - id: 'CWE-132', - name: 'DEPRECATED: Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Out of Bounds Signal Level Alerts', - status: 'Draft', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - }, - { - id: 'CWE-1324', - name: 'Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Draft', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', - status: 'Stable', - }, - { - id: 'CWE-1332', - name: 'Improper Handling of Faults that Lead to Instruction Skips', - status: 'Stable', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - }, - { - id: 'CWE-1335', - name: 'Incorrect Bitwise Shift of Integer', - status: 'Draft', - }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - status: 'Incomplete', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - status: 'Draft', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-1341', - name: 'Multiple Releases of Same Resource or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-1342', - name: 'Information Exposure through Microarchitectural State after Transient Execution', - status: 'Incomplete', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - status: 'Incomplete', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - }, - { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED: Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Use of Weak Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Generation of Predictable IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED: Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED: HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED: Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Exposure of Sensitive Information Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Improper Isolation or Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Multiple Operations on Resource in Single-Operation Context', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Policy with Untrusted Domains', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.7.js b/csaf-validator-lib/lib/cwec/4.7.js deleted file mode 100644 index cf8ad79..0000000 --- a/csaf-validator-lib/lib/cwec/4.7.js +++ /dev/null @@ -1,4139 +0,0 @@ -export default { - date: '2022-04-28', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - }, - { - id: 'CWE-1059', - name: 'Insufficient Technical Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - }, - { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - }, - { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - }, - { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - }, - { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, - { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - }, - { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - }, - { - id: 'CWE-1188', - name: 'Insecure Default Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Stable', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - }, - { - id: 'CWE-1191', - name: 'On-Chip Debug and Test Interface With Improper Access Control', - status: 'Stable', - }, - { - id: 'CWE-1192', - name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - }, - { - id: 'CWE-1231', - name: 'Improper Prevention of Lock Bit Modification', - status: 'Stable', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - }, - { - id: 'CWE-1233', - name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', - status: 'Stable', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1240', - name: 'Use of a Cryptographic Primitive with a Risky Implementation', - status: 'Draft', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - }, - { - id: 'CWE-1244', - name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', - status: 'Stable', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - }, - { - id: 'CWE-1247', - name: 'Improper Protection Against Voltage and Clock Glitches', - status: 'Stable', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - }, - { - id: 'CWE-1256', - name: 'Improper Restriction of Software Interfaces to Hardware Features', - status: 'Stable', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Stable', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - }, - { - id: 'CWE-1262', - name: 'Improper Access Control for Register Interface', - status: 'Stable', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - }, - { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Stable', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - }, - { - id: 'CWE-1274', - name: 'Improper Access Control for Volatile Memory Containing Boot Code', - status: 'Stable', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - }, - { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Draft' }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-1300', - name: 'Improper Protection of Physical Side Channels', - status: 'Stable', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - }, - { - id: 'CWE-1302', - name: 'Missing Security Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - }, - { - id: 'CWE-1317', - name: 'Missing Security Checks in Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - }, - { - id: 'CWE-132', - name: 'DEPRECATED: Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Out of Bounds Signal Level Alerts', - status: 'Draft', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - }, - { - id: 'CWE-1324', - name: 'Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Draft', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', - status: 'Stable', - }, - { - id: 'CWE-1332', - name: 'Improper Handling of Faults that Lead to Instruction Skips', - status: 'Stable', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - }, - { - id: 'CWE-1335', - name: 'Incorrect Bitwise Shift of Integer', - status: 'Draft', - }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - status: 'Incomplete', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - status: 'Draft', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-1341', - name: 'Multiple Releases of Same Resource or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-1342', - name: 'Information Exposure through Microarchitectural State after Transient Execution', - status: 'Incomplete', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - status: 'Incomplete', - }, - { - id: 'CWE-1357', - name: 'Reliance on Uncontrolled Component', - status: 'Incomplete', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-1384', - name: 'Improper Handling of Extreme Physical Environment Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-1385', - name: 'Missing Origin Validation in WebSockets', - status: 'Incomplete', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - }, - { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED: Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Use of Weak Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Generation of Predictable IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-365', - name: 'DEPRECATED: Race Condition in Switch', - status: 'Deprecated', - }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED: Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED: HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED: Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Exposure of Sensitive Information Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Improper Isolation or Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Multiple Operations on Resource in Single-Operation Context', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Policy with Untrusted Domains', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.8.js b/csaf-validator-lib/lib/cwec/4.8.js deleted file mode 100644 index 6db59af..0000000 --- a/csaf-validator-lib/lib/cwec/4.8.js +++ /dev/null @@ -1,4144 +0,0 @@ -export default { - date: '2022-06-28', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - }, - { - id: 'CWE-1059', - name: 'Insufficient Technical Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - }, - { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - }, - { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - }, - { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - }, - { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, - { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - }, - { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - }, - { - id: 'CWE-1188', - name: 'Insecure Default Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Stable', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - }, - { - id: 'CWE-1191', - name: 'On-Chip Debug and Test Interface With Improper Access Control', - status: 'Stable', - }, - { - id: 'CWE-1192', - name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - }, - { - id: 'CWE-1231', - name: 'Improper Prevention of Lock Bit Modification', - status: 'Stable', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - }, - { - id: 'CWE-1233', - name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', - status: 'Stable', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1240', - name: 'Use of a Cryptographic Primitive with a Risky Implementation', - status: 'Draft', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - }, - { - id: 'CWE-1244', - name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', - status: 'Stable', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - }, - { - id: 'CWE-1247', - name: 'Improper Protection Against Voltage and Clock Glitches', - status: 'Stable', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - }, - { - id: 'CWE-1256', - name: 'Improper Restriction of Software Interfaces to Hardware Features', - status: 'Stable', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Stable', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - }, - { - id: 'CWE-1262', - name: 'Improper Access Control for Register Interface', - status: 'Stable', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - }, - { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Stable', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - }, - { - id: 'CWE-1274', - name: 'Improper Access Control for Volatile Memory Containing Boot Code', - status: 'Stable', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - }, - { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Draft' }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-1300', - name: 'Improper Protection of Physical Side Channels', - status: 'Stable', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - }, - { - id: 'CWE-1302', - name: 'Missing Security Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - }, - { - id: 'CWE-1317', - name: 'Missing Security Checks in Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - }, - { - id: 'CWE-132', - name: 'DEPRECATED: Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Out of Bounds Signal Level Alerts', - status: 'Draft', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - }, - { - id: 'CWE-1324', - name: 'Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Draft', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', - status: 'Stable', - }, - { - id: 'CWE-1332', - name: 'Improper Handling of Faults that Lead to Instruction Skips', - status: 'Stable', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - }, - { - id: 'CWE-1335', - name: 'Incorrect Bitwise Shift of Integer', - status: 'Draft', - }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - status: 'Incomplete', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - status: 'Draft', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-1341', - name: 'Multiple Releases of Same Resource or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-1342', - name: 'Information Exposure through Microarchitectural State after Transient Execution', - status: 'Incomplete', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - status: 'Incomplete', - }, - { - id: 'CWE-1357', - name: 'Reliance on Uncontrolled Component', - status: 'Incomplete', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-1384', - name: 'Improper Handling of Physical or Environmental Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-1385', - name: 'Missing Origin Validation in WebSockets', - status: 'Incomplete', - }, - { - id: 'CWE-1386', - name: 'Insecure Operation on Windows Junction / Mount Point', - status: 'Incomplete', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - }, - { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED: Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Use of Weak Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Generation of Predictable IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-365', - name: 'DEPRECATED: Race Condition in Switch', - status: 'Deprecated', - }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED: Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED: HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Switch Statement', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED: Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Exposure of Sensitive Information Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Improper Isolation or Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Multiple Operations on Resource in Single-Operation Context', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Policy with Untrusted Domains', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/cwec/4.9.js b/csaf-validator-lib/lib/cwec/4.9.js deleted file mode 100644 index a27e9f9..0000000 --- a/csaf-validator-lib/lib/cwec/4.9.js +++ /dev/null @@ -1,4162 +0,0 @@ -export default { - date: '2022-10-13', - weaknesses: [ - { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - status: 'Incomplete', - }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - status: 'Incomplete', - }, - { - id: 'CWE-102', - name: 'Struts: Duplicate Validation Forms', - status: 'Incomplete', - }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - status: 'Incomplete', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - status: 'Incomplete', - }, - { - id: 'CWE-1023', - name: 'Incomplete Comparison with Missing Factors', - status: 'Incomplete', - }, - { - id: 'CWE-1024', - name: 'Comparison of Incompatible Types', - status: 'Incomplete', - }, - { - id: 'CWE-1025', - name: 'Comparison Using Wrong Factors', - status: 'Incomplete', - }, - { - id: 'CWE-103', - name: 'Struts: Incomplete validate() Method Definition', - status: 'Draft', - }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-1038', - name: 'Insecure Automated Optimizations', - status: 'Draft', - }, - { - id: 'CWE-1039', - name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', - status: 'Incomplete', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - status: 'Draft', - }, - { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - status: 'Incomplete', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - status: 'Incomplete', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - status: 'Incomplete', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - status: 'Incomplete', - }, - { - id: 'CWE-1047', - name: 'Modules with Circular Dependencies', - status: 'Incomplete', - }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - status: 'Incomplete', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - status: 'Incomplete', - }, - { - id: 'CWE-105', - name: 'Struts: Form Field Without Validator', - status: 'Draft', - }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - status: 'Incomplete', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - status: 'Incomplete', - }, - { - id: 'CWE-1053', - name: 'Missing Documentation for Design', - status: 'Incomplete', - }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - status: 'Incomplete', - }, - { - id: 'CWE-1055', - name: 'Multiple Inheritance from Concrete Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - status: 'Incomplete', - }, - { - id: 'CWE-1059', - name: 'Insufficient Technical Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-106', - name: 'Struts: Plug-in Framework not in Use', - status: 'Draft', - }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1061', - name: 'Insufficient Encapsulation', - status: 'Incomplete', - }, - { - id: 'CWE-1062', - name: 'Parent Class with References to Child Class', - status: 'Incomplete', - }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - status: 'Incomplete', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - status: 'Incomplete', - }, - { - id: 'CWE-1066', - name: 'Missing Serialization Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - status: 'Incomplete', - }, - { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - status: 'Incomplete', - }, - { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - status: 'Incomplete', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - status: 'Incomplete', - }, - { - id: 'CWE-1074', - name: 'Class with Excessively Deep Inheritance', - status: 'Incomplete', - }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - status: 'Incomplete', - }, - { - id: 'CWE-1076', - name: 'Insufficient Adherence to Expected Conventions', - status: 'Incomplete', - }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - status: 'Incomplete', - }, - { - id: 'CWE-1078', - name: 'Inappropriate Source Code Style or Formatting', - status: 'Incomplete', - }, - { - id: 'CWE-1079', - name: 'Parent Class without Virtual Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-108', - name: 'Struts: Unvalidated Action Form', - status: 'Incomplete', - }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - status: 'Incomplete', - }, - { - id: 'CWE-1082', - name: 'Class Instance Self Destruction Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - status: 'Incomplete', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - status: 'Incomplete', - }, - { - id: 'CWE-1086', - name: 'Class with Excessive Number of Child Classes', - status: 'Incomplete', - }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - status: 'Incomplete', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - status: 'Incomplete', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - status: 'Incomplete', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - status: 'Incomplete', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - status: 'Incomplete', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - status: 'Incomplete', - }, - { - id: 'CWE-1093', - name: 'Excessively Complex Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1094', - name: 'Excessive Index Range Scan for a Data Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1095', - name: 'Loop Condition Value Update within the Loop', - status: 'Incomplete', - }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - status: 'Incomplete', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - status: 'Incomplete', - }, - { - id: 'CWE-1099', - name: 'Inconsistent Naming Conventions for Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-11', - name: 'ASP.NET Misconfiguration: Creating Debug Binary', - status: 'Draft', - }, - { - id: 'CWE-110', - name: 'Struts: Validator Without Form Field', - status: 'Draft', - }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - status: 'Incomplete', - }, - { - id: 'CWE-1101', - name: 'Reliance on Runtime Component in Generated Code', - status: 'Incomplete', - }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - status: 'Incomplete', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1104', - name: 'Use of Unmaintained Third Party Components', - status: 'Incomplete', - }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - status: 'Incomplete', - }, - { - id: 'CWE-1106', - name: 'Insufficient Use of Symbolic Constants', - status: 'Incomplete', - }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - status: 'Incomplete', - }, - { - id: 'CWE-1108', - name: 'Excessive Reliance on Global Variables', - status: 'Incomplete', - }, - { - id: 'CWE-1109', - name: 'Use of Same Variable for Multiple Purposes', - status: 'Incomplete', - }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, - { - id: 'CWE-1110', - name: 'Incomplete Design Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1111', - name: 'Incomplete I/O Documentation', - status: 'Incomplete', - }, - { - id: 'CWE-1112', - name: 'Incomplete Documentation of Program Execution', - status: 'Incomplete', - }, - { - id: 'CWE-1113', - name: 'Inappropriate Comment Style', - status: 'Incomplete', - }, - { - id: 'CWE-1114', - name: 'Inappropriate Whitespace Style', - status: 'Incomplete', - }, - { - id: 'CWE-1115', - name: 'Source Code Element without Standard Prologue', - status: 'Incomplete', - }, - { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, - { - id: 'CWE-1117', - name: 'Callable with Insufficient Behavioral Summary', - status: 'Incomplete', - }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1119', - name: 'Excessive Use of Unconditional Branching', - status: 'Incomplete', - }, - { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, - { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, - { - id: 'CWE-1121', - name: 'Excessive McCabe Cyclomatic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1122', - name: 'Excessive Halstead Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-1123', - name: 'Excessive Use of Self-Modifying Code', - status: 'Incomplete', - }, - { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, - { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - status: 'Incomplete', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - status: 'Incomplete', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", - status: 'Incomplete', - }, - { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, - { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, - { - id: 'CWE-116', - name: 'Improper Encoding or Escaping of Output', - status: 'Draft', - }, - { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, - { - id: 'CWE-117', - name: 'Improper Output Neutralization for Logs', - status: 'Draft', - }, - { - id: 'CWE-1173', - name: 'Improper Use of Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - status: 'Draft', - }, - { - id: 'CWE-1176', - name: 'Inefficient CPU Computation', - status: 'Incomplete', - }, - { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - status: 'Incomplete', - }, - { - id: 'CWE-1187', - name: 'DEPRECATED: Use of Uninitialized Resource', - status: 'Deprecated', - }, - { - id: 'CWE-1188', - name: 'Insecure Default Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - status: 'Stable', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - status: 'Stable', - }, - { - id: 'CWE-1190', - name: 'DMA Device Enabled Too Early in Boot Phase', - status: 'Draft', - }, - { - id: 'CWE-1191', - name: 'On-Chip Debug and Test Interface With Improper Access Control', - status: 'Stable', - }, - { - id: 'CWE-1192', - name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - status: 'Draft', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - status: 'Draft', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1204', - name: 'Generation of Weak Initialization Vector (IV)', - status: 'Incomplete', - }, - { - id: 'CWE-1209', - name: 'Failure to Disable Reserved Bits', - status: 'Incomplete', - }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, - { - id: 'CWE-1220', - name: 'Insufficient Granularity of Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1223', - name: 'Race Condition for Write-Once Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-1224', - name: 'Improper Restriction of Write-Once Bit Fields', - status: 'Incomplete', - }, - { - id: 'CWE-1229', - name: 'Creation of Emergent Resource', - status: 'Incomplete', - }, - { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - status: 'Incomplete', - }, - { - id: 'CWE-1231', - name: 'Improper Prevention of Lock Bit Modification', - status: 'Stable', - }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - status: 'Incomplete', - }, - { - id: 'CWE-1233', - name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', - status: 'Stable', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - status: 'Incomplete', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - status: 'Incomplete', - }, - { - id: 'CWE-1239', - name: 'Improper Zeroization of Hardware Register', - status: 'Draft', - }, - { - id: 'CWE-124', - name: "Buffer Underwrite ('Buffer Underflow')", - status: 'Incomplete', - }, - { - id: 'CWE-1240', - name: 'Use of a Cryptographic Primitive with a Risky Implementation', - status: 'Draft', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - status: 'Draft', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - status: 'Incomplete', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - status: 'Incomplete', - }, - { - id: 'CWE-1244', - name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', - status: 'Stable', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - status: 'Incomplete', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - status: 'Incomplete', - }, - { - id: 'CWE-1247', - name: 'Improper Protection Against Voltage and Clock Glitches', - status: 'Stable', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - status: 'Incomplete', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - status: 'Incomplete', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - status: 'Incomplete', - }, - { - id: 'CWE-1251', - name: 'Mirrored Regions with Different Values', - status: 'Incomplete', - }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - status: 'Incomplete', - }, - { - id: 'CWE-1253', - name: 'Incorrect Selection of Fuse Values', - status: 'Draft', - }, - { - id: 'CWE-1254', - name: 'Incorrect Comparison Logic Granularity', - status: 'Draft', - }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - status: 'Draft', - }, - { - id: 'CWE-1256', - name: 'Improper Restriction of Software Interfaces to Hardware Features', - status: 'Stable', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - status: 'Incomplete', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - status: 'Draft', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - status: 'Incomplete', - }, - { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - status: 'Stable', - }, - { - id: 'CWE-1261', - name: 'Improper Handling of Single Event Upsets', - status: 'Draft', - }, - { - id: 'CWE-1262', - name: 'Improper Access Control for Register Interface', - status: 'Stable', - }, - { - id: 'CWE-1263', - name: 'Improper Physical Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - status: 'Incomplete', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - status: 'Draft', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - status: 'Incomplete', - }, - { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - status: 'Draft', - }, - { - id: 'CWE-1269', - name: 'Product Released in Non-Release Configuration', - status: 'Incomplete', - }, - { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, - { - id: 'CWE-1270', - name: 'Generation of Incorrect Security Tokens', - status: 'Incomplete', - }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - status: 'Incomplete', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - status: 'Stable', - }, - { - id: 'CWE-1273', - name: 'Device Unlock Credential Sharing', - status: 'Incomplete', - }, - { - id: 'CWE-1274', - name: 'Improper Access Control for Volatile Memory Containing Boot Code', - status: 'Stable', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - status: 'Incomplete', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - status: 'Incomplete', - }, - { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Draft' }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - status: 'Incomplete', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - status: 'Incomplete', - }, - { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - status: 'Incomplete', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - status: 'Incomplete', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - status: 'Incomplete', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - status: 'Incomplete', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1287', - name: 'Improper Validation of Specified Type of Input', - status: 'Incomplete', - }, - { - id: 'CWE-1288', - name: 'Improper Validation of Consistency within Input', - status: 'Incomplete', - }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - status: 'Incomplete', - }, - { - id: 'CWE-129', - name: 'Improper Validation of Array Index', - status: 'Draft', - }, - { - id: 'CWE-1290', - name: 'Incorrect Decoding of Security Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - status: 'Draft', - }, - { - id: 'CWE-1292', - name: 'Incorrect Conversion of Security Identifiers', - status: 'Draft', - }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - status: 'Draft', - }, - { - id: 'CWE-1294', - name: 'Insecure Security Identifier Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - status: 'Incomplete', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - status: 'Incomplete', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - status: 'Incomplete', - }, - { - id: 'CWE-1298', - name: 'Hardware Logic Contains Race Conditions', - status: 'Draft', - }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - status: 'Draft', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - status: 'Incomplete', - }, - { - id: 'CWE-1300', - name: 'Improper Protection of Physical Side Channels', - status: 'Stable', - }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - status: 'Incomplete', - }, - { - id: 'CWE-1302', - name: 'Missing Security Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - status: 'Draft', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - status: 'Draft', - }, - { - id: 'CWE-131', - name: 'Incorrect Calculation of Buffer Size', - status: 'Draft', - }, - { - id: 'CWE-1310', - name: 'Missing Ability to Patch ROM Code', - status: 'Draft', - }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - status: 'Draft', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - status: 'Draft', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - status: 'Draft', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - status: 'Incomplete', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - status: 'Draft', - }, - { - id: 'CWE-1317', - name: 'Improper Access Control in Fabric Bridge', - status: 'Draft', - }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - status: 'Incomplete', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - status: 'Incomplete', - }, - { - id: 'CWE-132', - name: 'DEPRECATED: Miscalculated Null Termination', - status: 'Deprecated', - }, - { - id: 'CWE-1320', - name: 'Improper Protection for Outbound Error Messages and Alert Signals', - status: 'Draft', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - status: 'Incomplete', - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - status: 'Incomplete', - }, - { - id: 'CWE-1323', - name: 'Improper Management of Sensitive Trace Data', - status: 'Draft', - }, - { - id: 'CWE-1324', - name: 'Sensitive Information Accessible by Physical Probing of JTAG Interface', - status: 'Draft', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - status: 'Incomplete', - }, - { - id: 'CWE-1326', - name: 'Missing Immutable Root of Trust in Hardware', - status: 'Draft', - }, - { - id: 'CWE-1327', - name: 'Binding to an Unrestricted IP Address', - status: 'Incomplete', - }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - status: 'Draft', - }, - { - id: 'CWE-1329', - name: 'Reliance on Component That is Not Updateable', - status: 'Incomplete', - }, - { - id: 'CWE-1330', - name: 'Remanent Data Readable after Memory Erase', - status: 'Draft', - }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', - status: 'Stable', - }, - { - id: 'CWE-1332', - name: 'Improper Handling of Faults that Lead to Instruction Skips', - status: 'Stable', - }, - { - id: 'CWE-1333', - name: 'Inefficient Regular Expression Complexity', - status: 'Draft', - }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - status: 'Draft', - }, - { - id: 'CWE-1335', - name: 'Incorrect Bitwise Shift of Integer', - status: 'Draft', - }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - status: 'Incomplete', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - status: 'Draft', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - status: 'Draft', - }, - { - id: 'CWE-134', - name: 'Use of Externally-Controlled Format String', - status: 'Draft', - }, - { - id: 'CWE-1341', - name: 'Multiple Releases of Same Resource or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-1342', - name: 'Information Exposure through Microarchitectural State after Transient Execution', - status: 'Incomplete', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - status: 'Draft', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - status: 'Incomplete', - }, - { - id: 'CWE-1357', - name: 'Reliance on Uncontrolled Component', - status: 'Incomplete', - }, - { - id: 'CWE-138', - name: 'Improper Neutralization of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-1384', - name: 'Improper Handling of Physical or Environmental Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-1385', - name: 'Missing Origin Validation in WebSockets', - status: 'Incomplete', - }, - { - id: 'CWE-1386', - name: 'Insecure Operation on Windows Junction / Mount Point', - status: 'Incomplete', - }, - { - id: 'CWE-1389', - name: 'Incorrect Parsing of Numbers with Different Radices', - status: 'Incomplete', - }, - { id: 'CWE-1390', name: 'Weak Authentication', status: 'Incomplete' }, - { id: 'CWE-1391', name: 'Use of Weak Credentials', status: 'Incomplete' }, - { - id: 'CWE-1392', - name: 'Use of Default Credentials', - status: 'Incomplete', - }, - { id: 'CWE-1393', name: 'Use of Default Password', status: 'Incomplete' }, - { - id: 'CWE-1394', - name: 'Use of Default Cryptographic Key', - status: 'Incomplete', - }, - { - id: 'CWE-14', - name: 'Compiler Removal of Code to Clear Buffers', - status: 'Draft', - }, - { - id: 'CWE-140', - name: 'Improper Neutralization of Delimiters', - status: 'Draft', - }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - status: 'Draft', - }, - { - id: 'CWE-142', - name: 'Improper Neutralization of Value Delimiters', - status: 'Draft', - }, - { - id: 'CWE-143', - name: 'Improper Neutralization of Record Delimiters', - status: 'Draft', - }, - { - id: 'CWE-144', - name: 'Improper Neutralization of Line Delimiters', - status: 'Draft', - }, - { - id: 'CWE-145', - name: 'Improper Neutralization of Section Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-147', - name: 'Improper Neutralization of Input Terminators', - status: 'Draft', - }, - { - id: 'CWE-148', - name: 'Improper Neutralization of Input Leaders', - status: 'Draft', - }, - { - id: 'CWE-149', - name: 'Improper Neutralization of Quoting Syntax', - status: 'Draft', - }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - status: 'Incomplete', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - status: 'Incomplete', - }, - { - id: 'CWE-151', - name: 'Improper Neutralization of Comment Delimiters', - status: 'Draft', - }, - { - id: 'CWE-152', - name: 'Improper Neutralization of Macro Symbols', - status: 'Draft', - }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - status: 'Draft', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - status: 'Incomplete', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - status: 'Draft', - }, - { - id: 'CWE-156', - name: 'Improper Neutralization of Whitespace', - status: 'Draft', - }, - { - id: 'CWE-157', - name: 'Failure to Sanitize Paired Delimiters', - status: 'Draft', - }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - status: 'Incomplete', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - status: 'Draft', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-166', - name: 'Improper Handling of Missing Special Element', - status: 'Draft', - }, - { - id: 'CWE-167', - name: 'Improper Handling of Additional Special Element', - status: 'Draft', - }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - status: 'Draft', - }, - { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, - { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, - { - id: 'CWE-173', - name: 'Improper Handling of Alternate Encoding', - status: 'Draft', - }, - { - id: 'CWE-174', - name: 'Double Decoding of the Same Data', - status: 'Draft', - }, - { - id: 'CWE-175', - name: 'Improper Handling of Mixed Encoding', - status: 'Draft', - }, - { - id: 'CWE-176', - name: 'Improper Handling of Unicode Encoding', - status: 'Draft', - }, - { - id: 'CWE-177', - name: 'Improper Handling of URL Encoding (Hex Encoding)', - status: 'Draft', - }, - { - id: 'CWE-178', - name: 'Improper Handling of Case Sensitivity', - status: 'Incomplete', - }, - { - id: 'CWE-179', - name: 'Incorrect Behavior Order: Early Validation', - status: 'Incomplete', - }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - status: 'Draft', - }, - { - id: 'CWE-181', - name: 'Incorrect Behavior Order: Validate Before Filter', - status: 'Draft', - }, - { - id: 'CWE-182', - name: 'Collapse of Data into Unsafe Value', - status: 'Draft', - }, - { - id: 'CWE-183', - name: 'Permissive List of Allowed Inputs', - status: 'Draft', - }, - { - id: 'CWE-184', - name: 'Incomplete List of Disallowed Inputs', - status: 'Draft', - }, - { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, - { - id: 'CWE-186', - name: 'Overly Restrictive Regular Expression', - status: 'Draft', - }, - { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, - { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, - { - id: 'CWE-191', - name: 'Integer Underflow (Wrap or Wraparound)', - status: 'Draft', - }, - { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, - { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, - { - id: 'CWE-195', - name: 'Signed to Unsigned Conversion Error', - status: 'Draft', - }, - { - id: 'CWE-196', - name: 'Unsigned to Signed Conversion Error', - status: 'Draft', - }, - { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, - { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - status: 'Draft', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - status: 'Draft', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - status: 'Draft', - }, - { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, - { - id: 'CWE-204', - name: 'Observable Response Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-205', - name: 'Observable Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-206', - name: 'Observable Internal Behavioral Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - status: 'Draft', - }, - { - id: 'CWE-208', - name: 'Observable Timing Discrepancy', - status: 'Incomplete', - }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - status: 'Incomplete', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - status: 'Draft', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - status: 'Draft', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - status: 'Deprecated', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - status: 'Deprecated', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - status: 'Deprecated', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - status: 'Draft', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - status: 'Stable', - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - status: 'Draft', - }, - { - id: 'CWE-221', - name: 'Information Loss or Omission', - status: 'Incomplete', - }, - { - id: 'CWE-222', - name: 'Truncation of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-223', - name: 'Omission of Security-relevant Information', - status: 'Draft', - }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - status: 'Deprecated', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - status: 'Draft', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - status: 'Incomplete', - }, - { - id: 'CWE-229', - name: 'Improper Handling of Values', - status: 'Incomplete', - }, - { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, - { - id: 'CWE-230', - name: 'Improper Handling of Missing Values', - status: 'Draft', - }, - { - id: 'CWE-231', - name: 'Improper Handling of Extra Values', - status: 'Draft', - }, - { - id: 'CWE-232', - name: 'Improper Handling of Undefined Values', - status: 'Draft', - }, - { - id: 'CWE-233', - name: 'Improper Handling of Parameters', - status: 'Incomplete', - }, - { - id: 'CWE-234', - name: 'Failure to Handle Missing Parameter', - status: 'Incomplete', - }, - { - id: 'CWE-235', - name: 'Improper Handling of Extra Parameters', - status: 'Draft', - }, - { - id: 'CWE-236', - name: 'Improper Handling of Undefined Parameters', - status: 'Draft', - }, - { - id: 'CWE-237', - name: 'Improper Handling of Structural Elements', - status: 'Incomplete', - }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-239', - name: 'Failure to Handle Incomplete Element', - status: 'Draft', - }, - { - id: 'CWE-24', - name: "Path Traversal: '../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - status: 'Draft', - }, - { - id: 'CWE-241', - name: 'Improper Handling of Unexpected Data Type', - status: 'Draft', - }, - { - id: 'CWE-242', - name: 'Use of Inherently Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - status: 'Draft', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - status: 'Draft', - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - status: 'Draft', - }, - { - id: 'CWE-246', - name: 'J2EE Bad Practices: Direct Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - status: 'Deprecated', - }, - { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, - { - id: 'CWE-249', - name: 'DEPRECATED: Often Misused: Path Manipulation', - status: 'Deprecated', - }, - { - id: 'CWE-25', - name: "Path Traversal: '/../filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-250', - name: 'Execution with Unnecessary Privileges', - status: 'Draft', - }, - { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, - { - id: 'CWE-253', - name: 'Incorrect Check of Function Return Value', - status: 'Incomplete', - }, - { - id: 'CWE-256', - name: 'Plaintext Storage of a Password', - status: 'Incomplete', - }, - { - id: 'CWE-257', - name: 'Storing Passwords in a Recoverable Format', - status: 'Incomplete', - }, - { - id: 'CWE-258', - name: 'Empty Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, - { - id: 'CWE-26', - name: "Path Traversal: '/dir/../filename'", - status: 'Draft', - }, - { - id: 'CWE-260', - name: 'Password in Configuration File', - status: 'Incomplete', - }, - { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, - { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, - { - id: 'CWE-263', - name: 'Password Aging with Long Expiration', - status: 'Draft', - }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, - { - id: 'CWE-267', - name: 'Privilege Defined With Unsafe Actions', - status: 'Incomplete', - }, - { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, - { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, - { - id: 'CWE-27', - name: "Path Traversal: 'dir/../../filename'", - status: 'Draft', - }, - { - id: 'CWE-270', - name: 'Privilege Context Switching Error', - status: 'Draft', - }, - { - id: 'CWE-271', - name: 'Privilege Dropping / Lowering Errors', - status: 'Incomplete', - }, - { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, - { - id: 'CWE-273', - name: 'Improper Check for Dropped Privileges', - status: 'Incomplete', - }, - { - id: 'CWE-274', - name: 'Improper Handling of Insufficient Privileges', - status: 'Draft', - }, - { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, - { - id: 'CWE-278', - name: 'Insecure Preserved Inherited Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-279', - name: 'Incorrect Execution-Assigned Permissions', - status: 'Draft', - }, - { - id: 'CWE-28', - name: "Path Traversal: '..\\filedir'", - status: 'Incomplete', - }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - status: 'Draft', - }, - { - id: 'CWE-281', - name: 'Improper Preservation of Permissions', - status: 'Draft', - }, - { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, - { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, - { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, - { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, - { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, - { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - status: 'Incomplete', - }, - { - id: 'CWE-289', - name: 'Authentication Bypass by Alternate Name', - status: 'Incomplete', - }, - { - id: 'CWE-29', - name: "Path Traversal: '\\..\\filename'", - status: 'Incomplete', - }, - { - id: 'CWE-290', - name: 'Authentication Bypass by Spoofing', - status: 'Incomplete', - }, - { - id: 'CWE-291', - name: 'Reliance on IP Address for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-292', - name: 'DEPRECATED: Trusting Self-reported DNS Name', - status: 'Deprecated', - }, - { - id: 'CWE-293', - name: 'Using Referer Field for Authentication', - status: 'Draft', - }, - { - id: 'CWE-294', - name: 'Authentication Bypass by Capture-replay', - status: 'Incomplete', - }, - { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - status: 'Draft', - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - status: 'Incomplete', - }, - { - id: 'CWE-298', - name: 'Improper Validation of Certificate Expiration', - status: 'Draft', - }, - { - id: 'CWE-299', - name: 'Improper Check for Certificate Revocation', - status: 'Draft', - }, - { - id: 'CWE-30', - name: "Path Traversal: '\\dir\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-300', - name: 'Channel Accessible by Non-Endpoint', - status: 'Draft', - }, - { - id: 'CWE-301', - name: 'Reflection Attack in an Authentication Protocol', - status: 'Draft', - }, - { - id: 'CWE-302', - name: 'Authentication Bypass by Assumed-Immutable Data', - status: 'Incomplete', - }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - status: 'Draft', - }, - { - id: 'CWE-304', - name: 'Missing Critical Step in Authentication', - status: 'Draft', - }, - { - id: 'CWE-305', - name: 'Authentication Bypass by Primary Weakness', - status: 'Draft', - }, - { - id: 'CWE-306', - name: 'Missing Authentication for Critical Function', - status: 'Draft', - }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - status: 'Draft', - }, - { - id: 'CWE-308', - name: 'Use of Single-factor Authentication', - status: 'Draft', - }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - status: 'Draft', - }, - { - id: 'CWE-31', - name: "Path Traversal: 'dir\\..\\..\\filename'", - status: 'Draft', - }, - { - id: 'CWE-311', - name: 'Missing Encryption of Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-312', - name: 'Cleartext Storage of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-313', - name: 'Cleartext Storage in a File or on Disk', - status: 'Draft', - }, - { - id: 'CWE-314', - name: 'Cleartext Storage in the Registry', - status: 'Draft', - }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - status: 'Draft', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - status: 'Draft', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - status: 'Draft', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - status: 'Draft', - }, - { - id: 'CWE-319', - name: 'Cleartext Transmission of Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-32', - name: "Path Traversal: '...' (Triple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-321', - name: 'Use of Hard-coded Cryptographic Key', - status: 'Draft', - }, - { - id: 'CWE-322', - name: 'Key Exchange without Entity Authentication', - status: 'Draft', - }, - { - id: 'CWE-323', - name: 'Reusing a Nonce, Key Pair in Encryption', - status: 'Incomplete', - }, - { - id: 'CWE-324', - name: 'Use of a Key Past its Expiration Date', - status: 'Draft', - }, - { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, - { - id: 'CWE-327', - name: 'Use of a Broken or Risky Cryptographic Algorithm', - status: 'Draft', - }, - { id: 'CWE-328', name: 'Use of Weak Hash', status: 'Draft' }, - { - id: 'CWE-329', - name: 'Generation of Predictable IV with CBC Mode', - status: 'Draft', - }, - { - id: 'CWE-33', - name: "Path Traversal: '....' (Multiple Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-330', - name: 'Use of Insufficiently Random Values', - status: 'Stable', - }, - { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - status: 'Draft', - }, - { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - status: 'Draft', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, - { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, - { - id: 'CWE-340', - name: 'Generation of Predictable Numbers or Identifiers', - status: 'Incomplete', - }, - { - id: 'CWE-341', - name: 'Predictable from Observable State', - status: 'Draft', - }, - { - id: 'CWE-342', - name: 'Predictable Exact Value from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-343', - name: 'Predictable Value Range from Previous Values', - status: 'Draft', - }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - status: 'Draft', - }, - { - id: 'CWE-345', - name: 'Insufficient Verification of Data Authenticity', - status: 'Draft', - }, - { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, - { - id: 'CWE-347', - name: 'Improper Verification of Cryptographic Signature', - status: 'Draft', - }, - { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - status: 'Draft', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - status: 'Draft', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, - { - id: 'CWE-352', - name: 'Cross-Site Request Forgery (CSRF)', - status: 'Stable', - }, - { - id: 'CWE-353', - name: 'Missing Support for Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-354', - name: 'Improper Validation of Integrity Check Value', - status: 'Draft', - }, - { - id: 'CWE-356', - name: 'Product UI does not Warn User of Unsafe Actions', - status: 'Incomplete', - }, - { - id: 'CWE-357', - name: 'Insufficient UI Warning of Dangerous Operations', - status: 'Draft', - }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - status: 'Draft', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - status: 'Incomplete', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, - { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - status: 'Draft', - }, - { - id: 'CWE-363', - name: 'Race Condition Enabling Link Following', - status: 'Draft', - }, - { - id: 'CWE-364', - name: 'Signal Handler Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-365', - name: 'DEPRECATED: Race Condition in Switch', - status: 'Deprecated', - }, - { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - status: 'Incomplete', - }, - { - id: 'CWE-368', - name: 'Context Switching Race Condition', - status: 'Draft', - }, - { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, - { - id: 'CWE-37', - name: "Path Traversal: '/absolute/pathname/here'", - status: 'Draft', - }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - status: 'Draft', - }, - { - id: 'CWE-372', - name: 'Incomplete Internal State Distinction', - status: 'Draft', - }, - { - id: 'CWE-373', - name: 'DEPRECATED: State Synchronization Error', - status: 'Deprecated', - }, - { - id: 'CWE-374', - name: 'Passing Mutable Objects to an Untrusted Method', - status: 'Draft', - }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - status: 'Draft', - }, - { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - status: 'Draft', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - status: 'Incomplete', - }, - { - id: 'CWE-38', - name: "Path Traversal: '\\absolute\\pathname\\here'", - status: 'Draft', - }, - { - id: 'CWE-382', - name: 'J2EE Bad Practices: Use of System.exit()', - status: 'Draft', - }, - { - id: 'CWE-383', - name: 'J2EE Bad Practices: Direct Use of Threads', - status: 'Draft', - }, - { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, - { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, - { - id: 'CWE-386', - name: 'Symbolic Name not Mapping to Correct Object', - status: 'Draft', - }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, - { - id: 'CWE-390', - name: 'Detection of Error Condition Without Action', - status: 'Draft', - }, - { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, - { - id: 'CWE-392', - name: 'Missing Report of Error Condition', - status: 'Draft', - }, - { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, - { - id: 'CWE-394', - name: 'Unexpected Status Code or Return Value', - status: 'Draft', - }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-396', - name: 'Declaration of Catch for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-397', - name: 'Declaration of Throws for Generic Exception', - status: 'Draft', - }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - status: 'Draft', - }, - { - id: 'CWE-400', - name: 'Uncontrolled Resource Consumption', - status: 'Draft', - }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - status: 'Draft', - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - status: 'Draft', - }, - { - id: 'CWE-404', - name: 'Improper Resource Shutdown or Release', - status: 'Draft', - }, - { - id: 'CWE-405', - name: 'Asymmetric Resource Consumption (Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-407', - name: 'Inefficient Algorithmic Complexity', - status: 'Incomplete', - }, - { - id: 'CWE-408', - name: 'Incorrect Behavior Order: Early Amplification', - status: 'Draft', - }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - status: 'Incomplete', - }, - { - id: 'CWE-41', - name: 'Improper Resolution of Path Equivalence', - status: 'Incomplete', - }, - { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, - { - id: 'CWE-412', - name: 'Unrestricted Externally Accessible Lock', - status: 'Incomplete', - }, - { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, - { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, - { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, - { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, - { - id: 'CWE-42', - name: "Path Equivalence: 'filename.' (Trailing Dot)", - status: 'Incomplete', - }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - status: 'Draft', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - status: 'Draft', - }, - { - id: 'CWE-423', - name: 'DEPRECATED: Proxied Trusted Channel', - status: 'Deprecated', - }, - { - id: 'CWE-424', - name: 'Improper Protection of Alternate Path', - status: 'Draft', - }, - { - id: 'CWE-425', - name: "Direct Request ('Forced Browsing')", - status: 'Incomplete', - }, - { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, - { - id: 'CWE-427', - name: 'Uncontrolled Search Path Element', - status: 'Draft', - }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-430', - name: 'Deployment of Wrong Handler', - status: 'Incomplete', - }, - { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - status: 'Draft', - }, - { - id: 'CWE-433', - name: 'Unparsed Raw Web Content Delivery', - status: 'Incomplete', - }, - { - id: 'CWE-434', - name: 'Unrestricted Upload of File with Dangerous Type', - status: 'Draft', - }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - status: 'Draft', - }, - { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, - { - id: 'CWE-437', - name: 'Incomplete Model of Endpoint Features', - status: 'Incomplete', - }, - { - id: 'CWE-439', - name: 'Behavioral Change in New Version or Environment', - status: 'Draft', - }, - { - id: 'CWE-44', - name: "Path Equivalence: 'file.name' (Internal Dot)", - status: 'Incomplete', - }, - { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - status: 'Draft', - }, - { - id: 'CWE-443', - name: 'DEPRECATED: HTTP response splitting', - status: 'Deprecated', - }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", - status: 'Incomplete', - }, - { - id: 'CWE-446', - name: 'UI Discrepancy for Security Feature', - status: 'Incomplete', - }, - { - id: 'CWE-447', - name: 'Unimplemented or Unsupported Feature in UI', - status: 'Draft', - }, - { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, - { - id: 'CWE-449', - name: 'The UI Performs the Wrong Action', - status: 'Incomplete', - }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - status: 'Incomplete', - }, - { - id: 'CWE-450', - name: 'Multiple Interpretations of UI Input', - status: 'Draft', - }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - status: 'Draft', - }, - { - id: 'CWE-453', - name: 'Insecure Default Variable Initialization', - status: 'Draft', - }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - status: 'Draft', - }, - { - id: 'CWE-455', - name: 'Non-exit on Failed Initialization', - status: 'Draft', - }, - { - id: 'CWE-456', - name: 'Missing Initialization of a Variable', - status: 'Draft', - }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, - { - id: 'CWE-458', - name: 'DEPRECATED: Incorrect Initialization', - status: 'Deprecated', - }, - { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, - { - id: 'CWE-46', - name: "Path Equivalence: 'filename ' (Trailing Space)", - status: 'Incomplete', - }, - { - id: 'CWE-460', - name: 'Improper Cleanup on Thrown Exception', - status: 'Draft', - }, - { - id: 'CWE-462', - name: 'Duplicate Key in Associative List (Alist)', - status: 'Incomplete', - }, - { - id: 'CWE-463', - name: 'Deletion of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-464', - name: 'Addition of Data Structure Sentinel', - status: 'Incomplete', - }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - status: 'Draft', - }, - { - id: 'CWE-467', - name: 'Use of sizeof() on a Pointer Type', - status: 'Draft', - }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, - { - id: 'CWE-469', - name: 'Use of Pointer Subtraction to Determine Size', - status: 'Draft', - }, - { - id: 'CWE-47', - name: "Path Equivalence: ' filename' (Leading Space)", - status: 'Incomplete', - }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - status: 'Draft', - }, - { - id: 'CWE-471', - name: 'Modification of Assumed-Immutable Data (MAID)', - status: 'Draft', - }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - status: 'Draft', - }, - { - id: 'CWE-473', - name: 'PHP External Variable Modification', - status: 'Draft', - }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - status: 'Draft', - }, - { - id: 'CWE-475', - name: 'Undefined Behavior for Input to API', - status: 'Incomplete', - }, - { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, - { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Multiple Condition Expression', - status: 'Draft', - }, - { - id: 'CWE-479', - name: 'Signal Handler Use of a Non-reentrant Function', - status: 'Draft', - }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - status: 'Incomplete', - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, - { - id: 'CWE-484', - name: 'Omitted Break Statement in Switch', - status: 'Draft', - }, - { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, - { - id: 'CWE-487', - name: 'Reliance on Package-level Scope', - status: 'Incomplete', - }, - { - id: 'CWE-488', - name: 'Exposure of Data Element to Wrong Session', - status: 'Draft', - }, - { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, - { - id: 'CWE-49', - name: "Path Equivalence: 'filename/' (Trailing Slash)", - status: 'Incomplete', - }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - status: 'Draft', - }, - { - id: 'CWE-492', - name: 'Use of Inner Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-493', - name: 'Critical Public Variable Without Final Modifier', - status: 'Draft', - }, - { - id: 'CWE-494', - name: 'Download of Code Without Integrity Check', - status: 'Draft', - }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - status: 'Draft', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - status: 'Incomplete', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-498', - name: 'Cloneable Class Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-499', - name: 'Serializable Class Containing Sensitive Data', - status: 'Draft', - }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - status: 'Draft', - }, - { - id: 'CWE-50', - name: "Path Equivalence: '//multiple/leading/slash'", - status: 'Incomplete', - }, - { - id: 'CWE-500', - name: 'Public Static Field Not Marked Final', - status: 'Draft', - }, - { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, - { - id: 'CWE-502', - name: 'Deserialization of Untrusted Data', - status: 'Draft', - }, - { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, - { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, - { - id: 'CWE-508', - name: 'Non-Replicating Malicious Code', - status: 'Incomplete', - }, - { - id: 'CWE-509', - name: 'Replicating Malicious Code (Virus or Worm)', - status: 'Incomplete', - }, - { - id: 'CWE-51', - name: "Path Equivalence: '/multiple//internal/slash'", - status: 'Incomplete', - }, - { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, - { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, - { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, - { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, - { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, - { - id: 'CWE-516', - name: 'DEPRECATED: Covert Timing Channel', - status: 'Deprecated', - }, - { - id: 'CWE-52', - name: "Path Equivalence: '/multiple/trailing/slash//'", - status: 'Incomplete', - }, - { - id: 'CWE-520', - name: '.NET Misconfiguration: Use of Impersonation', - status: 'Incomplete', - }, - { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, - { - id: 'CWE-522', - name: 'Insufficiently Protected Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-523', - name: 'Unprotected Transport of Credentials', - status: 'Incomplete', - }, - { - id: 'CWE-524', - name: 'Use of Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-526', - name: 'Exposure of Sensitive Information Through Environmental Variables', - status: 'Incomplete', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - status: 'Draft', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - status: 'Incomplete', - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-531', - name: 'Inclusion of Sensitive Information in Test Code', - status: 'Incomplete', - }, - { - id: 'CWE-532', - name: 'Insertion of Sensitive Information into Log File', - status: 'Incomplete', - }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - status: 'Incomplete', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - status: 'Draft', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - status: 'Incomplete', - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - status: 'Incomplete', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - status: 'Incomplete', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - status: 'Deprecated', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - status: 'Incomplete', - }, - { - id: 'CWE-544', - name: 'Missing Standardized Error Handling Mechanism', - status: 'Draft', - }, - { - id: 'CWE-545', - name: 'DEPRECATED: Use of Dynamic Class Loading', - status: 'Deprecated', - }, - { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, - { - id: 'CWE-547', - name: 'Use of Hard-coded, Security-relevant Constants', - status: 'Draft', - }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - status: 'Draft', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, - { - id: 'CWE-55', - name: "Path Equivalence: '/./' (Single Dot Directory)", - status: 'Incomplete', - }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - status: 'Incomplete', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - status: 'Draft', - }, - { - id: 'CWE-553', - name: 'Command Shell in Externally Accessible Directory', - status: 'Incomplete', - }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - status: 'Draft', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - status: 'Draft', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - status: 'Incomplete', - }, - { - id: 'CWE-558', - name: 'Use of getlogin() in Multithreaded Application', - status: 'Draft', - }, - { - id: 'CWE-56', - name: "Path Equivalence: 'filedir*' (Wildcard)", - status: 'Incomplete', - }, - { - id: 'CWE-560', - name: 'Use of umask() with chmod-style Argument', - status: 'Draft', - }, - { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, - { - id: 'CWE-562', - name: 'Return of Stack Variable Address', - status: 'Draft', - }, - { - id: 'CWE-563', - name: 'Assignment to Variable without Use', - status: 'Draft', - }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - status: 'Incomplete', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - status: 'Incomplete', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - status: 'Draft', - }, - { - id: 'CWE-568', - name: 'finalize() Method Without super.finalize()', - status: 'Draft', - }, - { - id: 'CWE-57', - name: "Path Equivalence: 'fakedir/../realdir/filename'", - status: 'Incomplete', - }, - { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, - { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, - { - id: 'CWE-572', - name: 'Call to Thread run() instead of start()', - status: 'Draft', - }, - { - id: 'CWE-573', - name: 'Improper Following of Specification by Caller', - status: 'Draft', - }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - status: 'Draft', - }, - { - id: 'CWE-575', - name: 'EJB Bad Practices: Use of AWT Swing', - status: 'Draft', - }, - { - id: 'CWE-576', - name: 'EJB Bad Practices: Use of Java I/O', - status: 'Draft', - }, - { - id: 'CWE-577', - name: 'EJB Bad Practices: Use of Sockets', - status: 'Draft', - }, - { - id: 'CWE-578', - name: 'EJB Bad Practices: Use of Class Loader', - status: 'Draft', - }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - status: 'Draft', - }, - { - id: 'CWE-58', - name: 'Path Equivalence: Windows 8.3 Filename', - status: 'Incomplete', - }, - { - id: 'CWE-580', - name: 'clone() Method Without super.clone()', - status: 'Draft', - }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - status: 'Draft', - }, - { - id: 'CWE-582', - name: 'Array Declared Public, Final, and Static', - status: 'Draft', - }, - { - id: 'CWE-583', - name: 'finalize() Method Declared Public', - status: 'Incomplete', - }, - { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, - { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, - { - id: 'CWE-587', - name: 'Assignment of a Fixed Address to a Pointer', - status: 'Draft', - }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - status: 'Incomplete', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - status: 'Draft', - }, - { - id: 'CWE-590', - name: 'Free of Memory not on the Heap', - status: 'Incomplete', - }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - status: 'Draft', - }, - { - id: 'CWE-592', - name: 'DEPRECATED: Authentication Bypass Issues', - status: 'Deprecated', - }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - status: 'Draft', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - status: 'Incomplete', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - status: 'Incomplete', - }, - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - status: 'Deprecated', - }, - { - id: 'CWE-597', - name: 'Use of Wrong Operator in String Comparison', - status: 'Draft', - }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - status: 'Draft', - }, - { - id: 'CWE-599', - name: 'Missing Validation of OpenSSL Certificate', - status: 'Incomplete', - }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - status: 'Incomplete', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet', status: 'Draft' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - status: 'Draft', - }, - { - id: 'CWE-602', - name: 'Client-Side Enforcement of Server-Side Security', - status: 'Draft', - }, - { - id: 'CWE-603', - name: 'Use of Client-Side Authentication', - status: 'Draft', - }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, - { - id: 'CWE-606', - name: 'Unchecked Input for Loop Condition', - status: 'Draft', - }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - status: 'Draft', - }, - { - id: 'CWE-608', - name: 'Struts: Non-private Field in ActionForm Class', - status: 'Draft', - }, - { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, - { - id: 'CWE-61', - name: 'UNIX Symbolic Link (Symlink) Following', - status: 'Incomplete', - }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - status: 'Draft', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - status: 'Draft', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - status: 'Draft', - }, - { - id: 'CWE-613', - name: 'Insufficient Session Expiration', - status: 'Incomplete', - }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - status: 'Draft', - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - status: 'Incomplete', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - status: 'Incomplete', - }, - { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, - { - id: 'CWE-618', - name: 'Exposed Unsafe ActiveX Method', - status: 'Incomplete', - }, - { - id: 'CWE-619', - name: "Dangling Database Cursor ('Cursor Injection')", - status: 'Incomplete', - }, - { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, - { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, - { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, - { - id: 'CWE-622', - name: 'Improper Validation of Function Hook Arguments', - status: 'Draft', - }, - { - id: 'CWE-623', - name: 'Unsafe ActiveX Control Marked Safe For Scripting', - status: 'Draft', - }, - { - id: 'CWE-624', - name: 'Executable Regular Expression Error', - status: 'Incomplete', - }, - { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, - { - id: 'CWE-626', - name: 'Null Byte Interaction Error (Poison Null Byte)', - status: 'Draft', - }, - { - id: 'CWE-627', - name: 'Dynamic Variable Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - status: 'Draft', - }, - { - id: 'CWE-636', - name: "Not Failing Securely ('Failing Open')", - status: 'Draft', - }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - status: 'Draft', - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, - { - id: 'CWE-639', - name: 'Authorization Bypass Through User-Controlled Key', - status: 'Incomplete', - }, - { - id: 'CWE-64', - name: 'Windows Shortcut Following (.LNK)', - status: 'Incomplete', - }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - status: 'Incomplete', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - status: 'Incomplete', - }, - { - id: 'CWE-642', - name: 'External Control of Critical State Data', - status: 'Draft', - }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - status: 'Incomplete', - }, - { - id: 'CWE-645', - name: 'Overly Restrictive Account Lockout Mechanism', - status: 'Incomplete', - }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - status: 'Incomplete', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - status: 'Incomplete', - }, - { - id: 'CWE-648', - name: 'Incorrect Use of Privileged APIs', - status: 'Incomplete', - }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - status: 'Incomplete', - }, - { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - status: 'Incomplete', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-653', - name: 'Improper Isolation or Compartmentalization', - status: 'Draft', - }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-655', - name: 'Insufficient Psychological Acceptability', - status: 'Draft', - }, - { - id: 'CWE-656', - name: 'Reliance on Security Through Obscurity', - status: 'Draft', - }, - { - id: 'CWE-657', - name: 'Violation of Secure Design Principles', - status: 'Draft', - }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - status: 'Draft', - }, - { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - status: 'Draft', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - status: 'Draft', - }, - { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, - { - id: 'CWE-666', - name: 'Operation on Resource in Wrong Phase of Lifetime', - status: 'Draft', - }, - { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, - { - id: 'CWE-668', - name: 'Exposure of Resource to Wrong Sphere', - status: 'Draft', - }, - { - id: 'CWE-669', - name: 'Incorrect Resource Transfer Between Spheres', - status: 'Draft', - }, - { - id: 'CWE-67', - name: 'Improper Handling of Windows Device Names', - status: 'Incomplete', - }, - { - id: 'CWE-670', - name: 'Always-Incorrect Control Flow Implementation', - status: 'Draft', - }, - { - id: 'CWE-671', - name: 'Lack of Administrator Control over Security', - status: 'Draft', - }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - status: 'Draft', - }, - { - id: 'CWE-673', - name: 'External Influence of Sphere Definition', - status: 'Draft', - }, - { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, - { - id: 'CWE-675', - name: 'Multiple Operations on Resource in Single-Operation Context', - status: 'Draft', - }, - { - id: 'CWE-676', - name: 'Use of Potentially Dangerous Function', - status: 'Draft', - }, - { - id: 'CWE-680', - name: 'Integer Overflow to Buffer Overflow', - status: 'Draft', - }, - { - id: 'CWE-681', - name: 'Incorrect Conversion between Numeric Types', - status: 'Draft', - }, - { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, - { - id: 'CWE-683', - name: 'Function Call With Incorrect Order of Arguments', - status: 'Draft', - }, - { - id: 'CWE-684', - name: 'Incorrect Provision of Specified Functionality', - status: 'Draft', - }, - { - id: 'CWE-685', - name: 'Function Call With Incorrect Number of Arguments', - status: 'Draft', - }, - { - id: 'CWE-686', - name: 'Function Call With Incorrect Argument Type', - status: 'Draft', - }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - status: 'Draft', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - status: 'Draft', - }, - { - id: 'CWE-689', - name: 'Permission Race Condition During Resource Copy', - status: 'Draft', - }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - status: 'Incomplete', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - status: 'Draft', - }, - { - id: 'CWE-691', - name: 'Insufficient Control Flow Management', - status: 'Draft', - }, - { - id: 'CWE-692', - name: 'Incomplete Denylist to Cross-Site Scripting', - status: 'Draft', - }, - { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - status: 'Incomplete', - }, - { - id: 'CWE-695', - name: 'Use of Low-Level Functionality', - status: 'Incomplete', - }, - { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, - { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, - { - id: 'CWE-698', - name: 'Execution After Redirect (EAR)', - status: 'Incomplete', - }, - { - id: 'CWE-7', - name: 'J2EE Misconfiguration: Missing Custom Error Page', - status: 'Incomplete', - }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-704', - name: 'Incorrect Type Conversion or Cast', - status: 'Incomplete', - }, - { - id: 'CWE-705', - name: 'Incorrect Control Flow Scoping', - status: 'Incomplete', - }, - { - id: 'CWE-706', - name: 'Use of Incorrectly-Resolved Name or Reference', - status: 'Incomplete', - }, - { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, - { - id: 'CWE-708', - name: 'Incorrect Ownership Assignment', - status: 'Incomplete', - }, - { - id: 'CWE-71', - name: "DEPRECATED: Apple '.DS_Store'", - status: 'Deprecated', - }, - { - id: 'CWE-710', - name: 'Improper Adherence to Coding Standards', - status: 'Incomplete', - }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - status: 'Incomplete', - }, - { - id: 'CWE-73', - name: 'External Control of File Name or Path', - status: 'Draft', - }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - status: 'Draft', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - status: 'Incomplete', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-749', - name: 'Exposed Dangerous Method or Function', - status: 'Incomplete', - }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - status: 'Draft', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - status: 'Incomplete', - }, - { - id: 'CWE-755', - name: 'Improper Handling of Exceptional Conditions', - status: 'Incomplete', - }, - { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - status: 'Incomplete', - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - status: 'Incomplete', - }, - { - id: 'CWE-759', - name: 'Use of a One-Way Hash without a Salt', - status: 'Incomplete', - }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - status: 'Draft', - }, - { - id: 'CWE-760', - name: 'Use of a One-Way Hash with a Predictable Salt', - status: 'Incomplete', - }, - { - id: 'CWE-761', - name: 'Free of Pointer not at Start of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-762', - name: 'Mismatched Memory Management Routines', - status: 'Incomplete', - }, - { - id: 'CWE-763', - name: 'Release of Invalid Pointer or Reference', - status: 'Incomplete', - }, - { - id: 'CWE-764', - name: 'Multiple Locks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-765', - name: 'Multiple Unlocks of a Critical Resource', - status: 'Incomplete', - }, - { - id: 'CWE-766', - name: 'Critical Data Element Declared Public', - status: 'Incomplete', - }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - status: 'Incomplete', - }, - { - id: 'CWE-768', - name: 'Incorrect Short Circuit Evaluation', - status: 'Incomplete', - }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - status: 'Deprecated', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - status: 'Draft', - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-771', - name: 'Missing Reference to Active Allocated Resource', - status: 'Incomplete', - }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - status: 'Draft', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - status: 'Incomplete', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - status: 'Incomplete', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - status: 'Draft', - }, - { - id: 'CWE-777', - name: 'Regular Expression without Anchors', - status: 'Incomplete', - }, - { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, - { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - status: 'Stable', - }, - { - id: 'CWE-780', - name: 'Use of RSA Algorithm without OAEP', - status: 'Incomplete', - }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - status: 'Draft', - }, - { - id: 'CWE-782', - name: 'Exposed IOCTL with Insufficient Access Control', - status: 'Draft', - }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - status: 'Draft', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-786', - name: 'Access of Memory Location Before Start of Buffer', - status: 'Incomplete', - }, - { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, - { - id: 'CWE-788', - name: 'Access of Memory Location After End of Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-789', - name: 'Memory Allocation with Excessive Size Value', - status: 'Draft', - }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - status: 'Stable', - }, - { - id: 'CWE-790', - name: 'Improper Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-791', - name: 'Incomplete Filtering of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-793', - name: 'Only Filtering One Instance of a Special Element', - status: 'Incomplete', - }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - status: 'Incomplete', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - status: 'Incomplete', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - status: 'Incomplete', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - status: 'Incomplete', - }, - { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, - { - id: 'CWE-799', - name: 'Improper Control of Interaction Frequency', - status: 'Incomplete', - }, - { - id: 'CWE-8', - name: 'J2EE Misconfiguration: Entity Bean Declared Remote', - status: 'Incomplete', - }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - status: 'Incomplete', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, - { - id: 'CWE-805', - name: 'Buffer Access with Incorrect Length Value', - status: 'Incomplete', - }, - { - id: 'CWE-806', - name: 'Buffer Access Using Size of Source Buffer', - status: 'Incomplete', - }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - status: 'Incomplete', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - status: 'Incomplete', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - status: 'Incomplete', - }, - { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, - { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, - { - id: 'CWE-822', - name: 'Untrusted Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-823', - name: 'Use of Out-of-range Pointer Offset', - status: 'Incomplete', - }, - { - id: 'CWE-824', - name: 'Access of Uninitialized Pointer', - status: 'Incomplete', - }, - { - id: 'CWE-825', - name: 'Expired Pointer Dereference', - status: 'Incomplete', - }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - status: 'Incomplete', - }, - { - id: 'CWE-827', - name: 'Improper Control of Document Type Definition', - status: 'Incomplete', - }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - status: 'Incomplete', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - status: 'Incomplete', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - status: 'Incomplete', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - status: 'Incomplete', - }, - { - id: 'CWE-832', - name: 'Unlock of a Resource that is not Locked', - status: 'Incomplete', - }, - { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, - { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - status: 'Incomplete', - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - status: 'Incomplete', - }, - { - id: 'CWE-837', - name: 'Improper Enforcement of a Single, Unique Action', - status: 'Incomplete', - }, - { - id: 'CWE-838', - name: 'Inappropriate Encoding for Output Context', - status: 'Incomplete', - }, - { - id: 'CWE-839', - name: 'Numeric Range Comparison Without Minimum Check', - status: 'Incomplete', - }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - status: 'Draft', - }, - { - id: 'CWE-841', - name: 'Improper Enforcement of Behavioral Workflow', - status: 'Incomplete', - }, - { - id: 'CWE-842', - name: 'Placement of User into Incorrect Group', - status: 'Incomplete', - }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - status: 'Incomplete', - }, - { - id: 'CWE-85', - name: 'Doubled Character XSS Manipulations', - status: 'Draft', - }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - status: 'Draft', - }, - { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, - { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, - { - id: 'CWE-87', - name: 'Improper Neutralization of Alternate XSS Syntax', - status: 'Draft', - }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - status: 'Draft', - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - status: 'Stable', - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - status: 'Draft', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - status: 'Draft', - }, - { - id: 'CWE-908', - name: 'Use of Uninitialized Resource', - status: 'Incomplete', - }, - { - id: 'CWE-909', - name: 'Missing Initialization of Resource', - status: 'Incomplete', - }, - { - id: 'CWE-91', - name: 'XML Injection (aka Blind XPath Injection)', - status: 'Draft', - }, - { - id: 'CWE-910', - name: 'Use of Expired File Descriptor', - status: 'Incomplete', - }, - { - id: 'CWE-911', - name: 'Improper Update of Reference Count', - status: 'Incomplete', - }, - { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - status: 'Incomplete', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - status: 'Incomplete', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - status: 'Incomplete', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - status: 'Incomplete', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-918', - name: 'Server-Side Request Forgery (SSRF)', - status: 'Incomplete', - }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - status: 'Deprecated', - }, - { - id: 'CWE-920', - name: 'Improper Restriction of Power Consumption', - status: 'Incomplete', - }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - status: 'Incomplete', - }, - { - id: 'CWE-922', - name: 'Insecure Storage of Sensitive Information', - status: 'Incomplete', - }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - status: 'Incomplete', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - status: 'Incomplete', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - status: 'Incomplete', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - status: 'Incomplete', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - status: 'Draft', - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - status: 'Incomplete', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - status: 'Incomplete', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Policy with Untrusted Domains', - status: 'Incomplete', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - status: 'Incomplete', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - status: 'Incomplete', - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - status: 'Draft', - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - status: 'Draft', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - status: 'Draft', - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - status: 'Draft', - }, - ], -} diff --git a/csaf-validator-lib/lib/informativeTests.js b/csaf-validator-lib/lib/informativeTests.js deleted file mode 100644 index a7176b2..0000000 --- a/csaf-validator-lib/lib/informativeTests.js +++ /dev/null @@ -1,11 +0,0 @@ -export { default as informativeTest_6_3_1 } from './informativeTests/informativeTest_6_3_1.js' -export { default as informativeTest_6_3_2 } from './informativeTests/informativeTest_6_3_2.js' -export { default as informativeTest_6_3_3 } from './informativeTests/informativeTest_6_3_3.js' -export { default as informativeTest_6_3_4 } from './informativeTests/informativeTest_6_3_4.js' -export { default as informativeTest_6_3_5 } from './informativeTests/informativeTest_6_3_5.js' -export { default as informativeTest_6_3_6 } from './informativeTests/informativeTest_6_3_6.js' -export { default as informativeTest_6_3_7 } from './informativeTests/informativeTest_6_3_7.js' -export { default as informativeTest_6_3_8 } from './informativeTests/informativeTest_6_3_8.js' -export { default as informativeTest_6_3_9 } from './informativeTests/informativeTest_6_3_9.js' -export { default as informativeTest_6_3_10 } from './informativeTests/informativeTest_6_3_10.js' -export { default as informativeTest_6_3_11 } from './informativeTests/informativeTest_6_3_11.js' diff --git a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_1.js b/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_1.js deleted file mode 100644 index 1f729c4..0000000 --- a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_1.js +++ /dev/null @@ -1,61 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - properties: {}, - optionalProperties: { - scores: { - elements: { - additionalProperties: true, - optionalProperties: { - cvss_v2: { - additionalProperties: true, - properties: {}, - }, - cvss_v3: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) - -/** - * @param {unknown} doc - * @returns - */ -export default function informativeTest_6_3_1(doc) { - const ctx = { - infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - vulnerability.scores?.forEach((score, scoreIndex) => { - if (score.cvss_v2 && !score.cvss_v3) { - ctx.infos.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/scores/${scoreIndex}`, - message: 'use of cvss v2 as the only scoring system', - }) - } - }) - }) - - return ctx -} diff --git a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_10.js b/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_10.js deleted file mode 100644 index 8173eba..0000000 --- a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_10.js +++ /dev/null @@ -1,71 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - branches: { elements: { additionalProperties: true, properties: {} } }, - }, - }, - }, -}) -const validateInput = ajv.compile(inputSchema) - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - category: { type: 'string' }, - name: { type: 'string' }, - }, -}) -const validateBranch = ajv.compile(branchSchema) - -/** - * @param {unknown} doc - * @returns - */ -export default async function informativeTest_6_3_10(doc) { - const ctx = { - infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - /** - * @param {object} params - * @param {string} params.path - * @param {unknown[]} params.branches - */ - function checkBranches({ path, branches }) { - branches.forEach((branch, branchIndex) => { - if (!validateBranch(branch)) { - return - } - if (branch.category === 'product_version_range') { - ctx.infos.push({ - instancePath: `${path}/${branchIndex}/product`, - message: 'usage of product_version_range category', - }) - } - if (Array.isArray(branch.branches)) { - checkBranches({ - path: `${path}/${branchIndex}/branches`, - branches: branch.branches, - }) - } - }) - } - - checkBranches({ - path: '/product_tree/branches', - branches: doc.product_tree.branches ?? [], - }) - - return ctx -} diff --git a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_11.js b/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_11.js deleted file mode 100644 index 9b84e94..0000000 --- a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_11.js +++ /dev/null @@ -1,75 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - branches: { elements: { additionalProperties: true, properties: {} } }, - }, - }, - }, -}) -const validateInput = ajv.compile(inputSchema) - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - category: { type: 'string' }, - name: { type: 'string' }, - }, -}) -const validateBranch = ajv.compile(branchSchema) - -/** - * @param {unknown} doc - * @returns - */ -export default async function informativeTest_6_3_11(doc) { - const ctx = { - infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - /** - * @param {object} params - * @param {string} params.path - * @param {unknown[]} params.branches - */ - function checkBranches({ path, branches }) { - branches.forEach((branch, branchIndex) => { - if (!validateBranch(branch)) { - return - } - if ( - branch.category === 'product_version' && - typeof branch.name === 'string' && - branch.name.match(/^[vV][0-9].*$/) - ) { - ctx.infos.push({ - instancePath: `${path}/${branchIndex}/name`, - message: 'usage of v as version indicator', - }) - } - if (Array.isArray(branch.branches)) { - checkBranches({ - path: `${path}/${branchIndex}/branches`, - branches: branch.branches, - }) - } - }) - } - - checkBranches({ - path: '/product_tree/branches', - branches: doc.product_tree.branches ?? [], - }) - - return ctx -} diff --git a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_2.js b/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_2.js deleted file mode 100644 index 2fb1bd5..0000000 --- a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_2.js +++ /dev/null @@ -1,66 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - properties: {}, - optionalProperties: { - scores: { - elements: { - additionalProperties: true, - optionalProperties: { - cvss_v3: { - additionalProperties: true, - properties: {}, - optionalProperties: { - version: { type: 'string' }, - vectorString: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) - -/** - * @param {unknown} doc - * @returns - */ -export default function informativeTest_6_3_2(doc) { - const ctx = { - infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - vulnerability.scores?.forEach((score, scoreIndex) => { - if (score.cvss_v3) { - if ( - score.cvss_v3.version === '3.0' || - score.cvss_v3.vectorString?.startsWith('CVSS:3.0') - ) { - ctx.infos.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/scores/${scoreIndex}/cvss_v3/version`, - message: 'It is recommended to upgrade to CVSS v3.1.', - }) - } - } - }) - }) - - return ctx -} diff --git a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_3.js b/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_3.js deleted file mode 100644 index d59f659..0000000 --- a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_3.js +++ /dev/null @@ -1,44 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - cve: { type: 'string' }, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) - -/** - * @param {unknown} doc - * @returns - */ -export default function informativeTest_6_3_3(doc) { - const ctx = { - infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - if (!vulnerability.cve) { - ctx.infos.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}`, - message: 'missing CVE', - }) - } - }) - - return ctx -} diff --git a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_4.js b/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_4.js deleted file mode 100644 index 44e93c3..0000000 --- a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_4.js +++ /dev/null @@ -1,47 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - cwe: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) - -/** - * @param {unknown} doc - * @returns - */ -export default function informativeTest_6_3_4(doc) { - const ctx = { - infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - if (!vulnerability.cwe) { - ctx.infos.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}`, - message: 'missing cwe', - }) - } - }) - - return ctx -} diff --git a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_5.js b/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_5.js deleted file mode 100644 index 94db9c4..0000000 --- a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_5.js +++ /dev/null @@ -1,42 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { walkHashes } from '../shared/csafHelpers.js' - -const ajv = new Ajv() - -const hashSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - file_hashes: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, -}) - -const validateHash = ajv.compile(hashSchema) - -/** - * @param {unknown} doc - * @returns - */ -export default function informativeTest_6_3_5(doc) { - const ctx = { - infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]), - } - - walkHashes(doc, ({ path, hash }) => { - if (!validateHash(hash)) return - hash.file_hashes.forEach((fileHash, fileHashIndex) => { - if (typeof fileHash.value === 'string' && fileHash.value.length < 64) { - ctx.infos.push({ - instancePath: `${path}/file_hashes/${fileHashIndex}/value`, - message: 'use of short hash', - }) - } - }) - }) - - return ctx -} diff --git a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_6.js b/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_6.js deleted file mode 100644 index ba6ac74..0000000 --- a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_6.js +++ /dev/null @@ -1,442 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import testURL from './shared/testURL.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - document: { - additionalProperties: true, - optionalProperties: { - acknowledgments: { - elements: { - additionalProperties: true, - optionalProperties: { - urls: { - elements: { type: 'string' }, - }, - }, - }, - }, - references: { - elements: { - additionalProperties: true, - optionalProperties: { - url: { type: 'string' }, - category: { type: 'string' }, - }, - }, - }, - aggregate_severity: { - additionalProperties: true, - optionalProperties: { - namespace: { type: 'string' }, - }, - }, - distribution: { - additionalProperties: true, - optionalProperties: { - tlp: { - additionalProperties: true, - optionalProperties: { - url: { type: 'string' }, - }, - }, - }, - }, - publisher: { - additionalProperties: true, - optionalProperties: { - namespace: { type: 'string' }, - }, - }, - }, - }, - product_tree: { - additionalProperties: true, - optionalProperties: { - full_product_names: { - elements: { - additionalProperties: true, - optionalProperties: { - product_identification_helper: { - additionalProperties: true, - optionalProperties: { - sbom_urls: { elements: { type: 'string' } }, - x_generic_uris: { - elements: { - additionalProperties: true, - optionalProperties: { - namespace: { type: 'string' }, - uri: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - }, - branches: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - relationships: { - elements: { - additionalProperties: true, - optionalProperties: { - full_product_name: { - additionalProperties: true, - optionalProperties: { - product_identification_helper: { - additionalProperties: true, - optionalProperties: { - sbom_urls: { elements: { type: 'string' } }, - x_generic_uris: { - elements: { - additionalProperties: true, - optionalProperties: { - namespace: { type: 'string' }, - uri: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - remediations: { - elements: { - additionalProperties: true, - optionalProperties: { - url: { type: 'string' }, - }, - }, - }, - acknowledgments: { - elements: { - optionalProperties: { - urls: { - elements: { type: 'string' }, - }, - }, - }, - }, - references: { - elements: { - additionalProperties: true, - optionalProperties: { - url: { type: 'string' }, - category: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, -}) - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product: { - additionalProperties: true, - optionalProperties: { - product_identification_helper: { - additionalProperties: true, - optionalProperties: { - sbom_urls: { elements: { type: 'string' } }, - x_generic_uris: { - elements: { - additionalProperties: true, - optionalProperties: { - namespace: { type: 'string' }, - uri: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - branches: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) -const validateBranch = ajv.compile(branchSchema) - -/** - * @param {unknown} doc - * @returns - */ -export default async function informativeTest_6_3_6(doc) { - const ctx = { - infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - const references = doc.document?.references ?? [] - for (let i = 0; i < references.length; ++i) { - const reference = references[i] - if (reference.category === 'self' || typeof reference.url !== 'string') { - continue - } - await testURL(reference.url, () => { - ctx.infos.push({ - instancePath: `/document/references/${i}/url`, - message: 'use of non-self referencing urls failing to resolve', - }) - }) - } - - const acknowledgments = doc.document?.acknowledgments ?? [] - for ( - let acknowledgmentIndex = 0; - acknowledgmentIndex < acknowledgments.length; - ++acknowledgmentIndex - ) { - const acknowledgment = acknowledgments[acknowledgmentIndex] - - const urls = acknowledgment.urls ?? [] - for (let urlIndex = 0; urlIndex < urls.length; ++urlIndex) { - await testURL(urls[urlIndex], () => { - ctx.infos.push({ - instancePath: `/document/acknowledgments/${acknowledgmentIndex}/urls/${urlIndex}`, - message: 'use of non-self referencing urls failing to resolve', - }) - }) - } - } - - if (typeof doc.document?.aggregate_severity?.namespace === 'string') { - await testURL(doc.document.aggregate_severity.namespace, () => { - ctx.infos.push({ - instancePath: `/document/aggregate_severity/namespace`, - message: 'use of non-self referencing urls failing to resolve', - }) - }) - } - - if (typeof doc.document?.publisher?.namespace === 'string') { - await testURL(doc.document.publisher.namespace, () => { - ctx.infos.push({ - instancePath: `/document/publisher/namespace`, - message: 'use of non-self referencing urls failing to resolve', - }) - }) - } - - if (typeof doc.document?.distribution?.tlp?.url === 'string') { - await testURL(doc.document.distribution.tlp.url, () => { - ctx.infos.push({ - instancePath: `/document/distribution/tlp/url`, - message: 'use of non-self referencing urls failing to resolve', - }) - }) - } - - /** - * @param {object} params - * @param {string} params.path - * @param {unknown[]} params.branches - */ - async function checkBranches({ path, branches }) { - for (let branchIndex = 0; branchIndex < branches.length; ++branchIndex) { - const branch = branches[branchIndex] - if (validateBranch(branch)) { - const sbomURLs = - branch.product?.product_identification_helper?.sbom_urls ?? [] - for (const [sbomURLIndex, sbomURL] of sbomURLs.entries()) { - await testURL(sbomURL, () => { - ctx.infos.push({ - instancePath: `${path}/${branchIndex}/product/product_identification_helper/sbom_urls/${sbomURLIndex}`, - message: 'use of non-self referencing urls failing to resolve', - }) - }) - } - - const xGenericURIs = - branch.product?.product_identification_helper?.x_generic_uris ?? [] - for (const [xGenericURIIndex, xGenericURI] of xGenericURIs.entries()) { - if (typeof xGenericURI.namespace === 'string') { - await testURL(xGenericURI.namespace, () => { - ctx.infos.push({ - instancePath: `${path}/${branchIndex}/product/product_identification_helper/x_generic_uris/${xGenericURIIndex}/namespace`, - message: 'use of non-self referencing urls failing to resolve', - }) - }) - } - if (typeof xGenericURI.uri === 'string') { - await testURL(xGenericURI.uri, () => { - ctx.infos.push({ - instancePath: `${path}/${branchIndex}/product/product_identification_helper/x_generic_uris/${xGenericURIIndex}/uri`, - message: 'use of non-self referencing urls failing to resolve', - }) - }) - } - } - - if (Array.isArray(branch.branches)) { - await checkBranches({ - path: `${path}/${branchIndex}/branches`, - branches: branch.branches, - }) - } - } - } - } - - await checkBranches({ - path: '/product_tree/branches', - branches: doc.product_tree?.branches ?? [], - }) - - const fullProductNames = doc.product_tree?.full_product_names ?? [] - for (const [ - fullProductNameIndex, - fullProductName, - ] of fullProductNames.entries()) { - const sbomURLs = - fullProductName.product_identification_helper?.sbom_urls ?? [] - for (let sbomURLIndex = 0; sbomURLIndex < sbomURLs.length; ++sbomURLIndex) { - const sbomURL = sbomURLs[sbomURLIndex] - await testURL(sbomURL, () => { - ctx.infos.push({ - instancePath: `/product_tree/full_product_names/${fullProductNameIndex}/product_identification_helper/sbom_urls/${sbomURLIndex}`, - message: 'use of non-self referencing urls failing to resolve', - }) - }) - } - - const xGenericURIs = - fullProductName.product_identification_helper?.x_generic_uris ?? [] - for (const [xGenericURIIndex, xGenericURI] of xGenericURIs.entries()) { - if (typeof xGenericURI.namespace === 'string') { - await testURL(xGenericURI.namespace, () => { - ctx.infos.push({ - instancePath: `/product_tree/full_product_names/${fullProductNameIndex}/product_identification_helper/x_generic_uris/${xGenericURIIndex}/namespace`, - message: 'use of non-self referencing urls failing to resolve', - }) - }) - } - if (typeof xGenericURI.uri === 'string') { - await testURL(xGenericURI.uri, () => { - ctx.infos.push({ - instancePath: `/product_tree/full_product_names/${fullProductNameIndex}/product_identification_helper/x_generic_uris/${xGenericURIIndex}/uri`, - message: 'use of non-self referencing urls failing to resolve', - }) - }) - } - } - } - - const relationships = doc.product_tree?.relationships ?? [] - for (const [relationshipIndex, relationship] of relationships.entries()) { - const sbomURLs = - relationship.full_product_name?.product_identification_helper - ?.sbom_urls ?? [] - for (let sbomURLIndex = 0; sbomURLIndex < sbomURLs.length; ++sbomURLIndex) { - const sbomURL = sbomURLs[sbomURLIndex] - await testURL(sbomURL, () => { - ctx.infos.push({ - instancePath: `/product_tree/relationships/${relationshipIndex}/full_product_name/product_identification_helper/sbom_urls/${sbomURLIndex}`, - message: 'use of non-self referencing urls failing to resolve', - }) - }) - } - - const xGenericURIs = - relationship.full_product_name?.product_identification_helper - ?.x_generic_uris ?? [] - for (const [xGenericURIIndex, xGenericURI] of xGenericURIs.entries()) { - if (typeof xGenericURI.namespace === 'string') { - await testURL(xGenericURI.namespace, () => { - ctx.infos.push({ - instancePath: `/product_tree/relationship/${relationshipIndex}/full_product_name/product_identification_helper/x_generic_uris/${xGenericURIIndex}/namespace`, - message: 'use of non-self referencing urls failing to resolve', - }) - }) - } - if (typeof xGenericURI.uri === 'string') { - await testURL(xGenericURI.uri, () => { - ctx.infos.push({ - instancePath: `/product_tree/relationship/${relationshipIndex}/full_product_name/product_identification_helper/x_generic_uris/${xGenericURIIndex}/uri`, - message: 'use of non-self referencing urls failing to resolve', - }) - }) - } - } - } - - const vulnerabilities = doc.vulnerabilities ?? [] - for (const [vulnerabilityIndex, vulnerability] of vulnerabilities.entries()) { - const acknowledgments = vulnerability.acknowledgments ?? [] - for ( - let acknowledgmentIndex = 0; - acknowledgmentIndex < acknowledgments.length; - ++acknowledgmentIndex - ) { - const acknowledgment = acknowledgments[acknowledgmentIndex] - const urls = acknowledgment.urls ?? [] - for (let urlIndex = 0; urlIndex < urls.length; ++urlIndex) { - await testURL(urls[urlIndex], () => { - ctx.infos.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/acknowledgments/${acknowledgmentIndex}/urls/${urlIndex}`, - message: 'use of non-self referencing urls failing to resolve', - }) - }) - } - } - - const references = vulnerability.references ?? [] - for (const [referenceIndex, reference] of references.entries()) { - if (reference.category === 'self') { - continue - } - if (typeof reference.url === 'string') { - await testURL(reference.url, () => { - ctx.infos.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/references/${referenceIndex}/url`, - message: 'use of non-self referencing urls failing to resolve', - }) - }) - } - } - - const remediations = vulnerability.remediations ?? [] - for (const [remediationIndex, remediation] of remediations.entries()) { - if (typeof remediation.url === 'string') { - await testURL(remediation.url, () => { - ctx.infos.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/remediations/${remediationIndex}/url`, - message: 'use of non-self referencing urls failing to resolve', - }) - }) - } - } - } - - return ctx -} diff --git a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_7.js b/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_7.js deleted file mode 100644 index 1367eac..0000000 --- a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_7.js +++ /dev/null @@ -1,83 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import testURL from './shared/testURL.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - document: { - additionalProperties: true, - optionalProperties: { - references: { - elements: { - additionalProperties: true, - optionalProperties: { - url: { type: 'string' }, - category: { type: 'string' }, - }, - }, - }, - }, - }, - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - references: { - elements: { - additionalProperties: true, - optionalProperties: { - url: { type: 'string' }, - category: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) - -/** - * @param {unknown} doc - * @returns - */ -export default async function informativeTest_6_3_7(doc) { - const ctx = { - infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - const referenceObjects = ( - doc.document?.references?.map((reference, referenceIndex) => ({ - instancePath: `/document/references/${referenceIndex}`, - value: reference, - })) ?? [] - ).concat( - doc.vulnerabilities?.flatMap( - (vulnerability, vulnerabilityIndex) => - vulnerability.references?.map((reference, referenceIndex) => ({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/references/${referenceIndex}`, - value: reference, - })) ?? [] - ) ?? [] - ) - - for (const { value: reference, instancePath } of referenceObjects) { - if (reference.category !== 'self' || !reference.url) continue - await testURL(reference.url, () => { - ctx.infos.push({ - instancePath, - message: 'use of self referencing urls failing to resolve', - }) - }) - } - - return ctx -} diff --git a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_8.js b/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_8.js deleted file mode 100644 index 0148afb..0000000 --- a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_8.js +++ /dev/null @@ -1,422 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { execFile } from 'node:child_process' -import bcp47 from 'bcp47' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - lang: { type: 'string' }, - }, - optionalProperties: { - acknowledgments: { - elements: { - additionalProperties: true, - optionalProperties: { - names: { elements: { type: 'string' } }, - organization: { type: 'string' }, - summary: { type: 'string' }, - }, - }, - }, - aggregate_severity: { - additionalProperties: true, - optionalProperties: { - text: { type: 'string' }, - }, - }, - category: { type: 'string' }, - distribution: { - additionalProperties: true, - optionalProperties: { - text: { type: 'string' }, - }, - }, - notes: { - elements: { - additionalProperties: true, - optionalProperties: { - audience: { type: 'string' }, - text: { type: 'string' }, - title: { type: 'string' }, - }, - }, - }, - publisher: { - additionalProperties: true, - optionalProperties: { - issuing_authority: { type: 'string' }, - name: { type: 'string' }, - }, - }, - references: { - elements: { - additionalProperties: true, - optionalProperties: { - summary: { type: 'string' }, - }, - }, - }, - title: { type: 'string' }, - tracking: { - additionalProperties: true, - optionalProperties: { - aliases: { - elements: { - type: 'string', - }, - }, - generator: { - additionalProperties: true, - optionalProperties: { - engine: { - additionalProperties: true, - optionalProperties: { - name: { type: 'string' }, - }, - }, - }, - }, - revision_history: { - elements: { - additionalProperties: true, - optionalProperties: { - summary: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - }, - optionalProperties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - branches: { elements: { additionalProperties: true, properties: {} } }, - full_product_names: { - elements: { - additionalProperties: true, - optionalProperties: { - name: { type: 'string' }, - }, - }, - }, - relationships: { - elements: { - additionalProperties: true, - optionalProperties: { - full_product_name: { - additionalProperties: true, - optionalProperties: { - name: { type: 'string' }, - }, - }, - }, - }, - }, - product_groups: { - elements: { - additionalProperties: true, - optionalProperties: { - summary: { type: 'string' }, - }, - }, - }, - }, - }, - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - acknowledgments: { - elements: { - additionalProperties: true, - optionalProperties: { - names: { - elements: { - type: 'string', - }, - }, - organization: { type: 'string' }, - summary: { type: 'string' }, - }, - }, - }, - involvements: { - elements: { - additionalProperties: true, - optionalProperties: { - summary: { type: 'string' }, - }, - }, - }, - notes: { - elements: { - additionalProperties: true, - optionalProperties: { - audience: { type: 'string' }, - text: { type: 'string' }, - title: { type: 'string' }, - }, - }, - }, - references: { - elements: { - additionalProperties: true, - optionalProperties: { - summary: { type: 'string' }, - }, - }, - }, - remediations: { - elements: { - additionalProperties: true, - optionalProperties: { - entitlements: { - elements: { - type: 'string', - }, - }, - details: { type: 'string' }, - restart_required: { - additionalProperties: true, - optionalProperties: { - details: { type: 'string' }, - }, - }, - }, - }, - }, - threats: { - elements: { - additionalProperties: true, - optionalProperties: { - details: { type: 'string' }, - }, - }, - }, - title: { type: 'string' }, - }, - }, - }, - }, -}) -const validateInput = ajv.compile(inputSchema) - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - name: { type: 'string' }, - product: { - additionalProperties: true, - optionalProperties: { - name: { type: 'string' }, - }, - }, - }, -}) -const validateBranch = ajv.compile(branchSchema) - -/** - * @param {any} doc - * @param {object} [params] - * @param {typeof runHunspell} params.hunspell - */ -export default async function informativeTest_6_3_8( - doc, - params = { hunspell: runHunspell } -) { - const ctx = { - infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - const lang = bcp47.parse(doc.document.lang) - if (!lang?.langtag.language.language) return ctx - const dictionary = `${lang.langtag.language.language}${ - typeof lang.langtag.region === 'string' ? `_${lang.langtag.region}` : '' - }` - - for (const path of [ - '/document/acknowledgments[]/names[]', - '/document/acknowledgments[]/organization', - '/document/acknowledgments[]/summary', - '/document/aggregate_severity/text', - '/document/distribution/text', - '/document/notes[]/audience', - '/document/notes[]/text', - '/document/notes[]/title', - '/document/publisher/issuing_authority', - '/document/publisher/name', - '/document/references[]/summary', - '/document/title', - '/document/tracking/aliases[]', - '/document/tracking/generator/engine/name', - '/document/tracking/revision_history[]/summary', - '/product_tree/full_product_names[]/name', - '/product_tree/product_groups[]/summary', - '/product_tree/relationships[]/full_product_name/name', - '/vulnerabilities[]/acknowledgments[]/names[]', - '/vulnerabilities[]/acknowledgments[]/organization', - '/vulnerabilities[]/acknowledgments[]/summary', - '/vulnerabilities[]/involvements[]/summary', - '/vulnerabilities[]/notes[]/audience', - '/vulnerabilities[]/notes[]/text', - '/vulnerabilities[]/notes[]/title', - '/vulnerabilities[]/references[]/summary', - '/vulnerabilities[]/remediations[]/details', - '/vulnerabilities[]/remediations[]/entitlements[]', - '/vulnerabilities[]/remediations[]/restart_required/details', - '/vulnerabilities[]/threats[]/details', - '/vulnerabilities[]/title', - ]) { - await checkPath( - [], - path.split('/').slice(1), - doc, - async (instancePath, value) => { - await checkField(instancePath, value) - } - ) - } - - /** - * @param {string} prefix - * @param {unknown[]} branches - */ - const checkBranches = async (prefix, branches) => { - for (const [branchIndex, branch] of branches.entries()) { - if (!validateBranch(branch)) { - continue - } - - await checkField(`${prefix}${branchIndex}/name`, branch.name) - await checkField( - `${prefix}${branchIndex}/product/name`, - branch.product?.name - ) - await checkBranches( - `${prefix}${branchIndex}/branches/`, - Array.isArray(branch.branches) ? branch.branches : [] - ) - } - } - - await checkBranches( - '/product_tree/branches/', - doc.product_tree?.branches ?? [] - ) - - /** - * @param {string[]} reminder - * @param {string[]} path - * @param {any} value - * @param {(instancePath: string, value: string) => Promise} onCheck - */ - async function checkPath(reminder, path, value, onCheck) { - if (value == null) return - const nextKey = path[0] - - if (!nextKey) { - if (typeof value === 'string') { - await onCheck('/' + reminder.join('/'), value) - } - } else if (nextKey.endsWith('[]')) { - const arrayName = nextKey.split('[')[0] - const array = value[arrayName] - for (const [elementIndex, element] of array?.entries() ?? []) { - await checkPath( - [...reminder, arrayName, String(elementIndex)], - [...path.slice(1)], - element, - onCheck - ) - } - } else { - await checkPath( - [...reminder, nextKey], - path.slice(1), - value[nextKey], - onCheck - ) - } - } - - /** - * @param {string} instancePath - * @param {string} [text] - */ - async function checkField(instancePath, text) { - if (typeof text !== 'string') return - const result = await spellCheckString({ - text, - dictionary, - hunspell: params.hunspell, - }) - if (!result.ok) { - ctx.infos.push({ - instancePath, - message: `there are spelling mistakes in: ${result.mistakes - .map((m) => m.word) - .join(', ')}`, - }) - } - } - - return ctx -} - -/** - * @param {object} params - * @param {(params: { dictionary: string; input: string }) => Promise} params.hunspell - * @param {string} params.text - * @param {string} params.dictionary - */ -async function spellCheckString({ text, dictionary, hunspell }) { - /** @type {string} */ - const result = await hunspell({ dictionary, input: text }) - const lines = result.split('\n').slice(1) - const errors = lines - .filter((l) => l.startsWith('# ') || l.startsWith('& ')) - .map((l) => { - if (l.startsWith('& ')) { - const regex = new RegExp(/^& ([^\s]+)/) - const regexR = regex.exec(l) - if (!regexR) throw new Error('Error while parsing hunspell output') - return { word: regexR[1] } - } else { - const regex = new RegExp(/^# ([^\s]+)/) - const regexR = regex.exec(l) - if (!regexR) throw new Error('Error while parsing hunspell output') - return { word: regexR[1] } - } - }) - return { mistakes: errors, ok: !errors.length } -} - -/** - * @param {object} params - * @param {string} params.dictionary - * @param {string} params.input - * @returns - */ -async function runHunspell({ dictionary, input }) { - /** @type {string} */ - const result = await new Promise((resolve, reject) => { - const child = execFile('hunspell', ['-d', dictionary], (err, stdout) => { - if (err) return reject(err) - resolve(stdout) - }) - child.stdin?.end(input) - }) - return result -} diff --git a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_9.js b/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_9.js deleted file mode 100644 index 2f9eaee..0000000 --- a/csaf-validator-lib/lib/informativeTests/informativeTest_6_3_9.js +++ /dev/null @@ -1,126 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - branches: { elements: { additionalProperties: true, properties: {} } }, - }, - }, - }, -}) -const validateInput = ajv.compile(inputSchema) - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - category: { type: 'string' }, - branches: { elements: { additionalProperties: true, properties: {} } }, - product: { - additionalProperties: true, - optionalProperties: { - product_id: { type: 'string' }, - }, - }, - }, -}) -const validateBranch = ajv.compile(branchSchema) - -/** - * @param {unknown} doc - * @returns - */ -export default function informativeTest_6_3_9(doc) { - const ctx = { - infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - /** - * @param {string} prefix - * @param {unknown[]} branches - * @param {string[]} [productPath] - */ - const checkBranches = (prefix, branches, productPath = []) => { - const productPathCopy = [...productPath] - for (const [branchIndex, branch] of branches.entries()) { - if (!validateBranch(branch)) { - continue - } - - if (typeof branch.category === 'string') { - productPathCopy.push(branch.category) - } - if (branch.branches) { - checkBranches( - `${prefix}${branchIndex}/branches/`, - branch.branches, - productPathCopy - ) - } else { - if (typeof branch.product?.product_id === 'string') { - const mandatoryCategoryIndexes = [ - 'vendor', - 'product_name', - 'product_version', - ].map((category) => ({ - category, - index: productPathCopy.indexOf(category), - })) - - checkCategoryCompleteness(mandatoryCategoryIndexes, branchIndex) - checkCategoryOrder(mandatoryCategoryIndexes, branchIndex) - } - } - } - - /** - * @param {Array<{ index: number; category: string }>} mandatoryCategoryIndexes - * @param {number} branchIndex - */ - function checkCategoryCompleteness(mandatoryCategoryIndexes, branchIndex) { - for (const index of mandatoryCategoryIndexes) { - if (index.index === -1) { - ctx.infos.push({ - instancePath: `${prefix}${branchIndex}`, - message: `missing ancestor with category ${index.category}`, - }) - } - } - } - - /** - * @param {Array<{ index: number; category: string }>} mandatoryCategoryIndexes - * @param {number} branchIndex - */ - function checkCategoryOrder(mandatoryCategoryIndexes, branchIndex) { - const presentCategoryIndexes = mandatoryCategoryIndexes.filter( - (i) => i.index > -1 - ) - const sortedIndexes = presentCategoryIndexes - .slice() - .sort((a, z) => a.index - z.index) - for (const [i, sortedIndex] of sortedIndexes.entries()) { - if (sortedIndex.category !== presentCategoryIndexes[i].category) { - ctx.infos.push({ - instancePath: `${prefix}${branchIndex}`, - message: - 'order of ancestors with categories vendor, product_name, product_version is not correct', - }) - break - } - } - } - } - - checkBranches('/product_tree/branches/', doc.product_tree?.branches ?? []) - - return ctx -} diff --git a/csaf-validator-lib/lib/informativeTests/shared/testURL.js b/csaf-validator-lib/lib/informativeTests/shared/testURL.js deleted file mode 100644 index 433c6ed..0000000 --- a/csaf-validator-lib/lib/informativeTests/shared/testURL.js +++ /dev/null @@ -1,34 +0,0 @@ -import { createRequire } from 'module' -import { request } from 'undici' - -/** - * @type {{ - * name: string - * version: string - * }} - */ -const packageInfo = createRequire(import.meta.url)('../../../package.json') - -/** - * @param {string} url - * @param {() => void} onError - */ -export default async function testURL(url, onError) { - // set user-agent to csaf-validator-lib/VERSION - const userAgent = `${packageInfo.name.split('/').at(-1)}/${ - packageInfo.version - }` - try { - const res = await request(url, { - method: 'HEAD', - headers: { - 'User-Agent': userAgent, - }, - }) - if (res.statusCode < 200 || 400 <= res.statusCode) { - onError() - } - } catch (e) { - onError() - } -} diff --git a/csaf-validator-lib/lib/language_specific_translation/translations.js b/csaf-validator-lib/lib/language_specific_translation/translations.js deleted file mode 100644 index a944659..0000000 --- a/csaf-validator-lib/lib/language_specific_translation/translations.js +++ /dev/null @@ -1,17 +0,0 @@ -/** - * JavaScript version of JSON file: csaf_2.1/language_specific_translation/translations.json - */ -export default { - $schema: - 'https://raw.githubusercontent.com/oasis-tcs/csaf/master/csaf_2.1/test/language_specific_translation/translations_json_schema.json', - translation_version: '2.1', - translation: { - de: { - license: 'Lizenz', - product_description: 'Produktbeschreibung', - reasoning_for_supersession: 'Begründung für die Ersetzung', - reasoning_for_withdrawal: 'Begründung für die Zurückziehung', - superseding_document: 'Ersetzendes Dokument', - }, - }, -} diff --git a/csaf-validator-lib/lib/mandatoryTests.js b/csaf-validator-lib/lib/mandatoryTests.js deleted file mode 100644 index 43c46cd..0000000 --- a/csaf-validator-lib/lib/mandatoryTests.js +++ /dev/null @@ -1,43 +0,0 @@ -export { default as mandatoryTest_6_1_1 } from './mandatoryTests/mandatoryTest_6_1_1.js' -export { default as mandatoryTest_6_1_2 } from './mandatoryTests/mandatoryTest_6_1_2.js' -export { default as mandatoryTest_6_1_3 } from './mandatoryTests/mandatoryTest_6_1_3.js' -export { default as mandatoryTest_6_1_4 } from './mandatoryTests/mandatoryTest_6_1_4.js' -export { default as mandatoryTest_6_1_5 } from './mandatoryTests/mandatoryTest_6_1_5.js' -export { default as mandatoryTest_6_1_6 } from './mandatoryTests/mandatoryTest_6_1_6.js' -export { default as mandatoryTest_6_1_7 } from './mandatoryTests/mandatoryTest_6_1_7.js' -export { default as mandatoryTest_6_1_8 } from './mandatoryTests/mandatoryTest_6_1_8.js' -export { default as mandatoryTest_6_1_9 } from './mandatoryTests/mandatoryTest_6_1_9.js' -export { default as mandatoryTest_6_1_10 } from './mandatoryTests/mandatoryTest_6_1_10.js' -export { default as mandatoryTest_6_1_11 } from './mandatoryTests/mandatoryTest_6_1_11.js' -export { default as mandatoryTest_6_1_12 } from './mandatoryTests/mandatoryTest_6_1_12.js' -export { default as mandatoryTest_6_1_13 } from './mandatoryTests/mandatoryTest_6_1_13.js' -export { default as mandatoryTest_6_1_14 } from './mandatoryTests/mandatoryTest_6_1_14.js' -export { default as mandatoryTest_6_1_15 } from './mandatoryTests/mandatoryTest_6_1_15.js' -export { default as mandatoryTest_6_1_16 } from './mandatoryTests/mandatoryTest_6_1_16.js' -export { default as mandatoryTest_6_1_17 } from './mandatoryTests/mandatoryTest_6_1_17.js' -export { default as mandatoryTest_6_1_18 } from './mandatoryTests/mandatoryTest_6_1_18.js' -export { default as mandatoryTest_6_1_19 } from './mandatoryTests/mandatoryTest_6_1_19.js' -export { default as mandatoryTest_6_1_20 } from './mandatoryTests/mandatoryTest_6_1_20.js' -export { default as mandatoryTest_6_1_21 } from './mandatoryTests/mandatoryTest_6_1_21.js' -export { default as mandatoryTest_6_1_22 } from './mandatoryTests/mandatoryTest_6_1_22.js' -export { default as mandatoryTest_6_1_23 } from './mandatoryTests/mandatoryTest_6_1_23.js' -export { default as mandatoryTest_6_1_24 } from './mandatoryTests/mandatoryTest_6_1_24.js' -export { default as mandatoryTest_6_1_25 } from './mandatoryTests/mandatoryTest_6_1_25.js' -export { default as mandatoryTest_6_1_26 } from './mandatoryTests/mandatoryTest_6_1_26.js' -export { default as mandatoryTest_6_1_27_1 } from './mandatoryTests/mandatoryTest_6_1_27_1.js' -export { default as mandatoryTest_6_1_27_2 } from './mandatoryTests/mandatoryTest_6_1_27_2.js' -export { default as mandatoryTest_6_1_27_3 } from './mandatoryTests/mandatoryTest_6_1_27_3.js' -export { default as mandatoryTest_6_1_27_4 } from './mandatoryTests/mandatoryTest_6_1_27_4.js' -export { default as mandatoryTest_6_1_27_5 } from './mandatoryTests/mandatoryTest_6_1_27_5.js' -export { default as mandatoryTest_6_1_27_6 } from './mandatoryTests/mandatoryTest_6_1_27_6.js' -export { default as mandatoryTest_6_1_27_7 } from './mandatoryTests/mandatoryTest_6_1_27_7.js' -export { default as mandatoryTest_6_1_27_8 } from './mandatoryTests/mandatoryTest_6_1_27_8.js' -export { default as mandatoryTest_6_1_27_9 } from './mandatoryTests/mandatoryTest_6_1_27_9.js' -export { default as mandatoryTest_6_1_27_10 } from './mandatoryTests/mandatoryTest_6_1_27_10.js' -export { default as mandatoryTest_6_1_27_11 } from './mandatoryTests/mandatoryTest_6_1_27_11.js' -export { default as mandatoryTest_6_1_28 } from './mandatoryTests/mandatoryTest_6_1_28.js' -export { default as mandatoryTest_6_1_29 } from './mandatoryTests/mandatoryTest_6_1_29.js' -export { default as mandatoryTest_6_1_30 } from './mandatoryTests/mandatoryTest_6_1_30.js' -export { default as mandatoryTest_6_1_31 } from './mandatoryTests/mandatoryTest_6_1_31.js' -export { default as mandatoryTest_6_1_32 } from './mandatoryTests/mandatoryTest_6_1_32.js' -export { default as mandatoryTest_6_1_33 } from './mandatoryTests/mandatoryTest_6_1_33.js' diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_1.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_1.js deleted file mode 100644 index 0222721..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_1.js +++ /dev/null @@ -1,309 +0,0 @@ -import * as docUtils from './shared/docUtils.js' - -const { collectProductIds } = docUtils - -/** - * @typedef {Object} FullProductName - * @property {string} name - * @property {string} product_id - */ - -/** - * @typedef {Object} Branch - * @property {Array} branches - * @property {FullProductName} product - */ - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_1(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - const productIds = collectProductIds({ document: doc }) - const productIdRefs = collectProductIdRefs({ document: doc }) - const missingProductDefinitions = findMissingDefinitions( - productIds, - productIdRefs - ) - if (missingProductDefinitions.length > 0) { - isValid = false - missingProductDefinitions.forEach((missingProductDefinition) => { - errors.push({ - message: 'definition of product id missing', - instancePath: missingProductDefinition.instancePath, - }) - }) - } - return { isValid, errors } -} - -/** - * This method collects references to product ids and corresponding instancePaths in the given document and returns a result object. - * @param {any} document - * @returns {{id: string, instancePath: string}[]} - */ -function collectProductIdRefs({ document }) { - const entries = /** @type {{id: string, instancePath: string}[]} */ ([]) - - const productGroups = document.product_tree?.product_groups - if (productGroups) { - for (let i = 0; i < productGroups.length; ++i) { - const productGroup = productGroups[i] - const productIds = productGroup.product_ids - if (productIds) { - for (let j = 0; j < productIds.length; ++j) { - const productId = productIds[j] - if (productId) { - entries.push({ - id: productId, - instancePath: `/product_tree/product_groups/${i}/product_ids/${j}`, - }) - } - } - } - } - } - - const relationshipGroups = document.product_tree?.relationships - if (relationshipGroups) { - for (let i = 0; i < relationshipGroups.length; ++i) { - const relationshipGroup = relationshipGroups[i] - const productRef = relationshipGroup.product_reference - if (productRef) { - entries.push({ - id: productRef, - instancePath: `/product_tree/relationships/${i}/product_reference`, - }) - } - const relToProductRef = relationshipGroup.relates_to_product_reference - if (relToProductRef) { - entries.push({ - id: relToProductRef, - instancePath: `/product_tree/relationships/${i}/relates_to_product_reference`, - }) - } - } - } - - const vulnerabilities = document.vulnerabilities - if (vulnerabilities) { - for (let i = 0; i < vulnerabilities.length; ++i) { - const vulnerability = vulnerabilities[i] - collectRefsInProductStatus( - `/vulnerabilities/${i}/product_status`, - vulnerability, - entries - ) - collectProductRefsInRemediations( - `/vulnerabilities/${i}/remediations`, - vulnerability, - entries - ) - collectRefsInScores( - `/vulnerabilities/${i}/scores`, - vulnerability, - entries - ) - collectProductRefsInThreats( - `/vulnerabilities/${i}/threats`, - vulnerability, - entries - ) - collectProductRefsInFlags( - `/vulnerabilities/${i}/flags`, - vulnerability, - entries - ) - } - } - - return entries -} - -/** - * @param {string} instancePath - * @param {{product_status: any}} vulnerability - * @param {*} entries - */ -const collectRefsInProductStatus = (instancePath, vulnerability, entries) => { - findRefsInProductStatus( - vulnerability.product_status?.first_affected, - `${instancePath}/first_affected`, - entries - ) - findRefsInProductStatus( - vulnerability.product_status?.first_fixed, - `${instancePath}/first_fixed`, - entries - ) - findRefsInProductStatus( - vulnerability.product_status?.fixed, - `${instancePath}/fixed`, - entries - ) - findRefsInProductStatus( - vulnerability.product_status?.known_affected, - `${instancePath}/known_affected`, - entries - ) - findRefsInProductStatus( - vulnerability.product_status?.known_not_affected, - `${instancePath}/known_not_affected`, - entries - ) - findRefsInProductStatus( - vulnerability.product_status?.last_affected, - `${instancePath}/last_affected`, - entries - ) - findRefsInProductStatus( - vulnerability.product_status?.recommended, - `${instancePath}/recommended`, - entries - ) - findRefsInProductStatus( - vulnerability.product_status?.under_investigation, - `${instancePath}/under_investigation`, - entries - ) -} - -/** - * @param {string[]} refs - * @param {string} instancePath - * @param {{id: string, instancePath: string}[]} entries - */ -const findRefsInProductStatus = (refs, instancePath, entries) => { - if (refs) { - for (let i = 0; i < refs.length; ++i) { - const ref = refs[i] - if (ref) { - entries.push({ - id: ref, - instancePath: `${instancePath}/${i}`, - }) - } - } - } -} - -/** - * @param {string} instancePath - * @param {{threats: any}} vulnerability - * @param {*} entries - */ -const collectProductRefsInThreats = (instancePath, vulnerability, entries) => { - const threats = vulnerability.threats - if (threats) { - for (let i = 0; i < threats.length; ++i) { - const threat = threats[i] - const productIds = threat.product_ids - if (productIds) { - for (let j = 0; j < productIds.length; ++j) { - const productId = productIds[j] - if (productId) { - entries.push({ - id: productId, - instancePath: `${instancePath}/${i}/product_ids/${j}`, - }) - } - } - } - } - } -} - -/** - * @param {string} instancePath - * @param {{scores: any}} vulnerability - * @param {*} entries - */ -const collectRefsInScores = (instancePath, vulnerability, entries) => { - const scores = vulnerability.scores - if (scores) { - for (let i = 0; i < scores.length; ++i) { - const score = scores[i] - const products = score.products - if (products) { - for (let j = 0; j < products.length; ++j) { - const productId = products[j] - if (productId) { - entries.push({ - id: productId, - instancePath: `${instancePath}/${i}/products/${j}`, - }) - } - } - } - } - } -} - -/** - * @param {string} instancePath - * @param {{remediations: any}} vulnerability - * @param {*} entries - */ -const collectProductRefsInRemediations = ( - instancePath, - vulnerability, - entries -) => { - const remediations = vulnerability.remediations - if (remediations) { - for (let i = 0; i < remediations.length; ++i) { - const remediation = remediations[i] - const productIds = remediation.product_ids - if (productIds) { - for (let j = 0; j < productIds.length; ++j) { - const productId = productIds[j] - if (productId) { - entries.push({ - id: productId, - instancePath: `${instancePath}/${i}/product_ids/${j}`, - }) - } - } - } - } - } -} - -/** - * @param {string} instancePath - * @param {{flags: any}} vulnerability - * @param {*} entries - */ -const collectProductRefsInFlags = (instancePath, vulnerability, entries) => { - const flags = vulnerability.flags - if (flags) { - for (let i = 0; i < flags.length; ++i) { - const flag = flags[i] - const productIds = flag.product_ids - if (productIds) { - for (let j = 0; j < productIds.length; ++j) { - const productId = productIds[j] - if (productId) { - entries.push({ - id: productId, - instancePath: `${instancePath}/${i}/product_ids/${j}`, - }) - } - } - } - } - } -} - -/** - * @param {{id: string}[]} entries - * @param {{id: string, instancePath: string}[]} refs - */ -const findMissingDefinitions = (entries, refs) => { - return refs.filter( - (ref) => entries.find((e) => e.id === ref.id) === undefined - ) -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_10.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_10.js deleted file mode 100644 index 5ade24e..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_10.js +++ /dev/null @@ -1,112 +0,0 @@ -import * as cvss2 from '../shared/cvss2.js' -import * as cvss3 from '../shared/cvss3.js' - -const cvssV3VectorStringMapping = cvss3.mapping - -/** @type {ReadonlyArray]>} */ -const cvssV2VectorStringMapping = - /** @type {ReadonlyArray]>} */ ( - cvss2.mapping.map((mapping) => [ - mapping[0], - mapping[1], - Object.fromEntries( - Object.entries(mapping[2]).map(([key, value]) => [key, value.id]) - ), - ]) - ) - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_10(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - if (Array.isArray(doc.vulnerabilities)) { - /** @type {Array} */ - const vulnerabilities = doc.vulnerabilities - vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - if (!Array.isArray(vulnerability.scores)) return - /** @type {Array} */ - const scores = vulnerability.scores - scores.forEach((score, scoreIndex) => { - if (typeof score.cvss_v2?.vectorString === 'string') { - /** @type {Record} */ - const cvssV2 = score.cvss_v2 - const vectorString = /** @type {string} */ (cvssV2.vectorString) - - validateCVSSAttributes({ - vectorValues: vectorString.split('/'), - vectorMapping: cvssV2VectorStringMapping, - cvss: cvssV2, - onError({ attributeKey }) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/scores/${scoreIndex}/cvss_v2/${attributeKey}`, - message: 'value is not consistent with the vector string', - }) - }, - }) - } - - if ( - typeof score.cvss_v3?.vectorString === 'string' && - (score.cvss_v3.version === '3.1' || score.cvss_v3.version === '3.0') - ) { - /** @type {Record} */ - const cvssV3 = score.cvss_v3 - const vectorString = /** @type {string} */ (cvssV3.vectorString) - - validateCVSSAttributes({ - vectorValues: vectorString.split('/').slice(1), - vectorMapping: cvssV3VectorStringMapping, - cvss: cvssV3, - onError({ attributeKey }) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/scores/${scoreIndex}/cvss_v3/${attributeKey}`, - message: 'value is not consistent with the vector string', - }) - }, - }) - } - }) - }) - } - - return { errors, isValid } -} - -/** - * @param {object} params - * @param {string[]} params.vectorValues - * @param {ReadonlyArray} params.vectorMapping - * @param {Record} params.cvss - * @param {(params: { attributeKey: string }) => void} params.onError - */ -function validateCVSSAttributes({ - vectorValues, - vectorMapping, - cvss, - onError, -}) { - vectorValues.forEach((str) => { - const [key, value] = str.split(':') - const entry = vectorMapping.find((e) => e[1] === key) - if (!entry) return - const [attributeKey] = entry - - const attributeValue = cvss[attributeKey] - if (typeof attributeValue !== 'string') return - - const expectedAttributeValue = Object.entries(entry[2]).find( - (e) => e[1] === value - )?.[0] - if (typeof expectedAttributeValue !== 'string') return - - if (attributeValue !== expectedAttributeValue) { - onError({ attributeKey }) - } - }) -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_11.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_11.js deleted file mode 100644 index 34eb599..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_11.js +++ /dev/null @@ -1,68 +0,0 @@ -import cwec from '../shared/cwec.js' - -/** - * @typedef {Object} FullProductName - * @property {string} name - * @property {string} product_id - */ - -/** - * @typedef {Object} Branch - * @property {Array} branches - * @property {FullProductName} product - */ - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_11(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - if (hasVulnerabilities(doc)) { - for (let i = 0; i < doc.vulnerabilities.length; ++i) { - const vulnerability = doc.vulnerabilities[i] - if (vulnerabilityHasCWEFields(vulnerability)) { - const entry = cwec.weaknesses.find((w) => w.id === vulnerability.cwe.id) - if (!entry) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${i}/cwe/id`, - message: 'no weakness with this id is recognized', - }) - continue - } - if (entry.name !== vulnerability.cwe.name) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${i}/cwe/name`, - message: 'the name does not match the weakness with the given id', - }) - continue - } - } - } - } - - return { isValid, errors } -} - -/** - * @param {any} doc - * @returns {doc is { vulnerabilities: Array }} - */ -const hasVulnerabilities = (doc) => - doc && Array.isArray(doc.vulnerabilities) ? true : false - -/** - * @param {any} vulnerability - * @returns {vulnerability is { cwe: { id: string; name: string } }} - */ -const vulnerabilityHasCWEFields = (vulnerability) => - vulnerability && - vulnerability.cwe && - typeof vulnerability.cwe.id === 'string' && - typeof vulnerability.cwe.name === 'string' - ? true - : false diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_12.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_12.js deleted file mode 100644 index ffb280e..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_12.js +++ /dev/null @@ -1,46 +0,0 @@ -import bcpLanguageTagChecker from '../shared/bcpLanguageTagChecker.js' - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_12(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - if (hasLangField(doc) && !bcpLanguageTagChecker(doc.document.lang)) { - isValid = false - errors.push({ - message: 'is not a valid language-tag', - instancePath: '/document/lang', - }) - } - - if (hasSourceLangField(doc)) { - if (!bcpLanguageTagChecker(doc.document.source_lang)) { - isValid = false - errors.push({ - message: 'is not a valid language-tag', - instancePath: '/document/source_lang', - }) - } - } - - return { errors, isValid } -} - -/** - * @param {any} doc - * @returns {doc is { document: { lang: string } }} - */ -const hasLangField = (doc) => - doc && doc.document && typeof doc.document.lang === 'string' ? true : false - -/** - * @param {any} doc - * @returns {doc is { document: { source_lang: string } }} - */ -const hasSourceLangField = (doc) => - doc && doc.document && typeof doc.document.source_lang === 'string' - ? true - : false diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_13.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_13.js deleted file mode 100644 index c598290..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_13.js +++ /dev/null @@ -1,111 +0,0 @@ -import pkgURL from 'packageurl-js' - -const { PackageURL } = pkgURL - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_13(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - if (Array.isArray(doc.product_tree?.full_product_names)) { - doc.product_tree?.full_product_names.forEach( - ( - /** @type {any} */ fullProductName, - /** @type {number} */ fullProductNameIndex - ) => { - checkProductIdentificationHelperPURL( - fullProductName, - (errorMessage) => { - isValid = false - errors.push({ - instancePath: `/product_tree/full_product_names/${fullProductNameIndex}/product_identification_helper/purl`, - message: `invalid purl: ${errorMessage}`, - }) - } - ) - } - ) - } - - if (Array.isArray(doc.product_tree?.relationships)) { - doc.product_tree.relationships.forEach( - ( - /** @type {any} */ relationship, - /** @type {number} */ relationshipIndex - ) => { - checkProductIdentificationHelperPURL( - relationship.full_product_name, - (errorMessage) => { - isValid = false - errors.push({ - instancePath: `/product_tree/relationships/${relationshipIndex}/full_product_name/product_identification_helper/purl`, - message: `invalid purl: ${errorMessage}`, - }) - } - ) - } - ) - } - - if (doc.product_tree) { - checkBranchesForInvalidPURLs( - doc.product_tree, - ({ branchIndexes, errorMessage }) => { - isValid = false - const branchPathPart = branchIndexes.reduce( - (str, index) => `${str}/branches/${index}`, - '/product_tree' - ) - errors.push({ - instancePath: `${branchPathPart}/product/product_identification_helper/purl`, - message: `invalid purl: ${errorMessage}`, - }) - } - ) - } - - return { errors, isValid } -} - -/** - * - * @param {any} parent - * @param {(error: { branchIndexes: number[], errorMessage: string }) => void} onError - * @param {number[]} [branchIndexes] - */ -const checkBranchesForInvalidPURLs = (parent, onError, branchIndexes = []) => { - if (Array.isArray(parent.branches)) { - parent.branches.forEach( - (/** @type {any} */ branch, /** @type {number} */ branchIndex) => { - const currentBranchIndexes = branchIndexes.concat([branchIndex]) - - checkProductIdentificationHelperPURL(branch.product, (errorMessage) => { - onError({ - branchIndexes: currentBranchIndexes, - errorMessage, - }) - }) - checkBranchesForInvalidPURLs(branch, onError, currentBranchIndexes) - } - ) - } -} - -/** - * @param {any} productALike - * @param {(errorMessage: string) => void} onError - * @returns - */ -const checkProductIdentificationHelperPURL = (productALike, onError) => { - if (typeof productALike?.product_identification_helper?.purl !== 'string') - return - try { - PackageURL.fromString(productALike?.product_identification_helper?.purl) - } catch (e) { - const errorObject = /** @type {{message: string}} */ (e) - onError(errorObject?.message ?? 'Unknown purl error') - } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_14.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_14.js deleted file mode 100644 index 8f0091a..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_14.js +++ /dev/null @@ -1,52 +0,0 @@ -import semver from 'semver' -import { compareZonedDateTimes } from '../shared/dateHelper.js' -import * as docUtils from './shared/docUtils.js' - -const { gt, valid } = semver - -/** - * @param {unknown} doc - */ -export default function mandatoryTest_6_1_14(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - if (preconditionMatches(doc)) { - const sortedNumbers = Array.from( - new Set( - doc.document.tracking.revision_history - .slice() - .sort( - (a, z) => - compareZonedDateTimes(a.date, z.date) || - docUtils.compareVersions(z.number, a.number) - ) - .map((e) => valid(e.number) ?? `${e.number}.0.0`) - ).keys() - ).filter((n) => valid(n) !== null) - const isAscending = sortedNumbers.every( - (number, index, all) => index === 0 || gt(number, all[index - 1]) - ) - if (!isAscending) { - isValid = false - errors.push({ - instancePath: `/document/tracking/revision_history`, - message: 'the items must be in ascending order according to the date', - }) - } - } - - return { errors, isValid } -} - -/** - * @param {any} doc - * @returns {doc is { document: { tracking: { revision_history: Array<{ number: string; date: string }> } } }} - */ -const preconditionMatches = (doc) => - Array.isArray(doc?.document?.tracking?.revision_history) && - doc.document.tracking.revision_history.every( - (/** @type {any} */ r) => - typeof r.number === 'string' && typeof r.date === 'string' - ) diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_15.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_15.js deleted file mode 100644 index 8bbb5e5..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_15.js +++ /dev/null @@ -1,21 +0,0 @@ -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_15(doc) { - let isValid = true - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - - if ( - doc.document?.publisher?.category === 'translator' && - !doc.document.source_lang - ) { - isValid = false - errors.push({ - instancePath: '/document/source_lang', - message: 'source language attribute is missing', - }) - } - - return { isValid, errors } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_16.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_16.js deleted file mode 100644 index cb67aed..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_16.js +++ /dev/null @@ -1,55 +0,0 @@ -import { compareZonedDateTimes } from '../shared/dateHelper.js' -import * as docUtils from './shared/docUtils.js' - -const { - hasTrackingRevisionHistory, - hasTrackingVersionField, - hasTrackingStatusField, -} = docUtils - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_16(doc) { - let isValid = true - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - - if ( - hasTrackingRevisionHistory(doc) && - hasTrackingVersionField(doc) && - hasTrackingStatusField(doc) && - doc.document.tracking.revision_history.length > 0 - ) { - /** - * @param {string} version - * @returns - */ - const normalizeVersion = (version) => - doc.document.tracking.status == 'draft' - ? version.split(/[+-]/)[0] - : version.split('+')[0] - - if ( - normalizeVersion( - doc.document.tracking.revision_history - .slice() - .sort( - (a, z) => - compareZonedDateTimes( - /** @type {string} */ (z.date), - /** @type {string} */ (a.date) - ) || docUtils.compareVersions(a.number, z.number) - )[0].number - ) !== normalizeVersion(doc.document.tracking.version) - ) { - isValid = false - errors.push({ - message: 'version does not match latest revision', - instancePath: '/document/tracking/version', - }) - } - } - - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_17.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_17.js deleted file mode 100644 index f1d1db1..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_17.js +++ /dev/null @@ -1,32 +0,0 @@ -import semver from 'semver' -import * as docUtils from './shared/docUtils.js' - -const { valid, major, prerelease } = semver -const { hasTrackingVersionField, hasTrackingStatusField } = docUtils - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_17(doc) { - let isValid = true - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - - if ( - hasTrackingVersionField(doc) && - hasTrackingStatusField(doc) && - doc.document.tracking.status !== 'draft' && - (doc.document.tracking.version === '0' || - (valid(doc.document.tracking.version) && - (major(doc.document.tracking.version) === 0 || - prerelease(doc.document.tracking.version)))) - ) { - isValid = false - errors.push({ - message: 'the status is not compatible with the version', - instancePath: '/document/tracking/status', - }) - } - - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_18.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_18.js deleted file mode 100644 index 7d323aa..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_18.js +++ /dev/null @@ -1,38 +0,0 @@ -import semver from 'semver' -import * as docUtils from './shared/docUtils.js' - -const { valid, major } = semver -const { - hasTrackingVersionField, - hasTrackingStatusField, - hasTrackingRevisionHistory, -} = docUtils - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_18(doc) { - let isValid = true - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - - if ( - hasTrackingVersionField(doc) && - hasTrackingStatusField(doc) && - hasTrackingRevisionHistory(doc) && - (doc.document.tracking.status === 'final' || - doc.document.tracking.status === 'interim') && - doc.document.tracking.revision_history.some( - (h) => h.number === '0' || (valid(h.number) && major(h.number) === 0) - ) - ) { - isValid = false - errors.push({ - message: - 'some revision-history entries are not compatible with the status', - instancePath: '/document/tracking/status', - }) - } - - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_19.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_19.js deleted file mode 100644 index 1cabbc5..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_19.js +++ /dev/null @@ -1,37 +0,0 @@ -import semver from 'semver' -import * as docUtils from './shared/docUtils.js' - -const { valid, prerelease } = semver -const { - hasTrackingVersionField, - hasTrackingStatusField, - hasTrackingRevisionHistory, -} = docUtils - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_19(doc) { - let isValid = true - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - - if ( - hasTrackingVersionField(doc) && - hasTrackingStatusField(doc) && - hasTrackingRevisionHistory(doc) - ) { - for (let i = 0; i < doc.document.tracking.revision_history.length; ++i) { - const entry = doc.document.tracking.revision_history[i] - if (valid(entry.number) && prerelease(entry.number)) { - isValid = false - errors.push({ - message: 'contains prerelease part', - instancePath: `/document/tracking/revision_history/${i}/number`, - }) - } - } - } - - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_2.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_2.js deleted file mode 100644 index e6f69708..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_2.js +++ /dev/null @@ -1,122 +0,0 @@ -/** - * @typedef {Object} FullProductName - * @property {string} name - * @property {string} product_id - */ - -/** - * @typedef {Object} Branch - * @property {Array} branches - * @property {FullProductName} product - */ - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_2(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - const productIds = collectProductIds({ document: doc }) - const duplicateProductIds = findDuplicateEntries(productIds) - if (duplicateProductIds.length > 0) { - isValid = false - duplicateProductIds.forEach((duplicateProductId) => { - errors.push({ - message: 'duplicate definition product id', - instancePath: duplicateProductId.instancePath, - }) - }) - } - - return { isValid, errors } -} - -/** - * This method collects definitions of product ids and corresponding names and instancePaths in the given document and returns a result object. - * @param {any} document - * @returns {{id: string, name: string, instancePath: string}[]} - */ -function collectProductIds({ document }) { - const entries = - /** @type {{id: string, name: string, instancePath: string}[]} */ ([]) - - const fullProductNames = document.product_tree?.full_product_names - if (fullProductNames) { - for (let i = 0; i < fullProductNames.length; ++i) { - const fullProductName = fullProductNames[i] - if (fullProductName.product_id) { - entries.push({ - id: fullProductName.product_id, - name: fullProductName.name ?? '', - instancePath: `/product_tree/full_product_names/${i}/product_id`, - }) - } - } - } - - const relationships = document.product_tree?.relationships - if (relationships) { - for (let i = 0; i < relationships.length; ++i) { - const relationship = relationships[i] - const fullProductName = relationship.full_product_name - if (fullProductName) { - if (fullProductName.product_id) { - entries.push({ - id: fullProductName.product_id, - name: fullProductName.name ?? '', - instancePath: `/product_tree/relationships/${i}/full_product_name/product_id`, - }) - } - } - } - } - - const branches = document.product_tree?.branches - if (branches) { - traverseBranches(branches, entries, '/product_tree/branches') - } - - return entries -} - -/** - * @param {{id: string, name: string, instancePath: string}[]} entries - */ -const findDuplicateEntries = (entries) => { - const lookup = entries.reduce((/** @type {any} */ a, entry) => { - a[entry.id] = ++a[entry.id] || 0 - return a - }, {}) - - return entries.filter((entry) => lookup[entry.id]) -} - -/** - * @param {Array} branches - * @param {{id: string, name: string, instancePath: string}[]} entries - * @param {string} instancePath - */ -const traverseBranches = (branches, entries, instancePath) => { - for (let i = 0; i < branches.length; ++i) { - const branch = branches[i] - const branchInstancePath = `${instancePath}/${i}` - const fullProductName = branch.product - if (fullProductName) { - if (fullProductName.product_id) { - entries.push({ - id: fullProductName.product_id, - name: fullProductName.name ?? '', - instancePath: `${branchInstancePath}/product/product_id`, - }) - } - } - if (branch.branches) - traverseBranches( - branch.branches, - entries, - `${branchInstancePath}/branches` - ) - } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_20.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_20.js deleted file mode 100644 index 5be4df3..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_20.js +++ /dev/null @@ -1,31 +0,0 @@ -import semver from 'semver' -import * as docUtils from './shared/docUtils.js' - -const { valid, prerelease } = semver -const { hasTrackingVersionField, hasTrackingStatusField } = docUtils - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_20(doc) { - let isValid = true - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - - if ( - hasTrackingVersionField(doc) && - hasTrackingStatusField(doc) && - (doc.document.tracking.status === 'final' || - doc.document.tracking.status === 'interim') && - valid(doc.document.tracking.version) && - prerelease(doc.document.tracking.version) - ) { - isValid = false - errors.push({ - message: 'pre-release part is not allowed for status', - instancePath: `/document/tracking/version`, - }) - } - - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_21.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_21.js deleted file mode 100644 index c2b380c..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_21.js +++ /dev/null @@ -1,60 +0,0 @@ -import { compareZonedDateTimes } from '../shared/dateHelper.js' - -/** - * @param {unknown} doc - */ -export default function mandatoryTest_6_1_21(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - // 6.1.21 Missing Item in Revision History - if (preconditionFor_6_1_21_Matches(doc)) { - const sortedNumbers = Array.from( - new Set( - doc.document.tracking.revision_history - .slice() - .sort((a, z) => - compareZonedDateTimes( - /** @type {string} */ (a.date), - /** @type {string} */ (z.date) - ) - ) - .map((e) => - // By using `parseInt` here we can deal with numeric and semantic versions - parseInt(e.number) - ) - ).keys() - ) - if (sortedNumbers.length > 0 && ![0, 1].includes(sortedNumbers[0])) { - isValid = false - errors.push({ - instancePath: `/document/tracking/revision_history`, - message: `revision history does not start with a version of 0 or 1 when sorted by date`, - }) - } - for (let i = 0; i < sortedNumbers.length; ++i) { - const expectedVersionNumber = i + Number(sortedNumbers[0]) - if (sortedNumbers[i] > expectedVersionNumber) { - isValid = false - errors.push({ - instancePath: `/document/tracking/revision_history`, - message: `major version ${expectedVersionNumber} was omitted`, - }) - } - } - } - - return { errors, isValid } -} - -/** - * @param {any} doc - * @returns {doc is { document: { tracking: { revision_history: Array<{ number: string; date: string }> } } }} - */ -const preconditionFor_6_1_21_Matches = (doc) => - Array.isArray(doc?.document?.tracking?.revision_history) && - doc.document.tracking.revision_history.every( - (/** @type {any} */ r) => - typeof r.number === 'string' && typeof r.date === 'string' - ) diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_22.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_22.js deleted file mode 100644 index e62b2ea..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_22.js +++ /dev/null @@ -1,38 +0,0 @@ -import * as docUtils from './shared/docUtils.js' - -const { - hasTrackingVersionField, - hasTrackingStatusField, - hasTrackingRevisionHistory, -} = docUtils - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_22(doc) { - let isValid = true - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - - if ( - hasTrackingVersionField(doc) && - hasTrackingStatusField(doc) && - hasTrackingRevisionHistory(doc) - ) { - /** @type {Record} */ - let dupes = {} - doc.document.tracking.revision_history.forEach((item, index) => { - dupes[item.number] = dupes[item.number] ?? [] - dupes[item.number].push(index) - if (dupes[item.number].length > 1) { - isValid = false - errors.push({ - message: 'version was already used', - instancePath: `/document/tracking/revision_history/${index}/number`, - }) - } - }) - } - - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_23.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_23.js deleted file mode 100644 index 70ed7e4..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_23.js +++ /dev/null @@ -1,49 +0,0 @@ -/** - * @param {unknown} doc - */ -export default function mandatoryTest_6_1_23(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - // 6.1.23 Multiple Use of Same CVE - if (preconditionFor_6_1_23_Matches(doc)) { - /** @type {Set} */ - const cveStrings = new Set() - - doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - if (vulnerability.cve === undefined) return - if (cveStrings.has(vulnerability.cve)) { - isValid = false - errors.push({ - message: `CVE identifier was already used`, - instancePath: `/vulnerabilities/${vulnerabilityIndex}/cve`, - }) - } - cveStrings.add(vulnerability.cve) - }) - } - - return { errors, isValid } -} - -/** - * @param {unknown} rawDoc - * @returns {rawDoc is { - * vulnerabilities: Array<{ - * cve?: string - * }> - * }} - */ -const preconditionFor_6_1_23_Matches = (rawDoc) => { - if (typeof rawDoc !== 'object' || !rawDoc) return false - /** @type {{ vulnerabilities?: unknown }} */ - const doc = rawDoc - return ( - Array.isArray(doc.vulnerabilities) && - doc.vulnerabilities.every( - (vulnerability) => - typeof vulnerability.cve === 'string' || vulnerability.cve === undefined - ) - ) -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_24.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_24.js deleted file mode 100644 index 1bc0b1d..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_24.js +++ /dev/null @@ -1,69 +0,0 @@ -/** - * @param {unknown} doc - */ -export default function mandatoryTest_6_1_24(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - // 6.1.24 Definition in Involvements - if (preconditionFor_6_1_24_Matches(doc)) { - doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - /** @type {Map>} */ - const involvementMap = new Map() - vulnerability.involvements.forEach((involvement, involvementIndex) => { - if ( - typeof involvement.date === 'string' && - typeof involvement.party === 'string' - ) { - const set = involvementMap.get(involvement.date) ?? new Set() - if (set.has(`${involvement.party}`)) { - isValid = false - errors.push({ - message: `status for party was already given for the same date`, - instancePath: `/vulnerabilities/${vulnerabilityIndex}/involvements/${involvementIndex}`, - }) - } - set.add(`${involvement.party}`) - involvementMap.set(involvement.date, set) - } - }) - }) - } - - return { errors, isValid } -} - -/** - * @param {unknown} rawDoc - * @returns {rawDoc is { - * vulnerabilities: Array<{ - * involvements: Array<{ - * date?: string - * party?: string - * status?: string - * }> - * }> - * }} - */ -const preconditionFor_6_1_24_Matches = (rawDoc) => { - if (typeof rawDoc !== 'object' || !rawDoc) return false - /** @type {{ vulnerabilities?: unknown }} */ - const doc = rawDoc - return ( - Array.isArray(doc.vulnerabilities) && - doc.vulnerabilities.every( - (vulnerability) => - Array.isArray(vulnerability.involvements) && - vulnerability.involvements.every( - (/** @type {any} */ involvement) => - (typeof involvement.date === 'string' || - involvement.date === undefined) && - (typeof involvement.party === 'string' || - involvement.party === undefined) && - (typeof involvement.status === 'string' || - involvement.status === undefined) - ) - ) - ) -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_25.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_25.js deleted file mode 100644 index f2f8821..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_25.js +++ /dev/null @@ -1,154 +0,0 @@ -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_25(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - // 6.1.25 Multiple Use of Same Hash Algorithm - if (Array.isArray(doc.product_tree?.full_product_names)) { - doc.product_tree?.full_product_names.forEach( - ( - /** @type {any} */ fullProductName, - /** @type {number} */ fullProductNameIndex - ) => { - if ( - Array.isArray(fullProductName.product_identification_helper?.hashes) - ) { - fullProductName.product_identification_helper.hashes.forEach( - (/** @type {any} */ hash, /** @type {number} */ hashIndex) => { - checkDuplicateHashAlgorithms( - hash, - ({ fileHash, fileHashIndex }) => { - isValid = false - errors.push({ - instancePath: `/product_tree/full_product_names/${fullProductNameIndex}/product_identification_helper/hashes/${hashIndex}/file_hashes/${fileHashIndex}`, - message: `there is already a hash with the algorithm ${fileHash.algorithm}`, - }) - } - ) - } - ) - } - } - ) - } - - if (Array.isArray(doc.product_tree?.relationships)) { - doc.product_tree.relationships.forEach( - ( - /** @type {any} */ relationship, - /** @type {number} */ relationshipIndex - ) => { - if ( - Array.isArray( - relationship.full_product_name?.product_identification_helper - ?.hashes - ) - ) { - relationship.full_product_name.product_identification_helper.hashes.forEach( - (/** @type {any} */ hash, /** @type {number} */ hashIndex) => { - checkDuplicateHashAlgorithms( - hash, - ({ fileHash, fileHashIndex }) => { - isValid = false - errors.push({ - instancePath: `/product_tree/relationships/${relationshipIndex}/full_product_name/product_identification_helper/hashes/${hashIndex}/file_hashes/${fileHashIndex}`, - message: `there is already a hash with the algorithm ${fileHash.algorithm}`, - }) - } - ) - } - ) - } - } - ) - } - - if (doc.product_tree) { - checkBranchesForDuplicateHashAlgorithms( - doc.product_tree, - ({ branchIndexes, hashIndex, fileHashIndex, fileHash }) => { - isValid = false - const branchPathPart = branchIndexes.reduce( - (str, index) => `${str}/branches/${index}`, - '/product_tree' - ) - errors.push({ - instancePath: `${branchPathPart}/product/product_identification_helper/hashes/${hashIndex}/file_hashes/${fileHashIndex}`, - message: `there is already a hash with the algorithm ${fileHash.algorithm}`, - }) - } - ) - } - - return { errors, isValid } -} - -/** - * - * @param {any} parent - * @param {(error: { branchIndexes: number[]; hashIndex: number; fileHash: { algorithm: string }, fileHashIndex: number }) => void} onError - * @param {number[]} [branchIndexes] - */ -const checkBranchesForDuplicateHashAlgorithms = ( - parent, - onError, - branchIndexes = [] -) => { - if (Array.isArray(parent.branches)) { - parent.branches.forEach( - (/** @type {any} */ branch, /** @type {number} */ branchIndex) => { - const currentBranchIndexes = branchIndexes.concat([branchIndex]) - if ( - Array.isArray(branch.product?.product_identification_helper?.hashes) - ) { - branch.product.product_identification_helper.hashes.forEach( - (/** @type {any} */ hash, /** @type {number} */ hashIndex) => { - checkDuplicateHashAlgorithms( - hash, - ({ fileHash, fileHashIndex }) => { - onError({ - branchIndexes: currentBranchIndexes, - hashIndex, - fileHash, - fileHashIndex, - }) - } - ) - } - ) - } - checkBranchesForDuplicateHashAlgorithms( - branch, - onError, - currentBranchIndexes - ) - } - ) - } -} - -/** - * @param {any} hash - * @param {(error: { fileHash: { algorithm: string }, fileHashIndex: number }) => void} onError - * @returns - */ -const checkDuplicateHashAlgorithms = (hash, onError) => { - if (!Array.isArray(hash.file_hashes)) return - /** @type {Set} */ - const algorithmSet = new Set() - hash.file_hashes.forEach( - (/** @type {any} */ fileHash, /** @type {number} */ fileHashIndex) => { - if (fileHash.algorithm == null) return - if (algorithmSet.has(fileHash.algorithm)) { - onError({ - fileHash, - fileHashIndex, - }) - } - algorithmSet.add(fileHash.algorithm) - } - ) -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_26.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_26.js deleted file mode 100644 index 5f6feae..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_26.js +++ /dev/null @@ -1,59 +0,0 @@ -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_26(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - if (typeof doc.document?.category === 'string') { - /** @type {string} */ - const category = doc.document.category - const profileValues = [ - 'csaf_base', - 'csaf_security_incident_response', - 'csaf_informational_advisory', - 'csaf_security_advisory', - 'csaf_vex', - ] - const otherProfileValues = [ - 'securityincidentresponse', - 'informationaladvisory', - 'securityadvisory', - 'vex', - 'csafsecurityincidentresponse', - 'csafinformationaladvisory', - 'csafsecurityadvisory', - 'csafvex', - ] - - // Skip test if profile is not "CSAF Base" but one of the other profiles or matches exactly "csaf_base" - if (profileValues.includes(category)) return { errors, isValid } - - // Fail on reserved prefix - if (category.toLowerCase().startsWith('csaf_')) { - isValid = false - errors.push({ - instancePath: `/document/category`, - message: `reserved prefix used`, - }) - - return { errors, isValid } - } - - // Fail on name similarity - if ( - otherProfileValues.includes( - category.replaceAll(/[_\-\s]+/g, '').toLowerCase() - ) - ) { - isValid = false - errors.push({ - instancePath: `/document/category`, - message: `value prohibited`, - }) - } - } - - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_1.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_1.js deleted file mode 100644 index be282a8..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_1.js +++ /dev/null @@ -1,43 +0,0 @@ -/** - * @typedef {object} Note - * @property {unknown} category - */ - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_27_1(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - const checkedDocumentCategories = new Set([ - 'csaf_security_incident_response', - 'csaf_informational_advisory', - ]) - - if (!checkedDocumentCategories.has(doc.document?.category)) - return { errors, isValid } - - const mandatoryNoteCategories = new Set([ - 'description', - 'details', - 'general', - 'summary', - ]) - - isValid = - Array.isArray(doc.document?.notes) && - /** @type {Note[]} */ (doc.document.notes).some((n) => - mandatoryNoteCategories.has(/** @type {string} */ (n.category)) - ) - - if (!isValid) { - errors.push({ - instancePath: '/document/notes', - message: - 'need at least one document note with a category of description, details, general or summary', - }) - } - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_10.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_10.js deleted file mode 100644 index 102dc9c..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_10.js +++ /dev/null @@ -1,91 +0,0 @@ -/** - * @typedef {object} VulnerabilityProductStatus - * @property {unknown} known_affected - */ - -/** - * @typedef {object} Vulnerability - * @property {VulnerabilityProductStatus} [product_status] - * @property {unknown} remediations - */ - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_27_10(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - /** @type {unknown} */ - const vulnerabilities = doc.vulnerabilities - if (doc.document?.category !== 'csaf_vex' || !Array.isArray(vulnerabilities)) - return { errors, isValid } - - vulnerabilities.forEach( - ( - /** - * @type {Vulnerability | null} vulnerability - */ - vulnerability, - vulnerabilityIndex - ) => { - const productStatus = vulnerability?.product_status - if ( - !vulnerability || - !productStatus || - !Array.isArray(productStatus.known_affected) - ) - return - - productStatus.known_affected.forEach((productId, productIdIndex) => { - /** - * @typedef {object} Remediation - * @property {unknown} category - * @property {unknown} group_ids - * @property {unknown} product_ids - */ - - /** @type {(Remediation | null | undefined)[]} */ - const remediations = Array.isArray(vulnerability.remediations) - ? vulnerability.remediations - : [] - const hasMatchingRemediation = remediations.some((remediation) => { - if (!remediation) return false - - const remediationHasMatchingProduct = - Array.isArray(remediation.product_ids) && - remediation.product_ids.includes(productId) - if (remediationHasMatchingProduct) return true - - const productGroups = doc.product_tree?.product_groups - const remediationHasMatchingProductGroup = - Array.isArray(remediation.group_ids) && - Array.isArray(productGroups) && - remediation.group_ids.some((groupId) => { - /** @type {{ product_ids: unknown } | undefined} */ - const group = productGroups.find((g) => g.group_id === groupId) - return ( - group && - Array.isArray(group.product_ids) && - group.product_ids.includes(productId) - ) - }) - - if (remediationHasMatchingProductGroup) return true - return false - }) - - if (!hasMatchingRemediation) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/product_status/known_affected/${productIdIndex}`, - message: 'no suitable action statement found', - }) - } - }) - } - ) - - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_11.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_11.js deleted file mode 100644 index 671388c..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_11.js +++ /dev/null @@ -1,26 +0,0 @@ -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_27_11(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - const checkedDocumentCategories = new Set([ - 'csaf_security_advisory', - 'csaf_vex', - ]) - - if (!checkedDocumentCategories.has(doc.document?.category)) - return { errors, isValid } - - isValid = Boolean(doc.vulnerabilities) - - if (!isValid) { - errors.push({ - instancePath: '/', - message: 'needs vulnerabilities', - }) - } - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_2.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_2.js deleted file mode 100644 index da9e629..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_2.js +++ /dev/null @@ -1,38 +0,0 @@ -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_27_2(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - const checkedDocumentCategories = new Set([ - 'csaf_security_incident_response', - 'csaf_informational_advisory', - ]) - - if (!checkedDocumentCategories.has(doc.document?.category)) - return { errors, isValid } - - /** - * @typedef {object} Reference - * @property {unknown} category - */ - - const mandatoryReferenceCategories = new Set(['external']) - - isValid = - Array.isArray(doc.document?.references) && - /** @type {Reference[]} */ (doc.document.references).some((r) => - mandatoryReferenceCategories.has(/** @type {string} */ (r.category)) - ) - - if (!isValid) { - errors.push({ - instancePath: '/document/references', - message: - 'need at least one document reference with the category "external"', - }) - } - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_3.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_3.js deleted file mode 100644 index b90da66..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_3.js +++ /dev/null @@ -1,23 +0,0 @@ -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_27_3(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - const checkedDocumentCategories = new Set(['csaf_informational_advisory']) - - if (!checkedDocumentCategories.has(doc.document?.category)) - return { errors, isValid } - - isValid = doc.vulnerabilities === undefined - - if (!isValid) { - errors.push({ - instancePath: '/vulnerabilities', - message: 'must not exist', - }) - } - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_4.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_4.js deleted file mode 100644 index c557bc6..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_4.js +++ /dev/null @@ -1,26 +0,0 @@ -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_27_4(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - const checkedDocumentCategories = new Set([ - 'csaf_security_advisory', - 'csaf_vex', - ]) - - if (!checkedDocumentCategories.has(doc.document?.category)) - return { errors, isValid } - - isValid = Boolean(doc.product_tree) - - if (!isValid) { - errors.push({ - instancePath: '/', - message: 'needs a product_tree', - }) - } - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_5.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_5.js deleted file mode 100644 index e879a4a..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_5.js +++ /dev/null @@ -1,32 +0,0 @@ -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_27_5(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - const checkedDocumentCategories = new Set([ - 'csaf_security_advisory', - 'csaf_vex', - ]) - - if (!checkedDocumentCategories.has(doc.document?.category)) - return { errors, isValid } - - /** @type {unknown} */ - const vulnerabilities = doc.vulnerabilities - if (Array.isArray(vulnerabilities)) { - vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - if (!vulnerability.notes) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}`, - message: 'needs a `notes` attribute', - }) - } - }) - } - - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_6.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_6.js deleted file mode 100644 index 1377e18..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_6.js +++ /dev/null @@ -1,29 +0,0 @@ -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_27_6(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - const checkedDocumentCategories = new Set(['csaf_security_advisory']) - - if (!checkedDocumentCategories.has(doc.document?.category)) - return { errors, isValid } - - /** @type {unknown} */ - const vulnerabilities = doc.vulnerabilities - if (Array.isArray(vulnerabilities)) { - vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - if (!vulnerability.product_status) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}`, - message: 'needs a `product_status` attribute', - }) - } - }) - } - - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_7.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_7.js deleted file mode 100644 index 5cc2494..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_7.js +++ /dev/null @@ -1,48 +0,0 @@ -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_27_7(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - const checkedDocumentCategories = new Set(['csaf_vex']) - - if (!checkedDocumentCategories.has(doc.document?.category)) - return { errors, isValid } - - /** @type {unknown} */ - const vulnerabilities = doc.vulnerabilities - if (Array.isArray(vulnerabilities)) { - vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - if (!vulnerability.product_status) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}`, - message: 'needs a `product_status` attribute', - }) - return - } - const neededArrays = [ - 'fixed', - 'known_affected', - 'known_not_affected', - 'under_investigation', - ] - if ( - !neededArrays.some((p) => - Array.isArray(vulnerability.product_status[p]) - ) - ) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/product_status`, - message: - 'needs at least one the following attributes: `fixed`, `known_affected`, `known_not_affected`, `under_investigation`', - }) - } - }) - } - - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_8.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_8.js deleted file mode 100644 index 6ec57ca..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_8.js +++ /dev/null @@ -1,29 +0,0 @@ -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_27_8(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - const checkedDocumentCategories = new Set(['csaf_vex']) - - if (!checkedDocumentCategories.has(doc.document?.category)) - return { errors, isValid } - - /** @type {unknown} */ - const vulnerabilities = doc.vulnerabilities - if (Array.isArray(vulnerabilities)) { - vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - if (['ids', 'cve'].every((p) => vulnerability[p] === undefined)) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}`, - message: 'needs at least one the following attributes: `ids`, `cve`', - }) - } - }) - } - - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_9.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_9.js deleted file mode 100644 index c221151..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_27_9.js +++ /dev/null @@ -1,129 +0,0 @@ -/** - * @typedef {object} VulnerabilityProductStatus - * @property {unknown} known_not_affected - */ - -/** - * @typedef {object} Vulnerability - * @property {unknown} flags - * @property {VulnerabilityProductStatus} [product_status] - * @property {unknown} threats - */ - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_27_9(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - /** @type {unknown} */ - const vulnerabilities = doc.vulnerabilities - if (doc.document?.category !== 'csaf_vex' || !Array.isArray(vulnerabilities)) - return { errors, isValid } - - vulnerabilities.forEach( - ( - /** - * @type {Vulnerability | null} vulnerability - */ - vulnerability, - vulnerabilityIndex - ) => { - const productStatus = vulnerability?.product_status - if ( - !vulnerability || - !productStatus || - !Array.isArray(productStatus.known_not_affected) - ) - return - - productStatus.known_not_affected.forEach((productId, productIdIndex) => { - /** - * @typedef {object} Threat - * @property {unknown} category - * @property {unknown} group_ids - * @property {unknown} product_ids - */ - - /** @type {(Threat | null)[]} */ - const threats = Array.isArray(vulnerability.threats) - ? vulnerability.threats - : [] - const hasMatchingThreat = threats.some((threat) => { - if (!threat || threat.category !== 'impact') return false - - const threatHasMatchingProduct = - Array.isArray(threat.product_ids) && - threat.product_ids.includes(productId) - if (threatHasMatchingProduct) return true - - const productGroups = doc.product_tree?.product_groups - const threatHasMatchingProductGroup = - Array.isArray(threat.group_ids) && - Array.isArray(productGroups) && - threat.group_ids.some((groupId) => { - /** @type {{ product_ids: unknown } | undefined} */ - const group = productGroups.find((g) => g.group_id === groupId) - return ( - group && - Array.isArray(group.product_ids) && - group.product_ids.includes(productId) - ) - }) - - if (threatHasMatchingProductGroup) return true - return false - }) - - /** - * @typedef {object} Flag - * @property {unknown} label - * @property {unknown} group_ids - * @property {unknown} product_ids - */ - - /** @type {(Flag | null)[]} */ - const flags = Array.isArray(vulnerability.flags) - ? vulnerability.flags - : [] - const hasMatchingFlag = flags.some((flag) => { - if (!flag) return false - - const flagHasMatchingProduct = - Array.isArray(flag.product_ids) && - flag.product_ids.includes(productId) - if (flagHasMatchingProduct) return true - - const productGroups = doc.product_tree?.product_groups - const flagHasMatchingProductGroup = - Array.isArray(flag.group_ids) && - Array.isArray(productGroups) && - flag.group_ids.some((groupId) => { - /** @type {{ product_ids: unknown } | undefined} */ - const group = productGroups.find((g) => g.group_id === groupId) - return ( - group && - Array.isArray(group.product_ids) && - group.product_ids.includes(productId) - ) - }) - - if (flagHasMatchingProductGroup) return true - return false - }) - - if (!hasMatchingThreat && !hasMatchingFlag) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/product_status/known_not_affected/${productIdIndex}`, - message: 'no suitable impact statement found', - }) - } - }) - } - ) - - return { errors, isValid } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_28.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_28.js deleted file mode 100644 index 9e90946..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_28.js +++ /dev/null @@ -1,28 +0,0 @@ -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_28(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - if ( - typeof doc.document?.source_lang === 'string' && - typeof doc.document?.lang === 'string' && - doc.document.source_lang === doc.document.lang - ) { - isValid = false - errors.push( - { - instancePath: `/document/lang`, - message: 'is the same as `/document/source_lang`', - }, - { - instancePath: `/document/source_lang`, - message: 'is the same as `/document/lang`', - } - ) - } - - return { isValid, errors } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_29.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_29.js deleted file mode 100644 index bc51fa9..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_29.js +++ /dev/null @@ -1,56 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - properties: { - remediations: { - elements: { - additionalProperties: true, - optionalProperties: { - group_ids: { elements: { type: 'string' } }, - product_ids: { elements: { type: 'string' } }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_29(doc) { - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) { - return ctx - } - - doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - vulnerability.remediations.forEach((remediation, remediationIndex) => { - if (!remediation.group_ids && !remediation.product_ids) { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/remediations/${remediationIndex}`, - message: 'remediation without product reference', - }) - } - }) - }) - - return ctx -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_3.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_3.js deleted file mode 100644 index e2bbc33..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_3.js +++ /dev/null @@ -1,94 +0,0 @@ -/** - * @typedef {object} FullProductName - * @property {unknown} product_id - */ - -/** - * @typedef {object} Relationship - * @property {unknown} relates_to_product_reference - * @property {unknown} product_reference - * @property {FullProductName | null} [full_product_name] - */ - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_3(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - if (!Array.isArray(doc.product_tree?.relationships)) { - return { isValid, errors } - } - - /** @type {Array} */ - const relationships = doc.product_tree.relationships - - relationships.forEach((_, index) => { - /** @type {Set} */ - const erroredAttributeSet = new Set() - search([], relationships, index, null, ({ key }) => { - if (typeof key === 'string' && !erroredAttributeSet.has(key)) { - erroredAttributeSet.add(key) - isValid = false - errors.push({ - instancePath: `/product_tree/relationships/${index}/${key}`, - message: 'circular reference', - }) - } - }) - }) - - return { isValid, errors } -} - -/** - * @param {number[]} path - * @param {Relationship[]} relationships - * @param {number} index - * @param {string | null} key - * @param {(params: { key: string | null }) => void} onCycle - * @returns - */ -function search(path, relationships, index, key, onCycle) { - const relationship = relationships[index] - if ( - typeof relationship.full_product_name?.product_id === 'string' && - path.includes(index) - ) { - return onCycle({ key }) - } - - if (typeof relationship.product_reference === 'string') { - const productRelationshipIndex = relationships.findIndex( - (r) => r.full_product_name?.product_id === relationship.product_reference - ) - if (productRelationshipIndex !== -1) { - search( - [...path, index], - relationships, - productRelationshipIndex, - key ?? 'product_reference', - onCycle - ) - } - } - - if (typeof relationship.relates_to_product_reference === 'string') { - const relatesToProductRelationshipIndex = relationships.findIndex( - (r) => - r.full_product_name?.product_id === - relationship.relates_to_product_reference - ) - if (relatesToProductRelationshipIndex !== -1) { - search( - [...path, index], - relationships, - relatesToProductRelationshipIndex, - key ?? 'relates_to_product_reference', - onCycle - ) - } - } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_30.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_30.js deleted file mode 100644 index 626d8c1..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_30.js +++ /dev/null @@ -1,89 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - tracking: { - additionalProperties: true, - optionalProperties: { - revision_history: { - elements: { - additionalProperties: true, - optionalProperties: { - number: { type: 'string' }, - }, - }, - }, - version: { type: 'string' }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_30(doc) { - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) { - return ctx - } - - /** @type {'SEMANTIC' | 'INTEGER' | null} */ - let versioningSchema = null - doc.document.tracking.revision_history?.forEach((revision, revisionIndex) => { - if (typeof revision.number === 'string') { - const revisionNumberVersioningSchema = detectVersionSchema( - revision.number - ) - if (versioningSchema === null) { - versioningSchema = revisionNumberVersioningSchema - } - if (versioningSchema !== revisionNumberVersioningSchema) { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/document/tracking/revision_history/${revisionIndex}/number`, - message: 'mixed integer and semantic versioning', - }) - } - } - }) - if ( - versioningSchema != null && - typeof doc.document.tracking.version === 'string' - ) { - if ( - versioningSchema !== detectVersionSchema(doc.document.tracking.version) - ) { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/document/tracking/version`, - message: 'mixed integer and semantic versioning', - }) - } - } - - return ctx -} - -/** - * @param {string} version - */ -function detectVersionSchema(version) { - if (parseInt(version).toString() === version) return 'INTEGER' - return 'SEMANTIC' -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_31.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_31.js deleted file mode 100644 index 2673d68..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_31.js +++ /dev/null @@ -1,106 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - product_tree: { - additionalProperties: true, - properties: { - branches: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, - }, -}) - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - category: { type: 'string' }, - name: { type: 'string' }, - branches: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) -const validateBranch = ajv.compile(branchSchema) - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_31(doc) { - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) { - return ctx - } - - /** - * @param {object} params - * @param {string} params.path - * @param {unknown[]} params.branches - */ - function checkBranches({ path, branches }) { - branches.forEach((branch, branchIndex) => { - if (validateBranch(branch)) { - if ( - branch.category === 'product_version' && - typeof branch.name === 'string' && - (['<', '<=', '>', '>='].some((str) => - branch.name?.toLowerCase().includes(str) - ) || - [ - 'after', - 'all', - 'before', - 'earlier', - 'later', - 'prior', - 'versions', - ].some((str) => - branch.name - ?.toLowerCase() - .split(/\s/) - .some((word) => { - return str === word - }) - )) - ) { - ctx.isValid = false - ctx.errors.push({ - instancePath: `${path}/${branchIndex}/name`, - message: 'version range in product version', - }) - } - if (Array.isArray(branch.branches)) { - checkBranches({ - path: `${path}/${branchIndex}/branches`, - branches: branch.branches, - }) - } - } - }) - } - - checkBranches({ - path: '/product_tree/branches', - branches: doc.product_tree.branches, - }) - - return ctx -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_32.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_32.js deleted file mode 100644 index 6e5bdd6..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_32.js +++ /dev/null @@ -1,56 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - properties: { - flags: { - elements: { - additionalProperties: true, - optionalProperties: { - group_ids: { elements: { type: 'string' } }, - product_ids: { elements: { type: 'string' } }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_32(doc) { - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) { - return ctx - } - - doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - vulnerability.flags.forEach((flag, flagIndex) => { - if (!flag.group_ids && !flag.product_ids) { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/flags/${flagIndex}`, - message: 'flag without product reference', - }) - } - }) - }) - - return ctx -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_33.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_33.js deleted file mode 100644 index 79c3b06..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_33.js +++ /dev/null @@ -1,97 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - product_groups: { - elements: { - optionalProperties: { - group_id: { type: 'string' }, - product_ids: { - elements: { type: 'string' }, - }, - }, - }, - }, - }, - }, - vulnerabilities: { - elements: { - additionalProperties: true, - properties: { - flags: { - elements: { - additionalProperties: true, - optionalProperties: { - group_ids: { elements: { type: 'string' } }, - product_ids: { elements: { type: 'string' } }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_33(doc) { - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) { - return ctx - } - - doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - /** @type {Set} */ - const productIDsWithVexJustificationCode = new Set() - - vulnerability.flags.forEach((flag, flagIndex) => { - let flagReported = false - - function error() { - if (!flagReported) { - ctx.isValid = false - ctx.errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/flags/${flagIndex}`, - message: 'multiple flags with vex justification codes per product', - }) - } - flagReported = true - } - - flag.product_ids?.forEach((productID) => { - if (productIDsWithVexJustificationCode.has(productID)) { - error() - } - productIDsWithVexJustificationCode.add(productID) - }) - flag.group_ids?.forEach((groupID) => { - const productIDs = doc.product_tree.product_groups?.find( - (group) => group.group_id === groupID - )?.product_ids - productIDs?.forEach((productID) => { - if (productIDsWithVexJustificationCode.has(productID)) { - error() - } - productIDsWithVexJustificationCode.add(productID) - }) - }) - }) - }) - - return ctx -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_4.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_4.js deleted file mode 100644 index 8681951..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_4.js +++ /dev/null @@ -1,154 +0,0 @@ -import * as docUtils from './shared/docUtils.js' - -const { findMissingDefinitions, collectGroupIds } = docUtils - -/** - * @typedef {Object} FullProductName - * @property {string} name - * @property {string} product_id - */ - -/** - * @typedef {Object} Branch - * @property {Array} branches - * @property {FullProductName} product - */ - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_4(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - const groupIds = collectGroupIds({ document: doc }) - const groupIdRefs = collectGroupIdRefs({ document: doc }) - const missingGroupDefinitions = findMissingDefinitions(groupIds, groupIdRefs) - if (missingGroupDefinitions.length > 0) { - isValid = false - missingGroupDefinitions.forEach((missingGroupDefinition) => { - errors.push({ - message: 'definition of group id missing', - instancePath: missingGroupDefinition.instancePath, - }) - }) - } - - return { isValid, errors } -} - -/** - * This method collects references to group ids and corresponding instancePaths in the given document and returns a result object. - * @param {any} document - * @returns {{id: string, instancePath: string}[]} - */ -function collectGroupIdRefs({ document }) { - const entries = /** @type {{id: string, instancePath: string}[]} */ ([]) - - const vulnerabilities = document.vulnerabilities - if (vulnerabilities) { - for (let i = 0; i < vulnerabilities.length; ++i) { - const vulnerability = vulnerabilities[i] - collectGroupRefsInRemediations( - `/vulnerabilities/${i}/remediations`, - vulnerability, - entries - ) - collectGroupRefsInThreats( - `/vulnerabilities/${i}/threats`, - vulnerability, - entries - ) - collectGroupRefsInFlags( - `/vulnerabilities/${i}/flags`, - vulnerability, - entries - ) - } - } - - return entries -} - -/** - * @param {string} instancePath - * @param {{remediations: any}} vulnerability - * @param {*} entries - */ -const collectGroupRefsInRemediations = ( - instancePath, - vulnerability, - entries -) => { - const remediations = vulnerability.remediations - if (remediations) { - for (let i = 0; i < remediations.length; ++i) { - const remediation = remediations[i] - const groupIds = remediation.group_ids - if (groupIds) { - for (let j = 0; j < groupIds.length; ++j) { - const groupId = groupIds[j] - if (groupId) { - entries.push({ - id: groupId, - instancePath: `${instancePath}/${i}/group_ids/${j}`, - }) - } - } - } - } - } -} - -/** - * @param {string} instancePath - * @param {{threats: any}} vulnerability - * @param {*} entries - */ -const collectGroupRefsInThreats = (instancePath, vulnerability, entries) => { - const threats = vulnerability.threats - if (threats) { - for (let i = 0; i < threats.length; ++i) { - const threat = threats[i] - const groupIds = threat.group_ids - if (groupIds) { - for (let j = 0; j < groupIds.length; ++j) { - const groupId = groupIds[j] - if (groupId) { - entries.push({ - id: groupId, - instancePath: `${instancePath}/${i}/group_ids/${j}`, - }) - } - } - } - } - } -} - -/** - * @param {string} instancePath - * @param {{flags: any}} vulnerability - * @param {*} entries - */ -const collectGroupRefsInFlags = (instancePath, vulnerability, entries) => { - const flags = vulnerability.flags - if (flags) { - for (let i = 0; i < flags.length; ++i) { - const flag = flags[i] - const groupIds = flag.group_ids - if (groupIds) { - for (let j = 0; j < groupIds.length; ++j) { - const groupId = groupIds[j] - if (groupId) { - entries.push({ - id: groupId, - instancePath: `${instancePath}/${i}/group_ids/${j}`, - }) - } - } - } - } - } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_5.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_5.js deleted file mode 100644 index 16bf4e0..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_5.js +++ /dev/null @@ -1,101 +0,0 @@ -/** - * @typedef {Object} FullProductName - * @property {string} name - * @property {string} product_id - */ - -/** - * @typedef {Object} Branch - * @property {Array} branches - * @property {FullProductName} product - */ - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_5(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - const groupIds = collectGroupIds({ document: doc }) - const duplicateGroupIds = findDuplicateEntries(groupIds) - if (duplicateGroupIds.length > 0) { - isValid = false - duplicateGroupIds.forEach((duplicateEntry) => { - errors.push({ - message: 'duplicate definition product group id', - instancePath: duplicateEntry.instancePath, - }) - }) - } - - return { isValid, errors } -} - -/** - * This method collects group ids and corresponding instancePaths in the given document and returns a result object. - * - * @param {any} document - * @returns {{id: string, name: string, instancePath: string}[]} - */ -function collectGroupIds({ document }) { - const entries = - /** @type {{id: string, name: string, instancePath: string}[]} */ ([]) - - const productGroups = document.product_tree?.product_groups - if (productGroups) { - for (let i = 0; i < productGroups.length; ++i) { - const productGroup = productGroups[i] - if (productGroup.group_id) { - entries.push({ - id: productGroup.group_id, - name: productGroup.summary ?? '', - instancePath: `/product_tree/product_groups/${i}/group_id`, - }) - } - } - } - - return entries -} - -/** - * @param {{id: string, name: string, instancePath: string}[]} entries - */ -const findDuplicateEntries = (entries) => { - const lookup = entries.reduce((/** @type {any} */ a, entry) => { - a[entry.id] = ++a[entry.id] || 0 - return a - }, {}) - - return entries.filter((entry) => lookup[entry.id]) -} - -/** - * @param {Array} branches - * @param {{id: string, name: string, instancePath: string}[]} entries - * @param {string} instancePath - */ -const traverseBranches = (branches, entries, instancePath) => { - for (let i = 0; i < branches.length; ++i) { - const branch = branches[i] - const branchInstancePath = `${instancePath}/${i}` - const fullProductName = branch.product - if (fullProductName) { - if (fullProductName.product_id) { - entries.push({ - id: fullProductName.product_id, - name: fullProductName.name ?? '', - instancePath: `${branchInstancePath}/product/product_id`, - }) - } - } - if (branch.branches) - traverseBranches( - branch.branches, - entries, - `${branchInstancePath}/branches` - ) - } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_6.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_6.js deleted file mode 100644 index 8a4b928..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_6.js +++ /dev/null @@ -1,73 +0,0 @@ -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_6(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - if (Array.isArray(doc.vulnerabilities)) { - /** @type {Array} */ - const vulnerabilities = doc.vulnerabilities - vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - const productStatus = vulnerability.product_status - if (!productStatus) return - const groups = [ - new Set( - [] - .concat( - Array.isArray(productStatus.first_affected) - ? productStatus.first_affected - : [] - ) - .concat( - Array.isArray(productStatus.known_affected) - ? productStatus.known_affected - : [] - ) - .concat( - Array.isArray(productStatus.last_affected) - ? productStatus.last_affected - : [] - ) - ), - new Set( - Array.isArray(productStatus.known_not_affected) - ? productStatus.known_not_affected - : [] - ), - new Set( - [] - .concat( - Array.isArray(productStatus.first_fixed) - ? productStatus.first_fixed - : [] - ) - .concat( - Array.isArray(productStatus.fixed) ? productStatus.fixed : [] - ) - ), - new Set( - Array.isArray(productStatus.under_investigation) - ? productStatus.under_investigation - : [] - ), - ] - - groups.forEach((group, index) => { - const remainingGroups = groups.slice(index + 1) - group.forEach((productID) => { - if (remainingGroups.some((g) => g.has(productID))) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/product_status`, - message: `product id "${productID}" is mentioned in contradicting product status groups`, - }) - } - }) - }) - }) - } - - return { isValid, errors } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_7.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_7.js deleted file mode 100644 index 9ec3db0..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_7.js +++ /dev/null @@ -1,88 +0,0 @@ -/** - * - * @param {unknown} doc - */ -export default function mandatoryTest_6_1_7(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - // 6.1.7 Multiple Scores with same Version per Product - if (preconditionFor_6_1_7_Matches(doc)) { - doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - /** @type {Map>} */ - const cvssVersionsByProductName = new Map() - - vulnerability.scores?.forEach((score, scoreIndex) => { - score.products?.forEach((product, productIndex) => { - const versionSet = cvssVersionsByProductName.get(product) ?? new Set() - cvssVersionsByProductName.set(product, versionSet) - - if ( - (score.cvss_v2?.version !== undefined && - versionSet.has(score.cvss_v2.version)) || - (score.cvss_v3?.version !== undefined && - versionSet.has(score.cvss_v3.version)) - ) { - isValid = false - errors.push({ - message: `product is already included in these cvss-versions: ${Array.from( - versionSet.keys() - ).join(', ')}`, - instancePath: `/vulnerabilities/${vulnerabilityIndex}/scores/${scoreIndex}/products/${productIndex}`, - }) - } - if (score.cvss_v2?.version !== undefined) { - versionSet.add(score.cvss_v2.version) - } - if (score.cvss_v3?.version !== undefined) { - versionSet.add(score.cvss_v3.version) - } - }) - }) - }) - } - - return { errors, isValid } -} - -/** - * @param {unknown} rawDoc - * @returns {rawDoc is { - * vulnerabilities: Array<{ - * scores?: Array<{ - * products?: string[] - * cvss_v3?: { version?: string } - * cvss_v2?: { version?: string } - * }> - * }> - * }} - */ -const preconditionFor_6_1_7_Matches = (rawDoc) => { - if (typeof rawDoc !== 'object' || !rawDoc) return false - /** @type {{ vulnerabilities?: unknown }} */ - const doc = rawDoc - return ( - Array.isArray(doc.vulnerabilities) && - doc.vulnerabilities.every( - (vulnerability) => - (Array.isArray(vulnerability.scores) && - vulnerability.scores.every( - ( - /** @type {{ products?: unknown; cvss_v2?: any; cvss_v3?: any }} */ score - ) => - Array.isArray(score.products) && - score.products.every((product) => typeof product === 'string') && - ((score.cvss_v2 && - (typeof score.cvss_v2.version === 'string' || - score.cvss_v2.version === undefined)) || - score.cvss_v2 === undefined) && - ((score.cvss_v3 && - (typeof score.cvss_v3.version === 'string' || - score.cvss_v3.version === undefined)) || - score.cvss_v3 === undefined) - )) || - vulnerability.scores === undefined - ) - ) -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_8.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_8.js deleted file mode 100644 index b848866..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_8.js +++ /dev/null @@ -1,98 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import csafAjv from '../shared/csafAjv.js' - -const jtdAjv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - scores: { - elements: { - additionalProperties: true, - optionalProperties: { - cvss_v2: { - additionalProperties: true, - properties: {}, - }, - cvss_v3: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = jtdAjv.compile(inputSchema) - -const validate_2_0 = csafAjv.compile({ - $ref: 'https://www.first.org/cvss/cvss-v2.0.json', -}) - -const validate_3 = csafAjv.compile({ - oneOf: [ - { - $ref: 'https://www.first.org/cvss/cvss-v3.0.json', - }, - { - $ref: 'https://www.first.org/cvss/cvss-v3.1.json', - }, - ], -}) - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_8(doc) { - const ctx = { - errors: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - isValid: true, - } - - if (!validate(doc)) { - return ctx - } - - for (const [ - vulnerabilityIndex, - vulnerability, - ] of doc.vulnerabilities?.entries() ?? []) { - for (const [scoreIndex, score] of vulnerability.scores?.entries() ?? []) { - if (score.cvss_v2) { - const valid = validate_2_0(score.cvss_v2) - if (!valid) { - ctx.isValid = false - for (const err of validate_2_0.errors ?? []) { - ctx.errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/scores/${scoreIndex}/cvss_v2${err.instancePath}`, - message: err.message ?? '', - }) - } - } - } - if (score.cvss_v3) { - const valid = validate_3(score.cvss_v3) - if (!valid) { - ctx.isValid = false - for (const err of validate_3.errors ?? []) { - ctx.errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/scores/${scoreIndex}/cvss_v3${err.instancePath}`, - message: err.message ?? '', - }) - } - } - } - } - } - - return ctx -} diff --git a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_9.js b/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_9.js deleted file mode 100644 index f2905c0..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_9.js +++ /dev/null @@ -1,173 +0,0 @@ -import cvss2js from 'cvss2js' -import { getEnvironmentalScoreFromVectorString } from '../shared/cvss2.js' -import { cvss30 as CVSS, cvss31 as CVSS31 } from '../shared/first.js' - -/** - * @param {any} doc - */ -export default function mandatoryTest_6_1_9(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const errors = [] - let isValid = true - - if (Array.isArray(doc.vulnerabilities)) { - /** @type {Array} */ - const vulnerabilities = doc.vulnerabilities - vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - if (!Array.isArray(vulnerability.scores)) return - /** @type {Array} */ - const scores = vulnerability.scores - scores.forEach((score, scoreIndex) => { - if (typeof score.cvss_v2?.vectorString === 'string') { - /** - * @typedef {object} CVSSV2 - * @property {string} vectorString - * @property {unknown} baseScore - * @property {unknown} temporalScore - * @property {unknown} environmentalScore - */ - - /** @type {CVSSV2} */ - const cvssV2 = score.cvss_v2 - const result = safelyParseCVSSV2Vector(cvssV2.vectorString) - - if (result.success) { - for (const { score, expectedScore, name } of [ - { - score: cvssV2.baseScore, - expectedScore: result.baseMetricScore, - name: 'baseScore', - }, - { - score: cvssV2.temporalScore, - expectedScore: result.temporalMetricScore, - name: 'temporalScore', - }, - { - score: cvssV2.environmentalScore, - expectedScore: result.environmentalMetricScore, - name: 'environmentalScore', - }, - ]) { - if (typeof score === 'number') { - if (score !== Number(expectedScore)) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/scores/${scoreIndex}/cvss_v2/${name}`, - message: 'invalid calculated value', - }) - } - } - } - } - } - - if ( - typeof score.cvss_v3?.vectorString === 'string' && - (score.cvss_v3.version === '3.1' || score.cvss_v3.version === '3.0') - ) { - /** - * @typedef {object} CVSSV3 - * @property {string} vectorString - * @property {'3.1' | '3.0'} version - * @property {unknown} baseScore - * @property {unknown} baseSeverity - * @property {unknown} temporalScore - * @property {unknown} temporalSeverity - * @property {unknown} environmentalScore - * @property {unknown} environmentalSeverity - */ - - /** @type {CVSSV3} */ - const cvssV3 = score.cvss_v3 - - const calculator = cvssV3.version === '3.0' ? CVSS : CVSS31 - const result = calculator.calculateCVSSFromVector(cvssV3.vectorString) - - if (result.success) { - for (const { score, expectedScore, name } of [ - { - score: cvssV3.baseScore, - expectedScore: result.baseMetricScore, - name: 'baseScore', - }, - { - score: cvssV3.temporalScore, - expectedScore: result.temporalMetricScore, - name: 'temporalScore', - }, - { - score: cvssV3.environmentalScore, - expectedScore: result.environmentalMetricScore, - name: 'environmentalScore', - }, - ]) { - if (typeof score === 'number') { - if (score !== Number(expectedScore)) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/scores/${scoreIndex}/cvss_v3/${name}`, - message: 'invalid calculated value', - }) - } - } - } - - for (const { severity, expectedSeverity, name } of [ - { - severity: cvssV3.baseSeverity, - expectedSeverity: result.baseSeverity, - name: 'baseSeverity', - }, - { - severity: cvssV3.temporalSeverity, - expectedSeverity: result.temporalSeverity, - name: 'temporalSeverity', - }, - { - severity: cvssV3.environmentalSeverity, - expectedSeverity: result.environmentalSeverity, - name: 'environmentalSeverity', - }, - ]) { - if (typeof severity === 'string') { - if (severity !== expectedSeverity.toUpperCase()) { - isValid = false - errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/scores/${scoreIndex}/cvss_v3/${name}`, - message: 'invalid calculated value', - }) - } - } - } - } - } - }) - }) - } - - return { errors, isValid } -} - -/** - * @param {string} vectorString - * @returns - */ -function safelyParseCVSSV2Vector(vectorString) { - try { - return { - success: true, - baseMetricScore: cvss2js.getBaseScore(vectorString), - temporalMetricScore: cvss2js.getTemporalScore(vectorString), - environmentalMetricScore: - getEnvironmentalScoreFromVectorString(vectorString), - } - } catch (e) { - return { - success: false, - baseMetricScore: -1, - temporalMetricScore: -1, - environmentalMetricScore: -1, - } - } -} diff --git a/csaf-validator-lib/lib/mandatoryTests/shared/docUtils.js b/csaf-validator-lib/lib/mandatoryTests/shared/docUtils.js deleted file mode 100644 index 0c83e29..0000000 --- a/csaf-validator-lib/lib/mandatoryTests/shared/docUtils.js +++ /dev/null @@ -1,165 +0,0 @@ -import semver from 'semver' - -/** - * @typedef {Object} FullProductName - * @property {string} name - * @property {string} product_id - */ - -/** - * @typedef {Object} Branch - * @property {Array} branches - * @property {FullProductName} product - */ - -/** - * @param {any} doc - * @returns {doc is { document: { tracking: { version: string } } }} - */ -export const hasTrackingVersionField = (doc) => - typeof doc?.document?.tracking?.version === 'string' - -/** - * @param {any} doc - * @returns {doc is { document: { tracking: { status: string } } }} - */ -export const hasTrackingStatusField = (doc) => - typeof doc?.document?.tracking?.status === 'string' - -/** - * @param {any} doc - * @returns {doc is { document: { tracking: { revision_history: Array<{ number: string; date: string }> } } }} - */ -export const hasTrackingRevisionHistory = (doc) => - Array.isArray(doc?.document?.tracking?.revision_history) && - doc?.document?.tracking?.revision_history.every( - (/** @type {any} */ r) => - typeof r.number === 'string' && typeof r.date === 'string' - ) - -/** - * This method collects definitions of product ids and corresponding names and instancePaths in the given document and returns a result object. - * @param {any} document - * @returns {{id: string, name: string, instancePath: string}[]} - */ -export const collectProductIds = ({ document }) => { - const entries = - /** @type {{id: string, name: string, instancePath: string}[]} */ ([]) - - const fullProductNames = document.product_tree?.full_product_names - if (fullProductNames) { - for (let i = 0; i < fullProductNames.length; ++i) { - const fullProductName = fullProductNames[i] - if (fullProductName.product_id) { - entries.push({ - id: fullProductName.product_id, - name: fullProductName.name ?? '', - instancePath: `/product_tree/full_product_names/${i}/product_id`, - }) - } - } - } - - const relationships = document.product_tree?.relationships - if (relationships) { - for (let i = 0; i < relationships.length; ++i) { - const relationship = relationships[i] - const fullProductName = relationship.full_product_name - if (fullProductName) { - if (fullProductName.product_id) { - entries.push({ - id: fullProductName.product_id, - name: fullProductName.name ?? '', - instancePath: `/product_tree/relationships/${i}/full_product_name/product_id`, - }) - } - } - } - } - - const branches = document.product_tree?.branches - if (branches) { - traverseBranches(branches, entries, '/product_tree/branches') - } - - return entries -} - -/** - * This method collects group ids and corresponding instancePaths in the given document and returns a result object. - * - * @param {any} document - * @returns {{id: string, name: string, instancePath: string}[]} - */ -export const collectGroupIds = ({ document }) => { - const entries = - /** @type {{id: string, name: string, instancePath: string}[]} */ ([]) - - const productGroups = document.product_tree?.product_groups - if (productGroups) { - for (let i = 0; i < productGroups.length; ++i) { - const productGroup = productGroups[i] - if (productGroup.group_id) { - entries.push({ - id: productGroup.group_id, - name: productGroup.summary ?? '', - instancePath: `/product_tree/product_groups/${i}/group_id`, - }) - } - } - } - - return entries -} - -/** - * @param {{id: string}[]} entries - * @param {{id: string, instancePath: string}[]} refs - */ -export const findMissingDefinitions = (entries, refs) => { - return refs.filter( - (ref) => entries.find((e) => e.id === ref.id) === undefined - ) -} - -/** - * @param {Array} branches - * @param {{id: string, name: string, instancePath: string}[]} entries - * @param {string} instancePath - */ -const traverseBranches = (branches, entries, instancePath) => { - for (let i = 0; i < branches.length; ++i) { - const branch = branches[i] - const branchInstancePath = `${instancePath}/${i}` - const fullProductName = branch.product - if (fullProductName) { - if (fullProductName.product_id) { - entries.push({ - id: fullProductName.product_id, - name: fullProductName.name ?? '', - instancePath: `${branchInstancePath}/product/product_id`, - }) - } - } - if (branch.branches) - traverseBranches( - branch.branches, - entries, - `${branchInstancePath}/branches` - ) - } -} - -/** - * Return positive number if v2 is gte v1 and negative number otherwise - * @param {string} v1 - * @param {string} v2 - * @returns {number} - */ -export const compareVersions = (v1, v2) => { - if (semver.valid(v1) && semver.valid(v2)) { - return semver.gte(v2, v1) ? 1 : -1 - } else { - return parseInt(v2) - parseInt(v1) - } -} diff --git a/csaf-validator-lib/lib/optionalTests.js b/csaf-validator-lib/lib/optionalTests.js deleted file mode 100644 index 3eecf8e..0000000 --- a/csaf-validator-lib/lib/optionalTests.js +++ /dev/null @@ -1,20 +0,0 @@ -export { default as optionalTest_6_2_1 } from './optionalTests/optionalTest_6_2_1.js' -export { default as optionalTest_6_2_2 } from './optionalTests/optionalTest_6_2_2.js' -export { default as optionalTest_6_2_3 } from './optionalTests/optionalTest_6_2_3.js' -export { default as optionalTest_6_2_4 } from './optionalTests/optionalTest_6_2_4.js' -export { default as optionalTest_6_2_5 } from './optionalTests/optionalTest_6_2_5.js' -export { default as optionalTest_6_2_6 } from './optionalTests/optionalTest_6_2_6.js' -export { default as optionalTest_6_2_7 } from './optionalTests/optionalTest_6_2_7.js' -export { default as optionalTest_6_2_8 } from './optionalTests/optionalTest_6_2_8.js' -export { default as optionalTest_6_2_9 } from './optionalTests/optionalTest_6_2_9.js' -export { default as optionalTest_6_2_10 } from './optionalTests/optionalTest_6_2_10.js' -export { default as optionalTest_6_2_11 } from './optionalTests/optionalTest_6_2_11.js' -export { default as optionalTest_6_2_12 } from './optionalTests/optionalTest_6_2_12.js' -export { default as optionalTest_6_2_13 } from './optionalTests/optionalTest_6_2_13.js' -export { default as optionalTest_6_2_14 } from './optionalTests/optionalTest_6_2_14.js' -export { default as optionalTest_6_2_15 } from './optionalTests/optionalTest_6_2_15.js' -export { default as optionalTest_6_2_16 } from './optionalTests/optionalTest_6_2_16.js' -export { default as optionalTest_6_2_17 } from './optionalTests/optionalTest_6_2_17.js' -export { default as optionalTest_6_2_18 } from './optionalTests/optionalTest_6_2_18.js' -export { default as optionalTest_6_2_19 } from './optionalTests/optionalTest_6_2_19.js' -export { default as optionalTest_6_2_20 } from './optionalTests/optionalTest_6_2_20.js' diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_1.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_1.js deleted file mode 100644 index 4117c9a..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_1.js +++ /dev/null @@ -1,355 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - - properties: { - product_tree: { - additionalProperties: true, - - optionalProperties: { - branches: { - elements: { - additionalProperties: true, - - properties: {}, - }, - }, - - full_product_names: { - elements: { - additionalProperties: true, - - properties: {}, - }, - }, - - relationships: { - elements: { - additionalProperties: true, - - properties: {}, - }, - }, - }, - }, - }, - - optionalProperties: { - document: { - additionalProperties: true, - - optionalProperties: { - category: { type: 'string' }, - }, - }, - }, -}) -const validate = ajv.compile(inputSchema) - -const fullProductNameSchema = /** @type {const} */ ({ - additionalProperties: true, - - properties: { - product_id: { type: 'string' }, - }, -}) -const validateFullProductName = ajv.compile(fullProductNameSchema) - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product: fullProductNameSchema, - branches: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, -}) -const validateBranch = ajv.compile(branchSchema) - -const relationshipSchema = /** @type {const} */ ({ - additionalProperties: true, - - properties: { - full_product_name: fullProductNameSchema, - }, -}) -const validateRelationship = ajv.compile(relationshipSchema) - -/** - * @param {any} doc - */ -export default function optionalTest_6_2_1(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const warnings = [] - const context = { warnings } - - if ( - !validate(doc) || - doc.document?.category === 'csaf_informational_advisory' - ) { - return context - } - - /** - * @param {object} params - * @param {string} params.path - * @param {unknown[]} params.branches - */ - function checkBranches({ path, branches }) { - branches.forEach((branch, branchIndex) => { - if (validateBranch(branch)) { - if ( - typeof branch.product?.product_id === 'string' && - !isReferenced(doc, branch.product.product_id) - ) { - warnings.push({ - instancePath: `${path}/${branchIndex}/product/product_id`, - message: 'is not referenced', - }) - } - - if (Array.isArray(branch.branches)) { - checkBranches({ - path: `${path}/${branchIndex}/branches`, - branches: branch.branches, - }) - } - } - }) - } - - checkBranches({ - path: '/product_tree/branches', - branches: doc.product_tree?.branches ?? [], - }) - - doc.product_tree.full_product_names?.forEach( - (fullProductName, fullProductNameIndex) => { - if (!validateFullProductName(fullProductName)) return - if (!isReferenced(doc, fullProductName.product_id)) { - context.warnings.push({ - instancePath: `/product_tree/full_product_names/${fullProductNameIndex}/product_id`, - message: 'is not referenced', - }) - } - } - ) - - doc.product_tree.relationships?.forEach((relationship, relationshipIndex) => { - if (!validateRelationship(relationship)) return - if (!isReferenced(doc, relationship.full_product_name.product_id)) { - context.warnings.push({ - instancePath: `/product_tree/relationships/${relationshipIndex}/full_product_name/product_id`, - message: 'is not referenced', - }) - } - }) - - return context -} - -const containsProductGroupsSchema = /** @type {const} */ ({ - additionalProperties: true, - - properties: { - product_tree: { - additionalProperties: true, - - properties: { - product_groups: { - elements: { - additionalProperties: true, - - optionalProperties: { - product_ids: { - elements: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, -}) - -const containsRelationshipWithReferencesSchema = /** @type {const} */ ({ - additionalProperties: true, - - properties: { - product_tree: { - additionalProperties: true, - - properties: { - relationships: { - elements: { - additionalProperties: true, - - optionalProperties: { - product_reference: { type: 'string' }, - relates_to_product_reference: { type: 'string' }, - }, - }, - }, - }, - }, - }, -}) - -const containsVulnerabilitiesWithReferencesSchema = /** @type {const} */ ({ - additionalProperties: true, - - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - - optionalProperties: { - product_status: { - additionalProperties: true, - - optionalProperties: { - first_affected: { elements: { type: 'string' } }, - first_fixed: { elements: { type: 'string' } }, - fixed: { elements: { type: 'string' } }, - known_affected: { elements: { type: 'string' } }, - known_not_affected: { elements: { type: 'string' } }, - last_affected: { elements: { type: 'string' } }, - recommended: { elements: { type: 'string' } }, - under_investigation: { elements: { type: 'string' } }, - }, - }, - }, - }, - }, - }, -}) - -const containsVulnerabilitiesWithOptionalReferencesSchema = - /** @type {const} */ ({ - additionalProperties: true, - - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - - optionalProperties: { - remediations: { - elements: { - additionalProperties: true, - - optionalProperties: { - product_ids: { - elements: { type: 'string' }, - }, - }, - }, - }, - scores: { - elements: { - additionalProperties: true, - - optionalProperties: { - products: { - elements: { type: 'string' }, - }, - }, - }, - }, - threats: { - elements: { - additionalProperties: true, - - optionalProperties: { - product_ids: { - elements: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - }, - }) - -const validateContainsProductGroups = ajv.compile(containsProductGroupsSchema) -const validateContainsRelationshipWithReferences = ajv.compile( - containsRelationshipWithReferencesSchema -) -const validateContainsVulnerabilitiesWithReferences = ajv.compile( - containsVulnerabilitiesWithReferencesSchema -) -const validateContainsVulnerabilitiesWithOptionalReferences = ajv.compile( - containsVulnerabilitiesWithOptionalReferencesSchema -) - -/** - * @param {unknown} doc - * @param {string} productId - */ -function isReferenced(doc, productId) { - let referenced = false - - if (!referenced && validateContainsProductGroups(doc)) { - referenced = doc.product_tree.product_groups.some((group) => { - return group.product_ids?.includes(productId) ?? false - }) - } - - if (!referenced && validateContainsRelationshipWithReferences(doc)) { - referenced = doc.product_tree.relationships.some((relationship) => { - return ( - relationship.product_reference === productId || - relationship.relates_to_product_reference === productId - ) - }) - } - - if (!referenced && validateContainsVulnerabilitiesWithReferences(doc)) { - referenced = doc.vulnerabilities.some((vulnerability) => { - const keys = /** @type {const} */ ([ - 'first_affected', - 'first_fixed', - 'fixed', - 'known_affected', - 'known_not_affected', - 'last_affected', - 'recommended', - 'under_investigation', - ]) - return keys.some( - (key) => - vulnerability.product_status?.[key]?.includes(productId) ?? false - ) - }) - } - - if ( - !referenced && - validateContainsVulnerabilitiesWithOptionalReferences(doc) - ) { - referenced = doc.vulnerabilities.some((vulnerability) => { - return ( - vulnerability.remediations?.some((remediation) => - remediation.product_ids?.includes(productId) - ) || - vulnerability.scores?.some((score) => - score.products?.includes(productId) - ) || - vulnerability.threats?.some((threat) => - threat.product_ids?.includes(productId) - ) || - false - ) - }) - } - - return referenced -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_10.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_10.js deleted file mode 100644 index 9915d4d..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_10.js +++ /dev/null @@ -1,46 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - distribution: { - additionalProperties: true, - properties: { - tlp: { - additionalProperties: true, - properties: { - label: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export default function optionalTest_6_2_10(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - if (!validate(doc)) { - ctx.warnings.push({ - message: 'missing tlp label', - instancePath: '/document/distribution/tlp/label', - }) - } - - return ctx -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_11.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_11.js deleted file mode 100644 index 80b1d6b..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_11.js +++ /dev/null @@ -1,62 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { isCanonicalUrl } from '../shared/urlHelper.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - references: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - - tracking: { - additionalProperties: true, - properties: { - id: { type: 'string' }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export default function optionalTest_6_2_11(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - function warn() { - ctx.warnings.push({ - message: 'missing canonical url', - instancePath: '/document/references', - }) - } - - if (!validate(doc)) { - warn() - return ctx - } - - const hasCanonicalURL = doc.document.references.some((reference) => - isCanonicalUrl(reference, doc.document.tracking.id) - ) - - if (!hasCanonicalURL) { - warn() - } - - return ctx -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_12.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_12.js deleted file mode 100644 index 52e7d81..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_12.js +++ /dev/null @@ -1,36 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - document: { - additionalProperties: true, - properties: { - lang: { type: 'string' }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export default function optionalTest_6_2_12(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - if (!validate(doc)) { - ctx.warnings.push({ - message: 'missing document language', - instancePath: '/document', - }) - } - - return ctx -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_13.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_13.js deleted file mode 100644 index 8a5e716..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_13.js +++ /dev/null @@ -1,42 +0,0 @@ -/** - * @param {any} doc - */ -export default function optionalTest_6_2_13(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - /** - * @param {Intl.Collator} collator - * @param {string} prefix - * @param {unknown} obj - * @returns {unknown} - */ - const checkObjectKeysSorting = (collator, prefix, obj) => { - if (typeof obj !== 'object' || obj == null) return - if (Array.isArray(obj)) { - // check sorting for elements inside the array but not the array itself - obj.forEach((e, i) => { - checkObjectKeysSorting(collator, prefix + '/' + i, e) - }) - return - } - - const keys = /** @type {Array} */ (Object.keys(obj)) - const expectedKeys = keys.slice().sort((a, z) => collator.compare(a, z)) - if (JSON.stringify(keys) !== JSON.stringify(expectedKeys)) { - ctx.warnings.push({ - instancePath: prefix, - message: 'not sorted alphabetically', - }) - } - for (const key of keys) { - checkObjectKeysSorting(collator, prefix + '/' + key, obj[key]) - } - } - - checkObjectKeysSorting(new Intl.Collator(), '', doc) - - return ctx -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_14.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_14.js deleted file mode 100644 index 47fea4c..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_14.js +++ /dev/null @@ -1,33 +0,0 @@ -import { isPrivateLanguage } from '../shared/bcpLanguageTagChecker.js' - -/** - * @param {any} doc - */ -export default function optionalTest_6_2_14(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - if ( - typeof doc.document?.lang === 'string' && - isPrivateLanguage(doc.document.lang) - ) { - ctx.warnings.push({ - instancePath: '/document/lang', - message: 'use of private language', - }) - } - - if ( - typeof doc.document?.source_lang === 'string' && - isPrivateLanguage(doc.document.source_lang) - ) { - ctx.warnings.push({ - instancePath: '/document/source_lang', - message: 'use of private language', - }) - } - - return ctx -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_15.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_15.js deleted file mode 100644 index 5e47e65..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_15.js +++ /dev/null @@ -1,27 +0,0 @@ -/** - * @param {any} doc - */ -export default function optionalTest_6_2_15(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - const defaultLanguage = 'i-default' - - if (doc.document?.lang === defaultLanguage) { - ctx.warnings.push({ - instancePath: '/document/lang', - message: 'use of default language', - }) - } - - if (doc.document?.source_lang === defaultLanguage) { - ctx.warnings.push({ - instancePath: '/document/source_lang', - message: 'use of default language', - }) - } - - return ctx -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_16.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_16.js deleted file mode 100644 index 1e7538d..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_16.js +++ /dev/null @@ -1,127 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - branches: { elements: { additionalProperties: true, properties: {} } }, - full_product_names: { - elements: { additionalProperties: true, properties: {} }, - }, - relationships: { - elements: { additionalProperties: true, properties: {} }, - }, - }, - }, - }, -}) - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product: { - additionalProperties: true, - optionalProperties: { - product_identification_helper: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, -}) - -const relationshipSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - full_product_name: { - additionalProperties: true, - optionalProperties: { - product_identification_helper: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) -const validateRelationship = ajv.compile(relationshipSchema) -const validateBranch = ajv.compile(branchSchema) - -/** - * @param {any} doc - */ -export default function optionalTest_6_2_16(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - doc.product_tree.full_product_names?.forEach( - (fullProductName, fullProductNameIndex) => { - if (!fullProductName.product_identification_helper) { - ctx.warnings.push({ - instancePath: `/product_tree/full_product_names/${fullProductNameIndex}`, - message: 'missing product identification helper', - }) - } - } - ) - - /** - * @param {object} params - * @param {string} params.path - * @param {unknown[]} params.branches - */ - function checkBranches({ path, branches }) { - branches.forEach((branch, branchIndex) => { - if (!validateBranch(branch)) { - return - } - if (branch.product && !branch.product.product_identification_helper) { - ctx.warnings.push({ - instancePath: `${path}/${branchIndex}/product`, - message: 'missing product identification helper', - }) - } - if (Array.isArray(branch.branches)) { - checkBranches({ - path: `${path}/${branchIndex}/branches`, - branches: branch.branches, - }) - } - }) - } - - if (doc.product_tree.branches) { - checkBranches({ - path: '/product_tree/branches', - branches: doc.product_tree.branches, - }) - } - - doc.product_tree.relationships?.forEach((relationship, relationshipIndex) => { - if (!validateRelationship(relationship)) { - return - } - - if (!relationship.full_product_name.product_identification_helper) { - ctx.warnings.push({ - instancePath: `/product_tree/relationships/${relationshipIndex}/full_product_name`, - message: 'missing product identification helper', - }) - } - }) - - return ctx -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_17.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_17.js deleted file mode 100644 index aea8b47..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_17.js +++ /dev/null @@ -1,53 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - ids: { - elements: { - additionalProperties: true, - optionalProperties: { - text: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export default function optionalTest_6_2_17(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - vulnerability.ids?.forEach((id, idIndex) => { - if (id.text?.match(/^CVE-[0-9]{4}-[0-9]{4,}$/)) { - ctx.warnings.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/ids/${idIndex}`, - message: 'contains CVE', - }) - } - }) - }) - - return ctx -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_18.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_18.js deleted file mode 100644 index acdaba9..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_18.js +++ /dev/null @@ -1,80 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - branches: { elements: { additionalProperties: true, properties: {} } }, - }, - }, - }, -}) - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - category: { type: 'string' }, - name: { type: 'string' }, - }, -}) - -const validateInput = ajv.compile(inputSchema) -const validateBranch = ajv.compile(branchSchema) - -/** - * @param {any} doc - */ -export default function optionalTest_6_2_18(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - /** - * @param {object} params - * @param {string} params.path - * @param {unknown[]} params.branches - */ - function checkBranches({ path, branches }) { - branches.forEach((branch, branchIndex) => { - if (!validateBranch(branch)) { - return - } - if ( - branch.category === 'product_version_range' && - typeof branch.name === 'string' && - !branch.name.match( - new RegExp('^vers:[a-z\\.\\-\\+][a-z0-9\\.\\-\\+]*/.+') - ) - ) { - ctx.warnings.push({ - instancePath: `${path}/${branchIndex}`, - message: 'product version range without vers', - }) - } - if (Array.isArray(branch.branches)) { - checkBranches({ - path: `${path}/${branchIndex}/branches`, - branches: branch.branches, - }) - } - }) - } - - if (doc.product_tree.branches) { - checkBranches({ - path: '/product_tree/branches', - branches: doc.product_tree.branches, - }) - } - - return ctx -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_19.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_19.js deleted file mode 100644 index 0e464d6..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_19.js +++ /dev/null @@ -1,257 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { cvss30, cvss31 } from '../shared/first.js' -import * as cvss2 from '../shared/cvss2.js' -import * as cvss3 from '../shared/cvss3.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - product_status: { - additionalProperties: true, - optionalProperties: { - fixed: { - elements: { type: 'string' }, - }, - first_fixed: { - elements: { type: 'string' }, - }, - }, - }, - scores: { - elements: { - additionalProperties: true, - optionalProperties: { - cvss_v3: { - additionalProperties: true, - optionalProperties: { - environmentalScore: { type: 'float64' }, - vectorString: { type: 'string' }, - version: { type: 'string' }, - }, - }, - cvss_v2: { - additionalProperties: true, - optionalProperties: { - environmentalScore: { type: 'float64' }, - vectorString: { type: 'string' }, - version: { type: 'string' }, - }, - }, - products: { - elements: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - }, -}) -const validateInput = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export default function optionalTest_6_2_19(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - const fixedProductIDs = new Set([ - ...(vulnerability.product_status?.first_fixed ?? []), - ...(vulnerability.product_status?.fixed ?? []), - ]) - for (const productID of fixedProductIDs) { - vulnerability.scores?.forEach((score, scoreIndex) => { - if (!score.products?.includes(productID)) return - if (score.cvss_v3) { - const calculatedValue = - score.cvss_v3.version === '3.1' || score.cvss_v3.version === '3.0' - ? calculateEnvironmentalScoreFromMetrics({ - version: score.cvss_v3.version, - vectorString: score.cvss_v3.vectorString ?? '', - metrics: score.cvss_v3, - }) - : null - if ( - (typeof score.cvss_v3.environmentalScore === 'number' && - score.cvss_v3.environmentalScore > 0) || - (typeof calculatedValue === 'number' && calculatedValue > 0) || - calculatedValue === null - ) { - ctx.warnings.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/scores/${scoreIndex}/cvss_v3`, - message: `environmental score should be 0 since "${productID}" is listed as fixed`, - }) - } - } - if (score.cvss_v2) { - const calculatedValue = calculateEnvironmentalScoreFromMetrics({ - version: '2.0', - vectorString: score.cvss_v2.vectorString ?? '', - metrics: score.cvss_v2, - }) - if ( - (typeof score.cvss_v2.environmentalScore === 'number' && - score.cvss_v2.environmentalScore > 0) || - (typeof calculatedValue === 'number' && calculatedValue !== 0) || - calculatedValue === null - ) { - ctx.warnings.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/scores/${scoreIndex}/cvss_v2`, - message: `environmental score should be 0 since "${productID}" is listed as fixed`, - }) - } - } - }) - } - }) - - return ctx -} - -const cvss2Mapping = - /** @type {ReadonlyArray]>} */ ( - cvss2.mapping.map((mapping) => [ - mapping[0], - mapping[1], - Object.fromEntries( - Object.entries(mapping[2]).map(([key, value]) => [key, value.id]) - ), - ]) - ) - -const cvss3Mapping = cvss3.mapping - -/** - * @param {object} params - * @param {'2.0' | '3.0' | '3.1'} params.version - * @param {string} params.vectorString - * @param {Record} params.metrics - */ -function calculateEnvironmentalScoreFromMetrics({ - version, - vectorString, - metrics, -}) { - const vectorFromVectorString = new Map( - vectorString - .split('/') - .map((e) => { - const [key, value] = e.split(':') - return /** @type {const} */ ([key, value]) - }) - .filter(([, value]) => value) - ) - if (version === '3.1' || version === '3.0') { - const args = /** - * @type {[ - * string, - * string, - * string, - * string, - * string, - * string, - * string, - * string, - * string, - * string, - * string, - * string, - * string, - * string, - * string, - * string, - * string, - * string, - * string, - * string, - * string, - * string, - * ]} - */ ( - calculateMetricArray({ - mapping: cvss3Mapping, - metrics, - vector: vectorFromVectorString, - }).map((e) => e[1]) - ) - const score = ( - version === '3.1' ? cvss31 : cvss30 - ).calculateCVSSFromMetrics(...args) - if (!score.success) return null - return Number(score.environmentalMetricScore) - } else { - const vector = Object.fromEntries( - calculateMetricArray({ - mapping: cvss2Mapping, - metrics, - vector: vectorFromVectorString, - }) - ) - const score = safelyParseCVSSV2Vector(vector) - if (!score.success) return null - return score.environmentalMetricScore - } -} - -/** - * This function takes a cvss vector and a metric object and extracts all cvss - * values according to the mapping. It does this by first looking up every property - * in the `vector`. If the property doesn't exist there but in the metrics objects, - * it takes the value from the corresponding metrics object. - * - * @param {object} params - * @param {Map} params.vector - * @param {Record} params.metrics - * @param {ReadonlyArray]>} params.mapping - * @returns an array of pairs where the first element is the metric name (abbreviated) and the - * second is the value (abbreviated). If no value is found the value is `undefined`. - * The order of the array is the same as in the mapping. - */ -function calculateMetricArray({ vector, metrics, mapping }) { - return mapping.map((e) => { - const metricAbbrev = e[1] - const metricPropertyName = e[0] - /** @type {any} */ - const metricValueAbbrevMap = e[2] - /** @type {any} */ - const metricValue = metrics[metricPropertyName] - return [ - metricAbbrev, - vector.get(metricAbbrev) ?? metricValueAbbrevMap[metricValue], - ] - }) -} - -/** - * @param {string | {}} vectorString - * @returns - */ -function safelyParseCVSSV2Vector(vectorString) { - try { - return { - success: true, - environmentalMetricScore: - cvss2.getEnvironmentalScoreFromVectorString(vectorString), - } - } catch (e) { - return { - success: false, - environmentalMetricScore: -1, - } - } -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_2.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_2.js deleted file mode 100644 index 65cf276..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_2.js +++ /dev/null @@ -1,107 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - - optionalProperties: { - product_tree: { - additionalProperties: true, - - optionalProperties: { - product_groups: { - elements: { - additionalProperties: true, - - optionalProperties: { - group_id: { type: 'string' }, - product_ids: { elements: { type: 'string' } }, - }, - }, - }, - }, - }, - }, - - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - - properties: { - product_status: { - additionalProperties: true, - optionalProperties: { - first_affected: { elements: { type: 'string' } }, - known_affected: { elements: { type: 'string' } }, - last_affected: { elements: { type: 'string' } }, - under_investigation: { elements: { type: 'string' } }, - }, - }, - }, - - optionalProperties: { - remediations: { - elements: { - additionalProperties: true, - optionalProperties: { - product_ids: { elements: { type: 'string' } }, - group_ids: { - elements: { type: 'string' }, - }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export default function optionalTest_6_2_2(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const warnings = [] - const context = { warnings } - - if (!validate(doc)) { - return context - } - - doc.vulnerabilities?.forEach((vulnerability, vulnerabilityIndex) => { - const productStatus = vulnerability.product_status - const lists = /** @type {const} */ ([ - 'first_affected', - 'known_affected', - 'last_affected', - 'under_investigation', - ]) - lists.forEach((listID) => { - const listOfProductIDs = productStatus[listID] - listOfProductIDs?.forEach((productID, productIDIndex) => { - const hasMatchingRemediation = vulnerability.remediations?.some( - (remediation) => - remediation.product_ids?.includes(productID) || - remediation.group_ids - ?.map((id) => - doc.product_tree?.product_groups?.find((g) => g.group_id === id) - ) - .some((g) => g?.product_ids?.includes(productID)) - ) - if (!hasMatchingRemediation) { - context.warnings.push({ - message: 'missing remediation', - instancePath: `/vulnerabilities/${vulnerabilityIndex}/product_status/${listID}/${productIDIndex}`, - }) - } - }) - }) - }) - - return context -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_20.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_20.js deleted file mode 100644 index 828d41d..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_20.js +++ /dev/null @@ -1,29 +0,0 @@ -import schema from '../schemaTests/csaf_2_0_strict/schema.js' -import csafAjv from '../shared/csafAjv.js' - -const validateStrictSchema = csafAjv.compile(schema) - -/** - * @param {unknown} doc - */ -export default function optionalTest_6_2_20(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - if (!validateStrictSchema(doc)) { - const additionalPropertiesErrors = - validateStrictSchema.errors?.filter( - (e) => e.keyword === 'additionalProperties' - ) ?? [] - for (const error of additionalPropertiesErrors) { - ctx.warnings.push({ - instancePath: error.instancePath, - message: error.message ?? '', - }) - } - } - - return ctx -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_3.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_3.js deleted file mode 100644 index 901677c..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_3.js +++ /dev/null @@ -1,77 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - - properties: { - product_status: { - additionalProperties: true, - optionalProperties: { - first_affected: { elements: { type: 'string' } }, - known_affected: { elements: { type: 'string' } }, - last_affected: { elements: { type: 'string' } }, - }, - }, - }, - - optionalProperties: { - scores: { - elements: { - additionalProperties: true, - optionalProperties: { - products: { elements: { type: 'string' } }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export default function optionalTest_6_2_3(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const warnings = [] - const context = { warnings } - - if (!validate(doc)) { - return context - } - - doc.vulnerabilities?.forEach((vulnerability, vulnerabilityIndex) => { - const productStatus = vulnerability.product_status - const lists = /** @type {const} */ ([ - 'first_affected', - 'known_affected', - 'last_affected', - ]) - lists.forEach((listID) => { - const listOfProductIDs = productStatus[listID] - listOfProductIDs?.forEach((productID, productIDIndex) => { - const hasMatchingScore = vulnerability.scores?.some((score) => - score.products?.includes(productID) - ) - if (!hasMatchingScore) { - context.warnings.push({ - message: 'missing score', - instancePath: `/vulnerabilities/${vulnerabilityIndex}/product_status/${listID}/${productIDIndex}`, - }) - } - }) - }) - }) - - return context -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_4.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_4.js deleted file mode 100644 index 49deb7a..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_4.js +++ /dev/null @@ -1,52 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - - properties: { - document: { - additionalProperties: true, - properties: { - tracking: { - additionalProperties: true, - properties: { - revision_history: { - elements: { additionalProperties: true, properties: {} }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export default function optionalTest_6_2_4(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const warnings = [] - const context = { warnings } - - if (!validate(doc)) { - return context - } - - doc.document.tracking.revision_history?.forEach( - (revisionHistoryItem, revisionHistoryItemIndex) => { - const { number } = revisionHistoryItem - if (typeof number === 'string' && number.includes('+')) { - warnings.push({ - message: 'build metadata in revision history', - instancePath: `/document/tracking/revision_history/${revisionHistoryItemIndex}/number`, - }) - } - } - ) - - return context -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_5.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_5.js deleted file mode 100644 index 869066b..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_5.js +++ /dev/null @@ -1,66 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { compareZonedDateTimes } from '../shared/dateHelper.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - - properties: { - document: { - additionalProperties: true, - properties: { - tracking: { - additionalProperties: true, - properties: { - initial_release_date: { type: 'timestamp' }, - revision_history: { - elements: { - additionalProperties: true, - properties: { date: { type: 'timestamp' } }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export default function optionalTest_6_2_5(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const warnings = [] - const context = { warnings } - - if (!validate(doc)) { - return context - } - - const oldestRevisionHistoryItem = doc.document.tracking.revision_history - .slice() - .sort((a, z) => - compareZonedDateTimes( - /** @type {string} */ (a.date), - /** @type {string} */ (z.date) - ) - )[0] - if ( - oldestRevisionHistoryItem && - compareZonedDateTimes( - /** @type {string} */ (doc.document.tracking.initial_release_date), - /** @type {string} */ (oldestRevisionHistoryItem.date) - ) < 0 - ) { - warnings.push({ - message: 'older initial release date than revision history', - instancePath: `/document/tracking/initial_release_date`, - }) - } - - return context -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_6.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_6.js deleted file mode 100644 index 0f4aece..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_6.js +++ /dev/null @@ -1,66 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { compareZonedDateTimes } from '../shared/dateHelper.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - - properties: { - document: { - additionalProperties: true, - properties: { - tracking: { - additionalProperties: true, - properties: { - current_release_date: { type: 'timestamp' }, - revision_history: { - elements: { - additionalProperties: true, - properties: { date: { type: 'timestamp' } }, - }, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export default function optionalTest_6_2_6(doc) { - /** @type {Array<{ message: string; instancePath: string }>} */ - const warnings = [] - const context = { warnings } - - if (!validate(doc)) { - return context - } - - const newestRevisionHistoryItem = doc.document.tracking.revision_history - .slice() - .sort((a, z) => - compareZonedDateTimes( - /** @type {string} */ (z.date), - /** @type {string} */ (a.date) - ) - )[0] - if ( - newestRevisionHistoryItem && - compareZonedDateTimes( - /** @type {string} */ (doc.document.tracking.current_release_date), - /** @type {string} */ (newestRevisionHistoryItem.date) - ) < 0 - ) { - warnings.push({ - message: 'older current release date than revision history', - instancePath: `/document/tracking/current_release_date`, - }) - } - - return context -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_7.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_7.js deleted file mode 100644 index a3afd9a..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_7.js +++ /dev/null @@ -1,51 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - vulnerabilities: { - elements: { - additionalProperties: true, - optionalProperties: { - involvements: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, - }, - }, -}) - -const validate = ajv.compile(inputSchema) - -/** - * @param {any} doc - */ -export default function optionalTest_6_2_7(doc) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - if (!validate(doc)) { - return ctx - } - - doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { - vulnerability.involvements?.forEach((involvement, involvementIndex) => { - if (!involvement.date) { - ctx.warnings.push({ - message: 'missing date', - instancePath: `/vulnerabilities/${vulnerabilityIndex}/involvements/${involvementIndex}`, - }) - } - }) - }) - - return ctx -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_8.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_8.js deleted file mode 100644 index b0e5ba7..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_8.js +++ /dev/null @@ -1,8 +0,0 @@ -import checkForUnsafeHashAlgorithms from './shared/checkForUnsafeHashAlgorithms.js' - -/** - * @param {any} doc - */ -export default function optionalTest_6_2_8(doc) { - return checkForUnsafeHashAlgorithms(doc, 'md5') -} diff --git a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_9.js b/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_9.js deleted file mode 100644 index cd69330..0000000 --- a/csaf-validator-lib/lib/optionalTests/optionalTest_6_2_9.js +++ /dev/null @@ -1,8 +0,0 @@ -import checkForUnsafeHashAlgorithms from './shared/checkForUnsafeHashAlgorithms.js' - -/** - * @param {any} doc - */ -export default function optionalTest_6_2_9(doc) { - return checkForUnsafeHashAlgorithms(doc, 'sha1') -} diff --git a/csaf-validator-lib/lib/optionalTests/shared/checkForUnsafeHashAlgorithms.js b/csaf-validator-lib/lib/optionalTests/shared/checkForUnsafeHashAlgorithms.js deleted file mode 100644 index 24456bd..0000000 --- a/csaf-validator-lib/lib/optionalTests/shared/checkForUnsafeHashAlgorithms.js +++ /dev/null @@ -1,58 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' -import { walkHashes } from '../../shared/csafHelpers.js' - -const ajv = new Ajv() - -const hashSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - file_hashes: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, -}) - -const validateHash = ajv.compile(hashSchema) - -/** - * @param {any} doc - * @param {string} hashName - */ -export default function (doc, hashName) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - walkHashes(doc, ({ path, hash }) => { - if (!validateHash(hash)) return - const hashSet = getHashAlgorithmSet(hash) - if (hashSet.has(hashName) && hashSet.size === 1) { - ctx.warnings.push({ - instancePath: path, - message: `use of ${hashName} as the only hash algorithm`, - }) - } - }) - - return ctx -} - -/** - * - * @param {{ file_hashes: Array<{ algorithm?: unknown }> }} hash - * @returns - */ -function getHashAlgorithmSet(hash) { - return new Set( - hash.file_hashes - .map((h) => h.algorithm) - .filter( - /** @returns {v is string} */ - (v) => typeof v === 'string' - ) - ) -} diff --git a/csaf-validator-lib/lib/schemaTests.js b/csaf-validator-lib/lib/schemaTests.js deleted file mode 100644 index aeb18c5..0000000 --- a/csaf-validator-lib/lib/schemaTests.js +++ /dev/null @@ -1,2 +0,0 @@ -export { default as csaf_2_0_strict } from './schemaTests/csaf_2_0_strict.js' -export { default as csaf_2_0 } from './schemaTests/csaf_2_0.js' diff --git a/csaf-validator-lib/lib/schemaTests/csaf_2_0.js b/csaf-validator-lib/lib/schemaTests/csaf_2_0.js deleted file mode 100644 index 7086a74..0000000 --- a/csaf-validator-lib/lib/schemaTests/csaf_2_0.js +++ /dev/null @@ -1,26 +0,0 @@ -import csafAjv from '../shared/csafAjv.js' -import schema from './csaf_2_0/schema.js' - -const validate = csafAjv.compile(schema) - -/** - * @param {any} doc - */ -export default function csaf_2_0(doc) { - let isValid = validate(doc) - /** - * - * @type {Array<{ - * message?: string - * instancePath: string - * }>} - */ - const errors = validate.errors ?? [] - return { - isValid, - errors: errors.map((e) => ({ - ...e, - message: e.message ?? 'unexpected empty error message', - })), - } -} diff --git a/csaf-validator-lib/lib/schemaTests/csaf_2_0/schema.js b/csaf-validator-lib/lib/schemaTests/csaf_2_0/schema.js deleted file mode 100644 index 7f7efdc..0000000 --- a/csaf-validator-lib/lib/schemaTests/csaf_2_0/schema.js +++ /dev/null @@ -1,1392 +0,0 @@ -export default { - $schema: 'https://json-schema.org/draft/2020-12/schema', - $id: 'https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json', - title: 'Common Security Advisory Framework', - description: - 'Representation of security advisory information as a JSON document.', - type: 'object', - $defs: { - acknowledgments_t: { - title: 'List of acknowledgments', - description: 'Contains a list of acknowledgment elements.', - type: 'array', - minItems: 1, - items: { - title: 'Acknowledgment', - description: - 'Acknowledges contributions by describing those that contributed.', - type: 'object', - minProperties: 1, - properties: { - names: { - title: 'List of acknowledged names', - description: 'Contains the names of entities being recognized.', - type: 'array', - minItems: 1, - items: { - title: 'Name of entity being recognized', - description: 'Contains the name of a single person.', - type: 'string', - minLength: 1, - examples: ['Albert Einstein', 'Johann Sebastian Bach'], - }, - }, - organization: { - title: 'Contributing organization', - description: - 'Contains the name of a contributing organization being recognized.', - type: 'string', - minLength: 1, - examples: ['CISA', 'Google Project Zero', 'Talos'], - }, - summary: { - title: 'Summary of the acknowledgment', - description: - 'SHOULD represent any contextual details the document producers wish to make known about the acknowledgment or acknowledged parties.', - type: 'string', - minLength: 1, - examples: [ - 'First analysis of Coordinated Multi-Stream Attack (CMSA)', - ], - }, - urls: { - title: 'List of URLs', - description: - 'Specifies a list of URLs or location of the reference to be acknowledged.', - type: 'array', - minItems: 1, - items: { - title: 'URL of acknowledgment', - description: - 'Contains the URL or location of the reference to be acknowledged.', - type: 'string', - format: 'uri', - }, - }, - }, - }, - }, - branches_t: { - title: 'List of branches', - description: - 'Contains branch elements as children of the current element.', - type: 'array', - minItems: 1, - items: { - title: 'Branch', - description: - 'Is a part of the hierarchical structure of the product tree.', - type: 'object', - maxProperties: 3, - minProperties: 3, - required: ['category', 'name'], - properties: { - branches: { - $ref: '#/$defs/branches_t', - }, - category: { - title: 'Category of the branch', - description: 'Describes the characteristics of the labeled branch.', - type: 'string', - enum: [ - 'architecture', - 'host_name', - 'language', - 'legacy', - 'patch_level', - 'product_family', - 'product_name', - 'product_version', - 'product_version_range', - 'service_pack', - 'specification', - 'vendor', - ], - }, - name: { - title: 'Name of the branch', - description: - "Contains the canonical descriptor or 'friendly name' of the branch.", - type: 'string', - minLength: 1, - examples: [ - '10', - '365', - 'Microsoft', - 'Office', - 'PCS 7', - 'SIMATIC', - 'Siemens', - 'Windows', - ], - }, - product: { - $ref: '#/$defs/full_product_name_t', - }, - }, - }, - }, - full_product_name_t: { - title: 'Full product name', - description: - 'Specifies information about the product and assigns the product_id.', - type: 'object', - required: ['name', 'product_id'], - properties: { - name: { - title: 'Textual description of the product', - description: - 'The value should be the product’s full canonical name, including version number and other attributes, as it would be used in a human-friendly document.', - type: 'string', - minLength: 1, - examples: [ - 'Cisco AnyConnect Secure Mobility Client 2.3.185', - 'Microsoft Host Integration Server 2006 Service Pack 1', - ], - }, - product_id: { - $ref: '#/$defs/product_id_t', - }, - product_identification_helper: { - title: 'Helper to identify the product', - description: - 'Provides at least one method which aids in identifying the product in an asset database.', - type: 'object', - minProperties: 1, - properties: { - cpe: { - title: 'Common Platform Enumeration representation', - description: - 'The Common Platform Enumeration (CPE) attribute refers to a method for naming platforms external to this specification.', - type: 'string', - pattern: - '^((cpe:2\\.3:[aho\\*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!"#\\$%&\'\\(\\)\\+,\\/:;<=>@\\[\\]\\^`\\{\\|\\}~]))+(\\?*|\\*?))|[\\*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\\*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!"#\\$%&\'\\(\\)\\+,\\/:;<=>@\\[\\]\\^`\\{\\|\\}~]))+(\\?*|\\*?))|[\\*\\-])){4})|([c][pP][eE]:\\/[AHOaho]?(:[A-Za-z0-9\\._\\-~%]*){0,6}))$', - minLength: 5, - }, - hashes: { - title: 'List of hashes', - description: - 'Contains a list of cryptographic hashes usable to identify files.', - type: 'array', - minItems: 1, - items: { - title: 'Cryptographic hashes', - description: - 'Contains all information to identify a file based on its cryptographic hash values.', - type: 'object', - required: ['file_hashes', 'filename'], - properties: { - file_hashes: { - title: 'List of file hashes', - description: - 'Contains a list of cryptographic hashes for this file.', - type: 'array', - minItems: 1, - items: { - title: 'File hash', - description: - 'Contains one hash value and algorithm of the file to be identified.', - type: 'object', - required: ['algorithm', 'value'], - properties: { - algorithm: { - title: 'Algorithm of the cryptographic hash', - description: - 'Contains the name of the cryptographic hash algorithm used to calculate the value.', - type: 'string', - default: 'sha256', - minLength: 1, - examples: [ - 'blake2b512', - 'sha256', - 'sha3-512', - 'sha384', - 'sha512', - ], - }, - value: { - title: 'Value of the cryptographic hash', - description: - 'Contains the cryptographic hash value in hexadecimal representation.', - type: 'string', - pattern: '^[0-9a-fA-F]{32,}$', - minLength: 32, - examples: [ - '37df33cb7464da5c7f077f4d56a32bc84987ec1d85b234537c1c1a4d4fc8d09dc29e2e762cb5203677bf849a2855a0283710f1f5fe1d6ce8d5ac85c645d0fcb3', - '4775203615d9534a8bfca96a93dc8b461a489f69124a130d786b42204f3341cc', - '9ea4c8200113d49d26505da0e02e2f49055dc078d1ad7a419b32e291c7afebbb84badfbd46dec42883bea0b2a1fa697c', - ], - }, - }, - }, - }, - filename: { - title: 'Filename', - description: - 'Contains the name of the file which is identified by the hash values.', - type: 'string', - minLength: 1, - examples: ['WINWORD.EXE', 'msotadddin.dll', 'sudoers.so'], - }, - }, - }, - }, - model_numbers: { - title: 'List of models', - description: 'Contains a list of parts, or full model numbers.', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - title: 'Model number', - description: - 'Contains a part, or a full model number of the component to identify.', - type: 'string', - minLength: 1, - }, - }, - purl: { - title: 'package URL representation', - description: - 'The package URL (purl) attribute refers to a method for reliably identifying and locating software packages external to this specification.', - type: 'string', - format: 'uri', - pattern: '^pkg:[A-Za-z\\.\\-\\+][A-Za-z0-9\\.\\-\\+]*\\/.+', - minLength: 7, - }, - sbom_urls: { - title: 'List of SBOM URLs', - description: - 'Contains a list of URLs where SBOMs for this product can be retrieved.', - type: 'array', - minItems: 1, - items: { - title: 'SBOM URL', - description: 'Contains a URL of one SBOM for this product.', - type: 'string', - format: 'uri', - }, - }, - serial_numbers: { - title: 'List of serial numbers', - description: 'Contains a list of parts, or full serial numbers.', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - title: 'Serial number', - description: - 'Contains a part, or a full serial number of the component to identify.', - type: 'string', - minLength: 1, - }, - }, - skus: { - title: 'List of stock keeping units', - description: - 'Contains a list of parts, or full stock keeping units.', - type: 'array', - minItems: 1, - items: { - title: 'Stock keeping unit', - description: - 'Contains a part, or a full stock keeping unit (SKU) which is used in the ordering process to identify the component.', - type: 'string', - minLength: 1, - }, - }, - x_generic_uris: { - title: 'List of generic URIs', - description: - 'Contains a list of identifiers which are either vendor-specific or derived from a standard not yet supported.', - type: 'array', - minItems: 1, - items: { - title: 'Generic URI', - description: - 'Provides a generic extension point for any identifier which is either vendor-specific or derived from a standard not yet supported.', - type: 'object', - required: ['namespace', 'uri'], - properties: { - namespace: { - title: 'Namespace of the generic URI', - description: - 'Refers to a URL which provides the name and knowledge about the specification used or is the namespace in which these values are valid.', - type: 'string', - format: 'uri', - }, - uri: { - title: 'URI', - description: 'Contains the identifier itself.', - type: 'string', - format: 'uri', - }, - }, - }, - }, - }, - }, - }, - }, - lang_t: { - title: 'Language type', - description: - 'Identifies a language, corresponding to IETF BCP 47 / RFC 5646. See IETF language registry: https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry', - type: 'string', - pattern: - '^(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])$', - examples: ['de', 'en', 'fr', 'frc', 'jp'], - }, - notes_t: { - title: 'List of notes', - description: 'Contains notes which are specific to the current context.', - type: 'array', - minItems: 1, - items: { - title: 'Note', - description: - 'Is a place to put all manner of text blobs related to the current context.', - type: 'object', - required: ['category', 'text'], - properties: { - audience: { - title: 'Audience of note', - description: 'Indicate who is intended to read it.', - type: 'string', - minLength: 1, - examples: [ - 'all', - 'executives', - 'operational management and system administrators', - 'safety engineers', - ], - }, - category: { - title: 'Note category', - description: 'Choice of what kind of note this is.', - type: 'string', - enum: [ - 'description', - 'details', - 'faq', - 'general', - 'legal_disclaimer', - 'other', - 'summary', - ], - }, - text: { - title: 'Note contents', - description: - 'The contents of the note. Content varies depending on type.', - type: 'string', - minLength: 1, - }, - title: { - title: 'Title of note', - description: - 'Provides a concise description of what is contained in the text of the note.', - type: 'string', - minLength: 1, - examples: [ - 'Details', - 'Executive summary', - 'Technical summary', - 'Impact on safety systems', - ], - }, - }, - }, - }, - product_group_id_t: { - title: 'Reference token for product group instance', - description: - 'Token required to identify a group of products so that it can be referred to from other parts in the document. There is no predefined or required format for the product_group_id as long as it uniquely identifies a group in the context of the current document.', - type: 'string', - minLength: 1, - examples: ['CSAFGID-0001', 'CSAFGID-0002', 'CSAFGID-0020'], - }, - product_groups_t: { - title: 'List of product_group_ids', - description: - 'Specifies a list of product_group_ids to give context to the parent item.', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - $ref: '#/$defs/product_group_id_t', - }, - }, - product_id_t: { - title: 'Reference token for product instance', - description: - 'Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document.', - type: 'string', - minLength: 1, - examples: ['CSAFPID-0004', 'CSAFPID-0008'], - }, - products_t: { - title: 'List of product_ids', - description: - 'Specifies a list of product_ids to give context to the parent item.', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - $ref: '#/$defs/product_id_t', - }, - }, - references_t: { - title: 'List of references', - description: 'Holds a list of references.', - type: 'array', - minItems: 1, - items: { - title: 'Reference', - description: - 'Holds any reference to conferences, papers, advisories, and other resources that are related and considered related to either a surrounding part of or the entire document and to be of value to the document consumer.', - type: 'object', - required: ['summary', 'url'], - properties: { - category: { - title: 'Category of reference', - description: - 'Indicates whether the reference points to the same document or vulnerability in focus (depending on scope) or to an external resource.', - type: 'string', - default: 'external', - enum: ['external', 'self'], - }, - summary: { - title: 'Summary of the reference', - description: 'Indicates what this reference refers to.', - type: 'string', - minLength: 1, - }, - url: { - title: 'URL of reference', - description: 'Provides the URL for the reference.', - type: 'string', - format: 'uri', - }, - }, - }, - }, - version_t: { - title: 'Version', - description: - 'Specifies a version string to denote clearly the evolution of the content of the document. Format must be either integer or semantic versioning.', - type: 'string', - pattern: - '^(0|[1-9][0-9]*)$|^((0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?)$', - examples: ['1', '4', '0.9.0', '1.4.3', '2.40.0+21AF26D3'], - }, - }, - required: ['document'], - properties: { - document: { - title: 'Document level meta-data', - description: - 'Captures the meta-data about this document describing a particular set of security advisories.', - type: 'object', - required: ['category', 'csaf_version', 'publisher', 'title', 'tracking'], - properties: { - acknowledgments: { - title: 'Document acknowledgments', - description: - 'Contains a list of acknowledgment elements associated with the whole document.', - $ref: '#/$defs/acknowledgments_t', - }, - aggregate_severity: { - title: 'Aggregate severity', - description: - "Is a vehicle that is provided by the document producer to convey the urgency and criticality with which the one or more vulnerabilities reported should be addressed. It is a document-level metric and applied to the document as a whole — not any specific vulnerability. The range of values in this field is defined according to the document producer's policies and procedures.", - type: 'object', - required: ['text'], - properties: { - namespace: { - title: 'Namespace of aggregate severity', - description: 'Points to the namespace so referenced.', - type: 'string', - format: 'uri', - }, - text: { - title: 'Text of aggregate severity', - description: - 'Provides a severity which is independent of - and in addition to - any other standard metric for determining the impact or severity of a given vulnerability (such as CVSS).', - type: 'string', - minLength: 1, - examples: ['Critical', 'Important', 'Moderate'], - }, - }, - }, - category: { - title: 'Document category', - description: - 'Defines a short canonical name, chosen by the document producer, which will inform the end user as to the category of document.', - type: 'string', - pattern: '^[^\\s\\-_\\.](.*[^\\s\\-_\\.])?$', - minLength: 1, - examples: [ - 'csaf_base', - 'csaf_security_advisory', - 'csaf_vex', - 'Example Company Security Notice', - ], - }, - csaf_version: { - title: 'CSAF version', - description: - 'Gives the version of the CSAF specification which the document was generated for.', - type: 'string', - enum: ['2.0'], - }, - distribution: { - title: 'Rules for sharing document', - description: - 'Describe any constraints on how this document might be shared.', - type: 'object', - minProperties: 1, - properties: { - text: { - title: 'Textual description', - description: - 'Provides a textual description of additional constraints.', - type: 'string', - minLength: 1, - examples: [ - 'Copyright 2021, Example Company, All Rights Reserved.', - 'Distribute freely.', - 'Share only on a need-to-know-basis only.', - ], - }, - tlp: { - title: 'Traffic Light Protocol (TLP)', - description: - 'Provides details about the TLP classification of the document.', - type: 'object', - required: ['label'], - properties: { - label: { - title: 'Label of TLP', - description: 'Provides the TLP label of the document.', - type: 'string', - enum: ['AMBER', 'GREEN', 'RED', 'WHITE'], - }, - url: { - title: 'URL of TLP version', - description: - 'Provides a URL where to find the textual description of the TLP version which is used in this document. Default is the URL to the definition by FIRST.', - type: 'string', - default: 'https://www.first.org/tlp/', - format: 'uri', - examples: [ - 'https://www.us-cert.gov/tlp', - 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Kritis/Merkblatt_TLP.pdf', - ], - }, - }, - }, - }, - }, - lang: { - title: 'Document language', - description: - 'Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.', - $ref: '#/$defs/lang_t', - }, - notes: { - title: 'Document notes', - description: 'Holds notes associated with the whole document.', - $ref: '#/$defs/notes_t', - }, - publisher: { - title: 'Publisher', - description: - 'Provides information about the publisher of the document.', - type: 'object', - required: ['category', 'name', 'namespace'], - properties: { - category: { - title: 'Category of publisher', - description: - 'Provides information about the category of publisher releasing the document.', - type: 'string', - enum: [ - 'coordinator', - 'discoverer', - 'other', - 'translator', - 'user', - 'vendor', - ], - }, - contact_details: { - title: 'Contact details', - description: - 'Information on how to contact the publisher, possibly including details such as web sites, email addresses, phone numbers, and postal mail addresses.', - type: 'string', - minLength: 1, - examples: [ - 'Example Company can be reached at contact_us@example.com, or via our website at https://www.example.com/contact.', - ], - }, - issuing_authority: { - title: 'Issuing authority', - description: - "Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.", - type: 'string', - minLength: 1, - }, - name: { - title: 'Name of publisher', - description: 'Contains the name of the issuing party.', - type: 'string', - minLength: 1, - examples: ['BSI', 'Cisco PSIRT', 'Siemens ProductCERT'], - }, - namespace: { - title: 'Namespace of publisher', - description: - 'Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party.', - type: 'string', - format: 'uri', - examples: ['https://csaf.io', 'https://www.example.com'], - }, - }, - }, - references: { - title: 'Document references', - description: - 'Holds a list of references associated with the whole document.', - $ref: '#/$defs/references_t', - }, - source_lang: { - title: 'Source language', - description: - 'If this copy of the document is a translation then the value of this property describes from which language this document was translated.', - $ref: '#/$defs/lang_t', - }, - title: { - title: 'Title of this document', - description: - 'This SHOULD be a canonical name for the document, and sufficiently unique to distinguish it from similar documents.', - type: 'string', - minLength: 1, - examples: [ - 'Cisco IPv6 Crafted Packet Denial of Service Vulnerability', - 'Example Company Cross-Site-Scripting Vulnerability in Example Generator', - ], - }, - tracking: { - title: 'Tracking', - description: - 'Is a container designated to hold all management attributes necessary to track a CSAF document as a whole.', - type: 'object', - required: [ - 'current_release_date', - 'id', - 'initial_release_date', - 'revision_history', - 'status', - 'version', - ], - properties: { - aliases: { - title: 'Aliases', - description: - 'Contains a list of alternate names for the same document.', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - title: 'Alternate name', - description: - 'Specifies a non-empty string that represents a distinct optional alternative ID used to refer to the document.', - type: 'string', - minLength: 1, - examples: ['CVE-2019-12345'], - }, - }, - current_release_date: { - title: 'Current release date', - description: - 'The date when the current revision of this document was released', - type: 'string', - format: 'date-time', - }, - generator: { - title: 'Document generator', - description: - 'Is a container to hold all elements related to the generation of the document. These items will reference when the document was actually created, including the date it was generated and the entity that generated it.', - type: 'object', - required: ['engine'], - properties: { - date: { - title: 'Date of document generation', - description: - 'This SHOULD be the current date that the document was generated. Because documents are often generated internally by a document producer and exist for a nonzero amount of time before being released, this field MAY be different from the Initial Release Date and Current Release Date.', - type: 'string', - format: 'date-time', - }, - engine: { - title: 'Engine of document generation', - description: - 'Contains information about the engine that generated the CSAF document.', - type: 'object', - required: ['name'], - properties: { - name: { - title: 'Engine name', - description: - 'Represents the name of the engine that generated the CSAF document.', - type: 'string', - minLength: 1, - examples: ['Red Hat rhsa-to-cvrf', 'Secvisogram', 'TVCE'], - }, - version: { - title: 'Engine version', - description: - 'Contains the version of the engine that generated the CSAF document.', - type: 'string', - minLength: 1, - examples: ['0.6.0', '1.0.0-beta+exp.sha.a1c44f85', '2'], - }, - }, - }, - }, - }, - id: { - title: 'Unique identifier for the document', - description: - 'The ID is a simple label that provides for a wide range of numbering values, types, and schemes. Its value SHOULD be assigned and maintained by the original document issuing authority.', - type: 'string', - pattern: '^[\\S](.*[\\S])?$', - minLength: 1, - examples: [ - 'Example Company - 2019-YH3234', - 'RHBA-2019:0024', - 'cisco-sa-20190513-secureboot', - ], - }, - initial_release_date: { - title: 'Initial release date', - description: 'The date when this document was first published.', - type: 'string', - format: 'date-time', - }, - revision_history: { - title: 'Revision history', - description: - 'Holds one revision item for each version of the CSAF document, including the initial one.', - type: 'array', - minItems: 1, - items: { - title: 'Revision', - description: - 'Contains all the information elements required to track the evolution of a CSAF document.', - type: 'object', - required: ['date', 'number', 'summary'], - properties: { - date: { - title: 'Date of the revision', - description: 'The date of the revision entry', - type: 'string', - format: 'date-time', - }, - legacy_version: { - title: 'Legacy version of the revision', - description: - 'Contains the version string used in an existing document with the same content.', - type: 'string', - minLength: 1, - }, - number: { - $ref: '#/$defs/version_t', - }, - summary: { - title: 'Summary of the revision', - description: - 'Holds a single non-empty string representing a short description of the changes.', - type: 'string', - minLength: 1, - examples: ['Initial version.'], - }, - }, - }, - }, - status: { - title: 'Document status', - description: 'Defines the draft status of the document.', - type: 'string', - enum: ['draft', 'final', 'interim'], - }, - version: { - $ref: '#/$defs/version_t', - }, - }, - }, - }, - }, - product_tree: { - title: 'Product tree', - description: - 'Is a container for all fully qualified product names that can be referenced elsewhere in the document.', - type: 'object', - minProperties: 1, - properties: { - branches: { - $ref: '#/$defs/branches_t', - }, - full_product_names: { - title: 'List of full product names', - description: 'Contains a list of full product names.', - type: 'array', - minItems: 1, - items: { - $ref: '#/$defs/full_product_name_t', - }, - }, - product_groups: { - title: 'List of product groups', - description: 'Contains a list of product groups.', - type: 'array', - minItems: 1, - items: { - title: 'Product group', - description: - 'Defines a new logical group of products that can then be referred to in other parts of the document to address a group of products with a single identifier.', - type: 'object', - required: ['group_id', 'product_ids'], - properties: { - group_id: { - $ref: '#/$defs/product_group_id_t', - }, - product_ids: { - title: 'List of Product IDs', - description: - 'Lists the product_ids of those products which known as one group in the document.', - type: 'array', - minItems: 2, - uniqueItems: true, - items: { - $ref: '#/$defs/product_id_t', - }, - }, - summary: { - title: 'Summary of the product group', - description: - 'Gives a short, optional description of the group.', - type: 'string', - minLength: 1, - examples: [ - 'Products supporting Modbus.', - 'The x64 versions of the operating system.', - ], - }, - }, - }, - }, - relationships: { - title: 'List of relationships', - description: 'Contains a list of relationships.', - type: 'array', - minItems: 1, - items: { - title: 'Relationship', - description: - 'Establishes a link between two existing full_product_name_t elements, allowing the document producer to define a combination of two products that form a new full_product_name entry.', - type: 'object', - required: [ - 'category', - 'full_product_name', - 'product_reference', - 'relates_to_product_reference', - ], - properties: { - category: { - title: 'Relationship category', - description: - 'Defines the category of relationship for the referenced component.', - type: 'string', - enum: [ - 'default_component_of', - 'external_component_of', - 'installed_on', - 'installed_with', - 'optional_component_of', - ], - }, - full_product_name: { - $ref: '#/$defs/full_product_name_t', - }, - product_reference: { - title: 'Product reference', - description: - 'Holds a Product ID that refers to the Full Product Name element, which is referenced as the first element of the relationship.', - $ref: '#/$defs/product_id_t', - }, - relates_to_product_reference: { - title: 'Relates to product reference', - description: - 'Holds a Product ID that refers to the Full Product Name element, which is referenced as the second element of the relationship.', - $ref: '#/$defs/product_id_t', - }, - }, - }, - }, - }, - }, - vulnerabilities: { - title: 'Vulnerabilities', - description: - 'Represents a list of all relevant vulnerability information items.', - type: 'array', - minItems: 1, - items: { - title: 'Vulnerability', - description: - 'Is a container for the aggregation of all fields that are related to a single vulnerability in the document.', - type: 'object', - minProperties: 1, - properties: { - acknowledgments: { - title: 'Vulnerability acknowledgments', - description: - 'Contains a list of acknowledgment elements associated with this vulnerability item.', - $ref: '#/$defs/acknowledgments_t', - }, - cve: { - title: 'CVE', - description: - 'Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.', - type: 'string', - pattern: '^CVE-[0-9]{4}-[0-9]{4,}$', - }, - cwe: { - title: 'CWE', - description: - 'Holds the MITRE standard Common Weakness Enumeration (CWE) for the weakness associated.', - type: 'object', - required: ['id', 'name'], - properties: { - id: { - title: 'Weakness ID', - description: 'Holds the ID for the weakness associated.', - type: 'string', - pattern: '^CWE-[1-9]\\d{0,5}$', - examples: ['CWE-22', 'CWE-352', 'CWE-79'], - }, - name: { - title: 'Weakness name', - description: - 'Holds the full name of the weakness as given in the CWE specification.', - type: 'string', - minLength: 1, - examples: [ - 'Cross-Site Request Forgery (CSRF)', - "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - ], - }, - }, - }, - discovery_date: { - title: 'Discovery date', - description: - 'Holds the date and time the vulnerability was originally discovered.', - type: 'string', - format: 'date-time', - }, - flags: { - title: 'List of flags', - description: 'Contains a list of machine readable flags.', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - title: 'Flag', - description: - 'Contains product specific information in regard to this vulnerability as a single machine readable flag.', - type: 'object', - required: ['label'], - properties: { - date: { - title: 'Date of the flag', - description: - 'Contains the date when assessment was done or the flag was assigned.', - type: 'string', - format: 'date-time', - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - label: { - title: 'Label of the flag', - description: 'Specifies the machine readable label.', - type: 'string', - enum: [ - 'component_not_present', - 'inline_mitigations_already_exist', - 'vulnerable_code_cannot_be_controlled_by_adversary', - 'vulnerable_code_not_in_execute_path', - 'vulnerable_code_not_present', - ], - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - }, - }, - }, - ids: { - title: 'List of IDs', - description: - 'Represents a list of unique labels or tracking IDs for the vulnerability (if such information exists).', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - title: 'ID', - description: - 'Contains a single unique label or tracking ID for the vulnerability.', - type: 'object', - required: ['system_name', 'text'], - properties: { - system_name: { - title: 'System name', - description: - 'Indicates the name of the vulnerability tracking or numbering system.', - type: 'string', - minLength: 1, - examples: ['Cisco Bug ID', 'GitHub Issue'], - }, - text: { - title: 'Text', - description: - 'Is unique label or tracking ID for the vulnerability (if such information exists).', - type: 'string', - minLength: 1, - examples: ['CSCso66472', 'oasis-tcs/csaf#210'], - }, - }, - }, - }, - involvements: { - title: 'List of involvements', - description: 'Contains a list of involvements.', - type: 'array', - minItems: 1, - uniqueItems: true, - items: { - title: 'Involvement', - description: - 'Is a container, that allows the document producers to comment on the level of involvement (or engagement) of themselves or third parties in the vulnerability identification, scoping, and remediation process.', - type: 'object', - required: ['party', 'status'], - properties: { - date: { - title: 'Date of involvement', - description: - 'Holds the date and time of the involvement entry.', - type: 'string', - format: 'date-time', - }, - party: { - title: 'Party category', - description: 'Defines the category of the involved party.', - type: 'string', - enum: [ - 'coordinator', - 'discoverer', - 'other', - 'user', - 'vendor', - ], - }, - status: { - title: 'Party status', - description: 'Defines contact status of the involved party.', - type: 'string', - enum: [ - 'completed', - 'contact_attempted', - 'disputed', - 'in_progress', - 'not_contacted', - 'open', - ], - }, - summary: { - title: 'Summary of the involvement', - description: - 'Contains additional context regarding what is going on.', - type: 'string', - minLength: 1, - }, - }, - }, - }, - notes: { - title: 'Vulnerability notes', - description: 'Holds notes associated with this vulnerability item.', - $ref: '#/$defs/notes_t', - }, - product_status: { - title: 'Product status', - description: - 'Contains different lists of product_ids which provide details on the status of the referenced product related to the current vulnerability. ', - type: 'object', - minProperties: 1, - properties: { - first_affected: { - title: 'First affected', - description: - 'These are the first versions of the releases known to be affected by the vulnerability.', - $ref: '#/$defs/products_t', - }, - first_fixed: { - title: 'First fixed', - description: - 'These versions contain the first fix for the vulnerability but may not be the recommended fixed versions.', - $ref: '#/$defs/products_t', - }, - fixed: { - title: 'Fixed', - description: - 'These versions contain a fix for the vulnerability but may not be the recommended fixed versions.', - $ref: '#/$defs/products_t', - }, - known_affected: { - title: 'Known affected', - description: - 'These versions are known to be affected by the vulnerability.', - $ref: '#/$defs/products_t', - }, - known_not_affected: { - title: 'Known not affected', - description: - 'These versions are known not to be affected by the vulnerability.', - $ref: '#/$defs/products_t', - }, - last_affected: { - title: 'Last affected', - description: - 'These are the last versions in a release train known to be affected by the vulnerability. Subsequently released versions would contain a fix for the vulnerability.', - $ref: '#/$defs/products_t', - }, - recommended: { - title: 'Recommended', - description: - 'These versions have a fix for the vulnerability and are the vendor-recommended versions for fixing the vulnerability.', - $ref: '#/$defs/products_t', - }, - under_investigation: { - title: 'Under investigation', - description: - 'It is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation - the result will be provided in a later release of the document.', - $ref: '#/$defs/products_t', - }, - }, - }, - references: { - title: 'Vulnerability references', - description: - 'Holds a list of references associated with this vulnerability item.', - $ref: '#/$defs/references_t', - }, - release_date: { - title: 'Release date', - description: - 'Holds the date and time the vulnerability was originally released into the wild.', - type: 'string', - format: 'date-time', - }, - remediations: { - title: 'List of remediations', - description: 'Contains a list of remediations.', - type: 'array', - minItems: 1, - items: { - title: 'Remediation', - description: - 'Specifies details on how to handle (and presumably, fix) a vulnerability.', - type: 'object', - required: ['category', 'details'], - properties: { - category: { - title: 'Category of the remediation', - description: - 'Specifies the category which this remediation belongs to.', - type: 'string', - enum: [ - 'mitigation', - 'no_fix_planned', - 'none_available', - 'vendor_fix', - 'workaround', - ], - }, - date: { - title: 'Date of the remediation', - description: - 'Contains the date from which the remediation is available.', - type: 'string', - format: 'date-time', - }, - details: { - title: 'Details of the remediation', - description: - 'Contains a thorough human-readable discussion of the remediation.', - type: 'string', - minLength: 1, - }, - entitlements: { - title: 'List of entitlements', - description: 'Contains a list of entitlements.', - type: 'array', - minItems: 1, - items: { - title: 'Entitlement of the remediation', - description: - 'Contains any possible vendor-defined constraints for obtaining fixed software or hardware that fully resolves the vulnerability.', - type: 'string', - minLength: 1, - }, - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - restart_required: { - title: 'Restart required by remediation', - description: - 'Provides information on category of restart is required by this remediation to become effective.', - type: 'object', - required: ['category'], - properties: { - category: { - title: 'Category of restart', - description: - 'Specifies what category of restart is required by this remediation to become effective.', - type: 'string', - enum: [ - 'connected', - 'dependencies', - 'machine', - 'none', - 'parent', - 'service', - 'system', - 'vulnerable_component', - 'zone', - ], - }, - details: { - title: 'Additional restart information', - description: - 'Provides additional information for the restart. This can include details on procedures, scope or impact.', - type: 'string', - minLength: 1, - }, - }, - }, - url: { - title: 'URL to the remediation', - description: - 'Contains the URL where to obtain the remediation.', - type: 'string', - format: 'uri', - }, - }, - }, - }, - scores: { - title: 'List of scores', - description: - 'contains score objects for the current vulnerability.', - type: 'array', - minItems: 1, - items: { - title: 'Score', - description: - 'specifies information about (at least one) score of the vulnerability and for which products the given value applies.', - type: 'object', - minProperties: 2, - required: ['products'], - properties: { - cvss_v2: { - $ref: 'https://www.first.org/cvss/cvss-v2.0.json', - }, - cvss_v3: { - oneOf: [ - { - $ref: 'https://www.first.org/cvss/cvss-v3.0.json', - }, - { - $ref: 'https://www.first.org/cvss/cvss-v3.1.json', - }, - ], - }, - products: { - $ref: '#/$defs/products_t', - }, - }, - }, - }, - threats: { - title: 'List of threats', - description: - 'Contains information about a vulnerability that can change with time.', - type: 'array', - minItems: 1, - items: { - title: 'Threat', - description: - 'Contains the vulnerability kinetic information. This information can change as the vulnerability ages and new information becomes available.', - type: 'object', - required: ['category', 'details'], - properties: { - category: { - title: 'Category of the threat', - description: - 'Categorizes the threat according to the rules of the specification.', - type: 'string', - enum: ['exploit_status', 'impact', 'target_set'], - }, - date: { - title: 'Date of the threat', - description: - 'Contains the date when the assessment was done or the threat appeared.', - type: 'string', - format: 'date-time', - }, - details: { - title: 'Details of the threat', - description: - 'Represents a thorough human-readable discussion of the threat.', - type: 'string', - minLength: 1, - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - }, - }, - }, - title: { - title: 'Title', - description: - 'Gives the document producer the ability to apply a canonical name or title to the vulnerability.', - type: 'string', - minLength: 1, - }, - }, - }, - }, - }, -} diff --git a/csaf-validator-lib/lib/schemaTests/csaf_2_0_strict.js b/csaf-validator-lib/lib/schemaTests/csaf_2_0_strict.js deleted file mode 100644 index d7217d2..0000000 --- a/csaf-validator-lib/lib/schemaTests/csaf_2_0_strict.js +++ /dev/null @@ -1,26 +0,0 @@ -import csafAjv from '../shared/csafAjv.js' -import schema from './csaf_2_0_strict/schema.js' - -const validate = csafAjv.compile(schema) - -/** - * @param {any} doc - */ -export default function csaf_2_0_strict(doc) { - let isValid = validate(doc) - /** - * - * @type {Array<{ - * message?: string - * instancePath: string - * }>} - */ - const errors = validate.errors ?? [] - return { - isValid, - errors: errors.map((e) => ({ - ...e, - message: e.message ?? 'unexpected empty error message', - })), - } -} diff --git a/csaf-validator-lib/lib/schemaTests/csaf_2_0_strict/schema.js b/csaf-validator-lib/lib/schemaTests/csaf_2_0_strict/schema.js deleted file mode 100644 index c5ed19b..0000000 --- a/csaf-validator-lib/lib/schemaTests/csaf_2_0_strict/schema.js +++ /dev/null @@ -1,1424 +0,0 @@ -export default { - $id: 'https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json?strict', - $schema: 'https://json-schema.org/draft/2020-12/schema', - $defs: { - acknowledgments_t: { - description: 'Contains a list of acknowledgment elements.', - items: { - additionalProperties: false, - description: - 'Acknowledges contributions by describing those that contributed.', - minProperties: 1, - properties: { - names: { - description: 'Contains the names of entities being recognized.', - items: { - description: 'Contains the name of a single person.', - examples: ['Albert Einstein', 'Johann Sebastian Bach'], - minLength: 1, - title: 'Name of entity being recognized', - type: 'string', - }, - minItems: 1, - title: 'List of acknowledged names', - type: 'array', - }, - organization: { - description: - 'Contains the name of a contributing organization being recognized.', - examples: ['CISA', 'Google Project Zero', 'Talos'], - minLength: 1, - title: 'Contributing organization', - type: 'string', - }, - summary: { - description: - 'SHOULD represent any contextual details the document producers wish to make known about the acknowledgment or acknowledged parties.', - examples: [ - 'First analysis of Coordinated Multi-Stream Attack (CMSA)', - ], - minLength: 1, - title: 'Summary of the acknowledgment', - type: 'string', - }, - urls: { - description: - 'Specifies a list of URLs or location of the reference to be acknowledged.', - items: { - description: - 'Contains the URL or location of the reference to be acknowledged.', - format: 'uri', - title: 'URL of acknowledgment', - type: 'string', - }, - minItems: 1, - title: 'List of URLs', - type: 'array', - }, - }, - title: 'Acknowledgment', - type: 'object', - }, - minItems: 1, - title: 'List of acknowledgments', - type: 'array', - }, - branches_t: { - description: - 'Contains branch elements as children of the current element.', - items: { - additionalProperties: false, - description: - 'Is a part of the hierarchical structure of the product tree.', - maxProperties: 3, - minProperties: 3, - properties: { - branches: { - $ref: '#/$defs/branches_t', - }, - category: { - description: 'Describes the characteristics of the labeled branch.', - enum: [ - 'architecture', - 'host_name', - 'language', - 'legacy', - 'patch_level', - 'product_family', - 'product_name', - 'product_version', - 'product_version_range', - 'service_pack', - 'specification', - 'vendor', - ], - title: 'Category of the branch', - type: 'string', - }, - name: { - description: - "Contains the canonical descriptor or 'friendly name' of the branch.", - examples: [ - '10', - '365', - 'Microsoft', - 'Office', - 'PCS 7', - 'SIMATIC', - 'Siemens', - 'Windows', - ], - minLength: 1, - title: 'Name of the branch', - type: 'string', - }, - product: { - $ref: '#/$defs/full_product_name_t', - }, - }, - required: ['category', 'name'], - title: 'Branch', - type: 'object', - }, - minItems: 1, - title: 'List of branches', - type: 'array', - }, - full_product_name_t: { - additionalProperties: false, - description: - 'Specifies information about the product and assigns the product_id.', - properties: { - name: { - description: - 'The value should be the product\u2019s full canonical name, including version number and other attributes, as it would be used in a human-friendly document.', - examples: [ - 'Cisco AnyConnect Secure Mobility Client 2.3.185', - 'Microsoft Host Integration Server 2006 Service Pack 1', - ], - minLength: 1, - title: 'Textual description of the product', - type: 'string', - }, - product_id: { - $ref: '#/$defs/product_id_t', - }, - product_identification_helper: { - additionalProperties: false, - description: - 'Provides at least one method which aids in identifying the product in an asset database.', - minProperties: 1, - properties: { - cpe: { - description: - 'The Common Platform Enumeration (CPE) attribute refers to a method for naming platforms external to this specification.', - minLength: 5, - pattern: - '^((cpe:2\\.3:[aho\\*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!"#\\$%&\'\\(\\)\\+,\\/:;<=>@\\[\\]\\^`\\{\\|\\}~]))+(\\?*|\\*?))|[\\*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\\*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!"#\\$%&\'\\(\\)\\+,\\/:;<=>@\\[\\]\\^`\\{\\|\\}~]))+(\\?*|\\*?))|[\\*\\-])){4})|([c][pP][eE]:\\/[AHOaho]?(:[A-Za-z0-9\\._\\-~%]*){0,6}))$', - title: 'Common Platform Enumeration representation', - type: 'string', - }, - hashes: { - description: - 'Contains a list of cryptographic hashes usable to identify files.', - items: { - additionalProperties: false, - description: - 'Contains all information to identify a file based on its cryptographic hash values.', - properties: { - file_hashes: { - description: - 'Contains a list of cryptographic hashes for this file.', - items: { - additionalProperties: false, - description: - 'Contains one hash value and algorithm of the file to be identified.', - properties: { - algorithm: { - default: 'sha256', - description: - 'Contains the name of the cryptographic hash algorithm used to calculate the value.', - examples: [ - 'blake2b512', - 'sha256', - 'sha3-512', - 'sha384', - 'sha512', - ], - minLength: 1, - title: 'Algorithm of the cryptographic hash', - type: 'string', - }, - value: { - description: - 'Contains the cryptographic hash value in hexadecimal representation.', - examples: [ - '37df33cb7464da5c7f077f4d56a32bc84987ec1d85b234537c1c1a4d4fc8d09dc29e2e762cb5203677bf849a2855a0283710f1f5fe1d6ce8d5ac85c645d0fcb3', - '4775203615d9534a8bfca96a93dc8b461a489f69124a130d786b42204f3341cc', - '9ea4c8200113d49d26505da0e02e2f49055dc078d1ad7a419b32e291c7afebbb84badfbd46dec42883bea0b2a1fa697c', - ], - minLength: 32, - pattern: '^[0-9a-fA-F]{32,}$', - title: 'Value of the cryptographic hash', - type: 'string', - }, - }, - required: ['algorithm', 'value'], - title: 'File hash', - type: 'object', - }, - minItems: 1, - title: 'List of file hashes', - type: 'array', - }, - filename: { - description: - 'Contains the name of the file which is identified by the hash values.', - examples: ['WINWORD.EXE', 'msotadddin.dll', 'sudoers.so'], - minLength: 1, - title: 'Filename', - type: 'string', - }, - }, - required: ['file_hashes', 'filename'], - title: 'Cryptographic hashes', - type: 'object', - }, - minItems: 1, - title: 'List of hashes', - type: 'array', - }, - model_numbers: { - description: 'Contains a list of parts, or full model numbers.', - items: { - description: - 'Contains a part, or a full model number of the component to identify.', - minLength: 1, - title: 'Model number', - type: 'string', - }, - minItems: 1, - title: 'List of models', - type: 'array', - uniqueItems: true, - }, - purl: { - description: - 'The package URL (purl) attribute refers to a method for reliably identifying and locating software packages external to this specification.', - format: 'uri', - minLength: 7, - pattern: '^pkg:[A-Za-z\\.\\-\\+][A-Za-z0-9\\.\\-\\+]*\\/.+', - title: 'package URL representation', - type: 'string', - }, - sbom_urls: { - description: - 'Contains a list of URLs where SBOMs for this product can be retrieved.', - items: { - description: 'Contains a URL of one SBOM for this product.', - format: 'uri', - title: 'SBOM URL', - type: 'string', - }, - minItems: 1, - title: 'List of SBOM URLs', - type: 'array', - }, - serial_numbers: { - description: 'Contains a list of parts, or full serial numbers.', - items: { - description: - 'Contains a part, or a full serial number of the component to identify.', - minLength: 1, - title: 'Serial number', - type: 'string', - }, - minItems: 1, - title: 'List of serial numbers', - type: 'array', - uniqueItems: true, - }, - skus: { - description: - 'Contains a list of parts, or full stock keeping units.', - items: { - description: - 'Contains a part, or a full stock keeping unit (SKU) which is used in the ordering process to identify the component.', - minLength: 1, - title: 'Stock keeping unit', - type: 'string', - }, - minItems: 1, - title: 'List of stock keeping units', - type: 'array', - }, - x_generic_uris: { - description: - 'Contains a list of identifiers which are either vendor-specific or derived from a standard not yet supported.', - items: { - additionalProperties: false, - description: - 'Provides a generic extension point for any identifier which is either vendor-specific or derived from a standard not yet supported.', - properties: { - namespace: { - description: - 'Refers to a URL which provides the name and knowledge about the specification used or is the namespace in which these values are valid.', - format: 'uri', - title: 'Namespace of the generic URI', - type: 'string', - }, - uri: { - description: 'Contains the identifier itself.', - format: 'uri', - title: 'URI', - type: 'string', - }, - }, - required: ['namespace', 'uri'], - title: 'Generic URI', - type: 'object', - }, - minItems: 1, - title: 'List of generic URIs', - type: 'array', - }, - }, - title: 'Helper to identify the product', - type: 'object', - }, - }, - required: ['name', 'product_id'], - title: 'Full product name', - type: 'object', - }, - lang_t: { - description: - 'Identifies a language, corresponding to IETF BCP 47 / RFC 5646. See IETF language registry: https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry', - examples: ['de', 'en', 'fr', 'frc', 'jp'], - pattern: - '^(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])$', - title: 'Language type', - type: 'string', - }, - notes_t: { - description: 'Contains notes which are specific to the current context.', - items: { - additionalProperties: false, - description: - 'Is a place to put all manner of text blobs related to the current context.', - properties: { - audience: { - description: 'Indicate who is intended to read it.', - examples: [ - 'all', - 'executives', - 'operational management and system administrators', - 'safety engineers', - ], - minLength: 1, - title: 'Audience of note', - type: 'string', - }, - category: { - description: 'Choice of what kind of note this is.', - enum: [ - 'description', - 'details', - 'faq', - 'general', - 'legal_disclaimer', - 'other', - 'summary', - ], - title: 'Note category', - type: 'string', - }, - text: { - description: - 'The contents of the note. Content varies depending on type.', - minLength: 1, - title: 'Note contents', - type: 'string', - }, - title: { - description: - 'Provides a concise description of what is contained in the text of the note.', - examples: [ - 'Details', - 'Executive summary', - 'Technical summary', - 'Impact on safety systems', - ], - minLength: 1, - title: 'Title of note', - type: 'string', - }, - }, - required: ['category', 'text'], - title: 'Note', - type: 'object', - }, - minItems: 1, - title: 'List of notes', - type: 'array', - }, - product_group_id_t: { - description: - 'Token required to identify a group of products so that it can be referred to from other parts in the document. There is no predefined or required format for the product_group_id as long as it uniquely identifies a group in the context of the current document.', - examples: ['CSAFGID-0001', 'CSAFGID-0002', 'CSAFGID-0020'], - minLength: 1, - title: 'Reference token for product group instance', - type: 'string', - }, - product_groups_t: { - description: - 'Specifies a list of product_group_ids to give context to the parent item.', - items: { - $ref: '#/$defs/product_group_id_t', - }, - minItems: 1, - title: 'List of product_group_ids', - type: 'array', - uniqueItems: true, - }, - product_id_t: { - description: - 'Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document.', - examples: ['CSAFPID-0004', 'CSAFPID-0008'], - minLength: 1, - title: 'Reference token for product instance', - type: 'string', - }, - products_t: { - description: - 'Specifies a list of product_ids to give context to the parent item.', - items: { - $ref: '#/$defs/product_id_t', - }, - minItems: 1, - title: 'List of product_ids', - type: 'array', - uniqueItems: true, - }, - references_t: { - description: 'Holds a list of references.', - items: { - additionalProperties: false, - description: - 'Holds any reference to conferences, papers, advisories, and other resources that are related and considered related to either a surrounding part of or the entire document and to be of value to the document consumer.', - properties: { - category: { - default: 'external', - description: - 'Indicates whether the reference points to the same document or vulnerability in focus (depending on scope) or to an external resource.', - enum: ['external', 'self'], - title: 'Category of reference', - type: 'string', - }, - summary: { - description: 'Indicates what this reference refers to.', - minLength: 1, - title: 'Summary of the reference', - type: 'string', - }, - url: { - description: 'Provides the URL for the reference.', - format: 'uri', - title: 'URL of reference', - type: 'string', - }, - }, - required: ['summary', 'url'], - title: 'Reference', - type: 'object', - }, - minItems: 1, - title: 'List of references', - type: 'array', - }, - version_t: { - description: - 'Specifies a version string to denote clearly the evolution of the content of the document. Format must be either integer or semantic versioning.', - examples: ['1', '4', '0.9.0', '1.4.3', '2.40.0+21AF26D3'], - pattern: - '^(0|[1-9][0-9]*)$|^((0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?)$', - title: 'Version', - type: 'string', - }, - }, - additionalProperties: false, - description: - 'Representation of security advisory information as a JSON document.', - properties: { - document: { - additionalProperties: false, - description: - 'Captures the meta-data about this document describing a particular set of security advisories.', - properties: { - acknowledgments: { - $ref: '#/$defs/acknowledgments_t', - description: - 'Contains a list of acknowledgment elements associated with the whole document.', - title: 'Document acknowledgments', - }, - aggregate_severity: { - additionalProperties: false, - description: - "Is a vehicle that is provided by the document producer to convey the urgency and criticality with which the one or more vulnerabilities reported should be addressed. It is a document-level metric and applied to the document as a whole \u2014 not any specific vulnerability. The range of values in this field is defined according to the document producer's policies and procedures.", - properties: { - namespace: { - description: 'Points to the namespace so referenced.', - format: 'uri', - title: 'Namespace of aggregate severity', - type: 'string', - }, - text: { - description: - 'Provides a severity which is independent of - and in addition to - any other standard metric for determining the impact or severity of a given vulnerability (such as CVSS).', - examples: ['Critical', 'Important', 'Moderate'], - minLength: 1, - title: 'Text of aggregate severity', - type: 'string', - }, - }, - required: ['text'], - title: 'Aggregate severity', - type: 'object', - }, - category: { - description: - 'Defines a short canonical name, chosen by the document producer, which will inform the end user as to the category of document.', - examples: [ - 'csaf_base', - 'csaf_security_advisory', - 'csaf_vex', - 'Example Company Security Notice', - ], - minLength: 1, - pattern: '^[^\\s\\-_\\.](.*[^\\s\\-_\\.])?$', - title: 'Document category', - type: 'string', - }, - csaf_version: { - description: - 'Gives the version of the CSAF specification which the document was generated for.', - enum: ['2.0'], - title: 'CSAF version', - type: 'string', - }, - distribution: { - additionalProperties: false, - description: - 'Describe any constraints on how this document might be shared.', - minProperties: 1, - properties: { - text: { - description: - 'Provides a textual description of additional constraints.', - examples: [ - 'Copyright 2021, Example Company, All Rights Reserved.', - 'Distribute freely.', - 'Share only on a need-to-know-basis only.', - ], - minLength: 1, - title: 'Textual description', - type: 'string', - }, - tlp: { - additionalProperties: false, - description: - 'Provides details about the TLP classification of the document.', - properties: { - label: { - description: 'Provides the TLP label of the document.', - enum: ['AMBER', 'GREEN', 'RED', 'WHITE'], - title: 'Label of TLP', - type: 'string', - }, - url: { - default: 'https://www.first.org/tlp/', - description: - 'Provides a URL where to find the textual description of the TLP version which is used in this document. Default is the URL to the definition by FIRST.', - examples: [ - 'https://www.us-cert.gov/tlp', - 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Kritis/Merkblatt_TLP.pdf', - ], - format: 'uri', - title: 'URL of TLP version', - type: 'string', - }, - }, - required: ['label'], - title: 'Traffic Light Protocol (TLP)', - type: 'object', - }, - }, - title: 'Rules for sharing document', - type: 'object', - }, - lang: { - $ref: '#/$defs/lang_t', - description: - 'Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.', - title: 'Document language', - }, - notes: { - $ref: '#/$defs/notes_t', - description: 'Holds notes associated with the whole document.', - title: 'Document notes', - }, - publisher: { - additionalProperties: false, - description: - 'Provides information about the publisher of the document.', - properties: { - category: { - description: - 'Provides information about the category of publisher releasing the document.', - enum: [ - 'coordinator', - 'discoverer', - 'other', - 'translator', - 'user', - 'vendor', - ], - title: 'Category of publisher', - type: 'string', - }, - contact_details: { - description: - 'Information on how to contact the publisher, possibly including details such as web sites, email addresses, phone numbers, and postal mail addresses.', - examples: [ - 'Example Company can be reached at contact_us@example.com, or via our website at https://www.example.com/contact.', - ], - minLength: 1, - title: 'Contact details', - type: 'string', - }, - issuing_authority: { - description: - "Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.", - minLength: 1, - title: 'Issuing authority', - type: 'string', - }, - name: { - description: 'Contains the name of the issuing party.', - examples: ['BSI', 'Cisco PSIRT', 'Siemens ProductCERT'], - minLength: 1, - title: 'Name of publisher', - type: 'string', - }, - namespace: { - description: - 'Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party.', - examples: ['https://csaf.io', 'https://www.example.com'], - format: 'uri', - title: 'Namespace of publisher', - type: 'string', - }, - }, - required: ['category', 'name', 'namespace'], - title: 'Publisher', - type: 'object', - }, - references: { - $ref: '#/$defs/references_t', - description: - 'Holds a list of references associated with the whole document.', - title: 'Document references', - }, - source_lang: { - $ref: '#/$defs/lang_t', - description: - 'If this copy of the document is a translation then the value of this property describes from which language this document was translated.', - title: 'Source language', - }, - title: { - description: - 'This SHOULD be a canonical name for the document, and sufficiently unique to distinguish it from similar documents.', - examples: [ - 'Cisco IPv6 Crafted Packet Denial of Service Vulnerability', - 'Example Company Cross-Site-Scripting Vulnerability in Example Generator', - ], - minLength: 1, - title: 'Title of this document', - type: 'string', - }, - tracking: { - additionalProperties: false, - description: - 'Is a container designated to hold all management attributes necessary to track a CSAF document as a whole.', - properties: { - aliases: { - description: - 'Contains a list of alternate names for the same document.', - items: { - description: - 'Specifies a non-empty string that represents a distinct optional alternative ID used to refer to the document.', - examples: ['CVE-2019-12345'], - minLength: 1, - title: 'Alternate name', - type: 'string', - }, - minItems: 1, - title: 'Aliases', - type: 'array', - uniqueItems: true, - }, - current_release_date: { - description: - 'The date when the current revision of this document was released', - format: 'date-time', - title: 'Current release date', - type: 'string', - }, - generator: { - additionalProperties: false, - description: - 'Is a container to hold all elements related to the generation of the document. These items will reference when the document was actually created, including the date it was generated and the entity that generated it.', - properties: { - date: { - description: - 'This SHOULD be the current date that the document was generated. Because documents are often generated internally by a document producer and exist for a nonzero amount of time before being released, this field MAY be different from the Initial Release Date and Current Release Date.', - format: 'date-time', - title: 'Date of document generation', - type: 'string', - }, - engine: { - additionalProperties: false, - description: - 'Contains information about the engine that generated the CSAF document.', - properties: { - name: { - description: - 'Represents the name of the engine that generated the CSAF document.', - examples: ['Red Hat rhsa-to-cvrf', 'Secvisogram', 'TVCE'], - minLength: 1, - title: 'Engine name', - type: 'string', - }, - version: { - description: - 'Contains the version of the engine that generated the CSAF document.', - examples: ['0.6.0', '1.0.0-beta+exp.sha.a1c44f85', '2'], - minLength: 1, - title: 'Engine version', - type: 'string', - }, - }, - required: ['name'], - title: 'Engine of document generation', - type: 'object', - }, - }, - required: ['engine'], - title: 'Document generator', - type: 'object', - }, - id: { - description: - 'The ID is a simple label that provides for a wide range of numbering values, types, and schemes. Its value SHOULD be assigned and maintained by the original document issuing authority.', - examples: [ - 'Example Company - 2019-YH3234', - 'RHBA-2019:0024', - 'cisco-sa-20190513-secureboot', - ], - minLength: 1, - pattern: '^[\\S](.*[\\S])?$', - title: 'Unique identifier for the document', - type: 'string', - }, - initial_release_date: { - description: 'The date when this document was first published.', - format: 'date-time', - title: 'Initial release date', - type: 'string', - }, - revision_history: { - description: - 'Holds one revision item for each version of the CSAF document, including the initial one.', - items: { - additionalProperties: false, - description: - 'Contains all the information elements required to track the evolution of a CSAF document.', - properties: { - date: { - description: 'The date of the revision entry', - format: 'date-time', - title: 'Date of the revision', - type: 'string', - }, - legacy_version: { - description: - 'Contains the version string used in an existing document with the same content.', - minLength: 1, - title: 'Legacy version of the revision', - type: 'string', - }, - number: { - $ref: '#/$defs/version_t', - }, - summary: { - description: - 'Holds a single non-empty string representing a short description of the changes.', - examples: ['Initial version.'], - minLength: 1, - title: 'Summary of the revision', - type: 'string', - }, - }, - required: ['date', 'number', 'summary'], - title: 'Revision', - type: 'object', - }, - minItems: 1, - title: 'Revision history', - type: 'array', - }, - status: { - description: 'Defines the draft status of the document.', - enum: ['draft', 'final', 'interim'], - title: 'Document status', - type: 'string', - }, - version: { - $ref: '#/$defs/version_t', - }, - }, - required: [ - 'current_release_date', - 'id', - 'initial_release_date', - 'revision_history', - 'status', - 'version', - ], - title: 'Tracking', - type: 'object', - }, - }, - required: ['category', 'csaf_version', 'publisher', 'title', 'tracking'], - title: 'Document level meta-data', - type: 'object', - }, - product_tree: { - additionalProperties: false, - description: - 'Is a container for all fully qualified product names that can be referenced elsewhere in the document.', - minProperties: 1, - properties: { - branches: { - $ref: '#/$defs/branches_t', - }, - full_product_names: { - description: 'Contains a list of full product names.', - items: { - $ref: '#/$defs/full_product_name_t', - }, - minItems: 1, - title: 'List of full product names', - type: 'array', - }, - product_groups: { - description: 'Contains a list of product groups.', - items: { - additionalProperties: false, - description: - 'Defines a new logical group of products that can then be referred to in other parts of the document to address a group of products with a single identifier.', - properties: { - group_id: { - $ref: '#/$defs/product_group_id_t', - }, - product_ids: { - description: - 'Lists the product_ids of those products which known as one group in the document.', - items: { - $ref: '#/$defs/product_id_t', - }, - minItems: 2, - title: 'List of Product IDs', - type: 'array', - uniqueItems: true, - }, - summary: { - description: - 'Gives a short, optional description of the group.', - examples: [ - 'Products supporting Modbus.', - 'The x64 versions of the operating system.', - ], - minLength: 1, - title: 'Summary of the product group', - type: 'string', - }, - }, - required: ['group_id', 'product_ids'], - title: 'Product group', - type: 'object', - }, - minItems: 1, - title: 'List of product groups', - type: 'array', - }, - relationships: { - description: 'Contains a list of relationships.', - items: { - additionalProperties: false, - description: - 'Establishes a link between two existing full_product_name_t elements, allowing the document producer to define a combination of two products that form a new full_product_name entry.', - properties: { - category: { - description: - 'Defines the category of relationship for the referenced component.', - enum: [ - 'default_component_of', - 'external_component_of', - 'installed_on', - 'installed_with', - 'optional_component_of', - ], - title: 'Relationship category', - type: 'string', - }, - full_product_name: { - $ref: '#/$defs/full_product_name_t', - }, - product_reference: { - $ref: '#/$defs/product_id_t', - description: - 'Holds a Product ID that refers to the Full Product Name element, which is referenced as the first element of the relationship.', - title: 'Product reference', - }, - relates_to_product_reference: { - $ref: '#/$defs/product_id_t', - description: - 'Holds a Product ID that refers to the Full Product Name element, which is referenced as the second element of the relationship.', - title: 'Relates to product reference', - }, - }, - required: [ - 'category', - 'full_product_name', - 'product_reference', - 'relates_to_product_reference', - ], - title: 'Relationship', - type: 'object', - }, - minItems: 1, - title: 'List of relationships', - type: 'array', - }, - }, - title: 'Product tree', - type: 'object', - }, - vulnerabilities: { - description: - 'Represents a list of all relevant vulnerability information items.', - items: { - additionalProperties: false, - description: - 'Is a container for the aggregation of all fields that are related to a single vulnerability in the document.', - minProperties: 1, - properties: { - acknowledgments: { - $ref: '#/$defs/acknowledgments_t', - description: - 'Contains a list of acknowledgment elements associated with this vulnerability item.', - title: 'Vulnerability acknowledgments', - }, - cve: { - description: - 'Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.', - pattern: '^CVE-[0-9]{4}-[0-9]{4,}$', - title: 'CVE', - type: 'string', - }, - cwe: { - additionalProperties: false, - description: - 'Holds the MITRE standard Common Weakness Enumeration (CWE) for the weakness associated.', - properties: { - id: { - description: 'Holds the ID for the weakness associated.', - examples: ['CWE-22', 'CWE-352', 'CWE-79'], - pattern: '^CWE-[1-9]\\d{0,5}$', - title: 'Weakness ID', - type: 'string', - }, - name: { - description: - 'Holds the full name of the weakness as given in the CWE specification.', - examples: [ - 'Cross-Site Request Forgery (CSRF)', - "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - ], - minLength: 1, - title: 'Weakness name', - type: 'string', - }, - }, - required: ['id', 'name'], - title: 'CWE', - type: 'object', - }, - discovery_date: { - description: - 'Holds the date and time the vulnerability was originally discovered.', - format: 'date-time', - title: 'Discovery date', - type: 'string', - }, - flags: { - description: 'Contains a list of machine readable flags.', - items: { - additionalProperties: false, - description: - 'Contains product specific information in regard to this vulnerability as a single machine readable flag.', - properties: { - date: { - description: - 'Contains the date when assessment was done or the flag was assigned.', - format: 'date-time', - title: 'Date of the flag', - type: 'string', - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - label: { - description: 'Specifies the machine readable label.', - enum: [ - 'component_not_present', - 'inline_mitigations_already_exist', - 'vulnerable_code_cannot_be_controlled_by_adversary', - 'vulnerable_code_not_in_execute_path', - 'vulnerable_code_not_present', - ], - title: 'Label of the flag', - type: 'string', - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - }, - required: ['label'], - title: 'Flag', - type: 'object', - }, - minItems: 1, - title: 'List of flags', - type: 'array', - uniqueItems: true, - }, - ids: { - description: - 'Represents a list of unique labels or tracking IDs for the vulnerability (if such information exists).', - items: { - additionalProperties: false, - description: - 'Contains a single unique label or tracking ID for the vulnerability.', - properties: { - system_name: { - description: - 'Indicates the name of the vulnerability tracking or numbering system.', - examples: ['Cisco Bug ID', 'GitHub Issue'], - minLength: 1, - title: 'System name', - type: 'string', - }, - text: { - description: - 'Is unique label or tracking ID for the vulnerability (if such information exists).', - examples: ['CSCso66472', 'oasis-tcs/csaf#210'], - minLength: 1, - title: 'Text', - type: 'string', - }, - }, - required: ['system_name', 'text'], - title: 'ID', - type: 'object', - }, - minItems: 1, - title: 'List of IDs', - type: 'array', - uniqueItems: true, - }, - involvements: { - description: 'Contains a list of involvements.', - items: { - additionalProperties: false, - description: - 'Is a container, that allows the document producers to comment on the level of involvement (or engagement) of themselves or third parties in the vulnerability identification, scoping, and remediation process.', - properties: { - date: { - description: - 'Holds the date and time of the involvement entry.', - format: 'date-time', - title: 'Date of involvement', - type: 'string', - }, - party: { - description: 'Defines the category of the involved party.', - enum: [ - 'coordinator', - 'discoverer', - 'other', - 'user', - 'vendor', - ], - title: 'Party category', - type: 'string', - }, - status: { - description: 'Defines contact status of the involved party.', - enum: [ - 'completed', - 'contact_attempted', - 'disputed', - 'in_progress', - 'not_contacted', - 'open', - ], - title: 'Party status', - type: 'string', - }, - summary: { - description: - 'Contains additional context regarding what is going on.', - minLength: 1, - title: 'Summary of the involvement', - type: 'string', - }, - }, - required: ['party', 'status'], - title: 'Involvement', - type: 'object', - }, - minItems: 1, - title: 'List of involvements', - type: 'array', - uniqueItems: true, - }, - notes: { - $ref: '#/$defs/notes_t', - description: 'Holds notes associated with this vulnerability item.', - title: 'Vulnerability notes', - }, - product_status: { - additionalProperties: false, - description: - 'Contains different lists of product_ids which provide details on the status of the referenced product related to the current vulnerability. ', - minProperties: 1, - properties: { - first_affected: { - $ref: '#/$defs/products_t', - description: - 'These are the first versions of the releases known to be affected by the vulnerability.', - title: 'First affected', - }, - first_fixed: { - $ref: '#/$defs/products_t', - description: - 'These versions contain the first fix for the vulnerability but may not be the recommended fixed versions.', - title: 'First fixed', - }, - fixed: { - $ref: '#/$defs/products_t', - description: - 'These versions contain a fix for the vulnerability but may not be the recommended fixed versions.', - title: 'Fixed', - }, - known_affected: { - $ref: '#/$defs/products_t', - description: - 'These versions are known to be affected by the vulnerability.', - title: 'Known affected', - }, - known_not_affected: { - $ref: '#/$defs/products_t', - description: - 'These versions are known not to be affected by the vulnerability.', - title: 'Known not affected', - }, - last_affected: { - $ref: '#/$defs/products_t', - description: - 'These are the last versions in a release train known to be affected by the vulnerability. Subsequently released versions would contain a fix for the vulnerability.', - title: 'Last affected', - }, - recommended: { - $ref: '#/$defs/products_t', - description: - 'These versions have a fix for the vulnerability and are the vendor-recommended versions for fixing the vulnerability.', - title: 'Recommended', - }, - under_investigation: { - $ref: '#/$defs/products_t', - description: - 'It is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation - the result will be provided in a later release of the document.', - title: 'Under investigation', - }, - }, - title: 'Product status', - type: 'object', - }, - references: { - $ref: '#/$defs/references_t', - description: - 'Holds a list of references associated with this vulnerability item.', - title: 'Vulnerability references', - }, - release_date: { - description: - 'Holds the date and time the vulnerability was originally released into the wild.', - format: 'date-time', - title: 'Release date', - type: 'string', - }, - remediations: { - description: 'Contains a list of remediations.', - items: { - additionalProperties: false, - description: - 'Specifies details on how to handle (and presumably, fix) a vulnerability.', - properties: { - category: { - description: - 'Specifies the category which this remediation belongs to.', - enum: [ - 'mitigation', - 'no_fix_planned', - 'none_available', - 'vendor_fix', - 'workaround', - ], - title: 'Category of the remediation', - type: 'string', - }, - date: { - description: - 'Contains the date from which the remediation is available.', - format: 'date-time', - title: 'Date of the remediation', - type: 'string', - }, - details: { - description: - 'Contains a thorough human-readable discussion of the remediation.', - minLength: 1, - title: 'Details of the remediation', - type: 'string', - }, - entitlements: { - description: 'Contains a list of entitlements.', - items: { - description: - 'Contains any possible vendor-defined constraints for obtaining fixed software or hardware that fully resolves the vulnerability.', - minLength: 1, - title: 'Entitlement of the remediation', - type: 'string', - }, - minItems: 1, - title: 'List of entitlements', - type: 'array', - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - restart_required: { - additionalProperties: false, - description: - 'Provides information on category of restart is required by this remediation to become effective.', - properties: { - category: { - description: - 'Specifies what category of restart is required by this remediation to become effective.', - enum: [ - 'connected', - 'dependencies', - 'machine', - 'none', - 'parent', - 'service', - 'system', - 'vulnerable_component', - 'zone', - ], - title: 'Category of restart', - type: 'string', - }, - details: { - description: - 'Provides additional information for the restart. This can include details on procedures, scope or impact.', - minLength: 1, - title: 'Additional restart information', - type: 'string', - }, - }, - required: ['category'], - title: 'Restart required by remediation', - type: 'object', - }, - url: { - description: - 'Contains the URL where to obtain the remediation.', - format: 'uri', - title: 'URL to the remediation', - type: 'string', - }, - }, - required: ['category', 'details'], - title: 'Remediation', - type: 'object', - }, - minItems: 1, - title: 'List of remediations', - type: 'array', - }, - scores: { - description: - 'contains score objects for the current vulnerability.', - items: { - additionalProperties: false, - description: - 'specifies information about (at least one) score of the vulnerability and for which products the given value applies.', - minProperties: 2, - properties: { - cvss_v2: { - $ref: 'https://www.first.org/cvss/cvss-v2.0.json', - }, - cvss_v3: { - oneOf: [ - { - $ref: 'https://www.first.org/cvss/cvss-v3.0.json', - }, - { - $ref: 'https://www.first.org/cvss/cvss-v3.1.json', - }, - ], - }, - products: { - $ref: '#/$defs/products_t', - }, - }, - required: ['products'], - title: 'Score', - type: 'object', - }, - minItems: 1, - title: 'List of scores', - type: 'array', - }, - threats: { - description: - 'Contains information about a vulnerability that can change with time.', - items: { - additionalProperties: false, - description: - 'Contains the vulnerability kinetic information. This information can change as the vulnerability ages and new information becomes available.', - properties: { - category: { - description: - 'Categorizes the threat according to the rules of the specification.', - enum: ['exploit_status', 'impact', 'target_set'], - title: 'Category of the threat', - type: 'string', - }, - date: { - description: - 'Contains the date when the assessment was done or the threat appeared.', - format: 'date-time', - title: 'Date of the threat', - type: 'string', - }, - details: { - description: - 'Represents a thorough human-readable discussion of the threat.', - minLength: 1, - title: 'Details of the threat', - type: 'string', - }, - group_ids: { - $ref: '#/$defs/product_groups_t', - }, - product_ids: { - $ref: '#/$defs/products_t', - }, - }, - required: ['category', 'details'], - title: 'Threat', - type: 'object', - }, - minItems: 1, - title: 'List of threats', - type: 'array', - }, - title: { - description: - 'Gives the document producer the ability to apply a canonical name or title to the vulnerability.', - minLength: 1, - title: 'Title', - type: 'string', - }, - }, - title: 'Vulnerability', - type: 'object', - }, - minItems: 1, - title: 'Vulnerabilities', - type: 'array', - }, - }, - required: ['document'], - title: 'Common Security Advisory Framework', - type: 'object', -} diff --git a/csaf-validator-lib/lib/shared/bcpLanguageTagChecker.js b/csaf-validator-lib/lib/shared/bcpLanguageTagChecker.js deleted file mode 100644 index 78e5236..0000000 --- a/csaf-validator-lib/lib/shared/bcpLanguageTagChecker.js +++ /dev/null @@ -1,132 +0,0 @@ -import bcp47 from 'bcp47' -import extensions from './bcpLanguageTagChecker/extensions.js' -import icann from './bcpLanguageTagChecker/subtags.js' - -/** @type {Set} */ -const extensionIdentifierSet = new Set(extensions.map((e) => e.identifier)) - -/** - * @param {string} tag - */ -export default function (tag) { - const parsed = bcp47.parse(tag) - - return ( - parsed !== null && - (parsed.langtag.language.language === null || - icann.subtags.some((s) => { - return ( - s.type === 'language' && - stringMatchesSubtag( - /** @type {string} */ (parsed.langtag.language.language), - s.subtag - ) - ) - })) && - parsed.langtag.language.extlang.length <= 1 && - parsed.langtag.language.extlang.every((extlang) => - icann.subtags.some( - (s) => - s.subtag.toLowerCase() === extlang.toLowerCase() && - s.type === 'extlang' && - s.prefix.some((p) => stringMatchesSubtagPrefix(tag, extlang, p)) - ) - ) && - (parsed.langtag.script === null || - icann.subtags.some( - (s) => - s.type === 'script' && - stringMatchesSubtag( - /** @type {string} */ (parsed.langtag.script), - s.subtag - ) - )) && - (parsed.langtag.region === null || - icann.subtags.some( - (s) => - s.type === 'region' && - stringMatchesSubtag( - /** @type {string} */ (parsed.langtag.region), - s.subtag - ) - )) && - parsed.langtag.variant.every((variant) => - icann.subtags.some( - (s) => - s.subtag.toLowerCase() === variant.toLowerCase() && - s.type === 'variant' && - s.prefix.some((p) => stringMatchesSubtagPrefix(tag, variant, p)) - ) - ) && - parsed.langtag.variant.filter( - (item, index) => parsed.langtag.variant.indexOf(item) !== index - ).length === 0 && - parsed.langtag.extension.filter( - (extension, index) => - parsed.langtag.extension.findIndex( - (e) => e.singleton === extension.singleton - ) !== index - ).length === 0 && - parsed.langtag.extension.every((extension) => - extensionIdentifierSet.has(extension.singleton) - ) - ) -} - -/** - * @param {string} tag - */ -export function isPrivateLanguage(tag) { - const parsed = bcp47.parse(tag) - - return ( - parsed && - typeof parsed.langtag.language.language === 'string' && - icann.subtags.some((s) => { - return ( - (s.type === 'language' && - stringMatchesSubtag( - /** @type {string} */ (parsed.langtag.language.language), - s.subtag - ) && - s.scope === 'private-use') || - (s.type === 'region' && - typeof parsed.langtag.region === 'string' && - stringMatchesSubtag(parsed.langtag.region, s.subtag) && - s.scope === 'private-use') || - (s.type === 'script' && - typeof parsed.langtag.script === 'string' && - stringMatchesSubtag(parsed.langtag.script, s.subtag) && - s.scope === 'private-use') - ) - }) - ) -} - -/** - * @param {string} str - * @param {string} subtag - * @returns - */ -function stringMatchesSubtag(str, subtag) { - const tag = /** @type {string} */ (str).toLowerCase() - const rangeMatch = subtag.match(/^([a-zA-Z]+)\.\.([a-zA-Z]+)$/) - if (rangeMatch) { - return ( - rangeMatch[1].toLowerCase() <= tag && tag <= rangeMatch[2].toLowerCase() - ) - } - return subtag.toLowerCase() === tag -} - -/** - * @param {string} str - * @param {string} subtag - * @param {string} prefix - */ -function stringMatchesSubtagPrefix(str, subtag, prefix) { - return str - .substring(0, str.toLowerCase().indexOf(subtag.toLowerCase()) - 1) - .toLowerCase() - .startsWith(prefix.toLowerCase()) -} diff --git a/csaf-validator-lib/lib/shared/bcpLanguageTagChecker/extensions.js b/csaf-validator-lib/lib/shared/bcpLanguageTagChecker/extensions.js deleted file mode 100644 index d2e810d..0000000 --- a/csaf-validator-lib/lib/shared/bcpLanguageTagChecker/extensions.js +++ /dev/null @@ -1,8 +0,0 @@ -export default /** @type {const} */ ([ - { - identifier: 't', - }, - { - identifier: 'u', - }, -]) diff --git a/csaf-validator-lib/lib/shared/bcpLanguageTagChecker/subtags.js b/csaf-validator-lib/lib/shared/bcpLanguageTagChecker/subtags.js deleted file mode 100644 index 3b670a2..0000000 --- a/csaf-validator-lib/lib/shared/bcpLanguageTagChecker/subtags.js +++ /dev/null @@ -1,9293 +0,0 @@ -export default /** @type {const} */ ({ - subtags: [ - { type: 'language', subtag: 'aa', prefix: [], scope: null }, - { type: 'language', subtag: 'ab', prefix: [], scope: null }, - { type: 'language', subtag: 'ae', prefix: [], scope: null }, - { type: 'language', subtag: 'af', prefix: [], scope: null }, - { type: 'language', subtag: 'ak', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'am', prefix: [], scope: null }, - { type: 'language', subtag: 'an', prefix: [], scope: null }, - { type: 'language', subtag: 'ar', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'as', prefix: [], scope: null }, - { type: 'language', subtag: 'av', prefix: [], scope: null }, - { type: 'language', subtag: 'ay', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'az', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'ba', prefix: [], scope: null }, - { type: 'language', subtag: 'be', prefix: [], scope: null }, - { type: 'language', subtag: 'bg', prefix: [], scope: null }, - { type: 'language', subtag: 'bh', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'bi', prefix: [], scope: null }, - { type: 'language', subtag: 'bm', prefix: [], scope: null }, - { type: 'language', subtag: 'bn', prefix: [], scope: null }, - { type: 'language', subtag: 'bo', prefix: [], scope: null }, - { type: 'language', subtag: 'br', prefix: [], scope: null }, - { type: 'language', subtag: 'bs', prefix: [], scope: null }, - { type: 'language', subtag: 'ca', prefix: [], scope: null }, - { type: 'language', subtag: 'ce', prefix: [], scope: null }, - { type: 'language', subtag: 'ch', prefix: [], scope: null }, - { type: 'language', subtag: 'co', prefix: [], scope: null }, - { type: 'language', subtag: 'cr', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'cs', prefix: [], scope: null }, - { type: 'language', subtag: 'cu', prefix: [], scope: null }, - { type: 'language', subtag: 'cv', prefix: [], scope: null }, - { type: 'language', subtag: 'cy', prefix: [], scope: null }, - { type: 'language', subtag: 'da', prefix: [], scope: null }, - { type: 'language', subtag: 'de', prefix: [], scope: null }, - { type: 'language', subtag: 'dv', prefix: [], scope: null }, - { type: 'language', subtag: 'dz', prefix: [], scope: null }, - { type: 'language', subtag: 'ee', prefix: [], scope: null }, - { type: 'language', subtag: 'el', prefix: [], scope: null }, - { type: 'language', subtag: 'en', prefix: [], scope: null }, - { type: 'language', subtag: 'eo', prefix: [], scope: null }, - { type: 'language', subtag: 'es', prefix: [], scope: null }, - { type: 'language', subtag: 'et', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'eu', prefix: [], scope: null }, - { type: 'language', subtag: 'fa', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'ff', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'fi', prefix: [], scope: null }, - { type: 'language', subtag: 'fj', prefix: [], scope: null }, - { type: 'language', subtag: 'fo', prefix: [], scope: null }, - { type: 'language', subtag: 'fr', prefix: [], scope: null }, - { type: 'language', subtag: 'fy', prefix: [], scope: null }, - { type: 'language', subtag: 'ga', prefix: [], scope: null }, - { type: 'language', subtag: 'gd', prefix: [], scope: null }, - { type: 'language', subtag: 'gl', prefix: [], scope: null }, - { type: 'language', subtag: 'gn', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'gu', prefix: [], scope: null }, - { type: 'language', subtag: 'gv', prefix: [], scope: null }, - { type: 'language', subtag: 'ha', prefix: [], scope: null }, - { type: 'language', subtag: 'he', prefix: [], scope: null }, - { type: 'language', subtag: 'hi', prefix: [], scope: null }, - { type: 'language', subtag: 'ho', prefix: [], scope: null }, - { type: 'language', subtag: 'hr', prefix: [], scope: null }, - { type: 'language', subtag: 'ht', prefix: [], scope: null }, - { type: 'language', subtag: 'hu', prefix: [], scope: null }, - { type: 'language', subtag: 'hy', prefix: [], scope: null }, - { type: 'language', subtag: 'hz', prefix: [], scope: null }, - { type: 'language', subtag: 'ia', prefix: [], scope: null }, - { type: 'language', subtag: 'id', prefix: [], scope: null }, - { type: 'language', subtag: 'ie', prefix: [], scope: null }, - { type: 'language', subtag: 'ig', prefix: [], scope: null }, - { type: 'language', subtag: 'ii', prefix: [], scope: null }, - { type: 'language', subtag: 'ik', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'in', prefix: [], scope: null }, - { type: 'language', subtag: 'io', prefix: [], scope: null }, - { type: 'language', subtag: 'is', prefix: [], scope: null }, - { type: 'language', subtag: 'it', prefix: [], scope: null }, - { type: 'language', subtag: 'iu', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'iw', prefix: [], scope: null }, - { type: 'language', subtag: 'ja', prefix: [], scope: null }, - { type: 'language', subtag: 'ji', prefix: [], scope: null }, - { type: 'language', subtag: 'jv', prefix: [], scope: null }, - { type: 'language', subtag: 'jw', prefix: [], scope: null }, - { type: 'language', subtag: 'ka', prefix: [], scope: null }, - { type: 'language', subtag: 'kg', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'ki', prefix: [], scope: null }, - { type: 'language', subtag: 'kj', prefix: [], scope: null }, - { type: 'language', subtag: 'kk', prefix: [], scope: null }, - { type: 'language', subtag: 'kl', prefix: [], scope: null }, - { type: 'language', subtag: 'km', prefix: [], scope: null }, - { type: 'language', subtag: 'kn', prefix: [], scope: null }, - { type: 'language', subtag: 'ko', prefix: [], scope: null }, - { type: 'language', subtag: 'kr', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'ks', prefix: [], scope: null }, - { type: 'language', subtag: 'ku', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'kv', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'kw', prefix: [], scope: null }, - { type: 'language', subtag: 'ky', prefix: [], scope: null }, - { type: 'language', subtag: 'la', prefix: [], scope: null }, - { type: 'language', subtag: 'lb', prefix: [], scope: null }, - { type: 'language', subtag: 'lg', prefix: [], scope: null }, - { type: 'language', subtag: 'li', prefix: [], scope: null }, - { type: 'language', subtag: 'ln', prefix: [], scope: null }, - { type: 'language', subtag: 'lo', prefix: [], scope: null }, - { type: 'language', subtag: 'lt', prefix: [], scope: null }, - { type: 'language', subtag: 'lu', prefix: [], scope: null }, - { type: 'language', subtag: 'lv', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'mg', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'mh', prefix: [], scope: null }, - { type: 'language', subtag: 'mi', prefix: [], scope: null }, - { type: 'language', subtag: 'mk', prefix: [], scope: null }, - { type: 'language', subtag: 'ml', prefix: [], scope: null }, - { type: 'language', subtag: 'mn', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'mo', prefix: [], scope: null }, - { type: 'language', subtag: 'mr', prefix: [], scope: null }, - { type: 'language', subtag: 'ms', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'mt', prefix: [], scope: null }, - { type: 'language', subtag: 'my', prefix: [], scope: null }, - { type: 'language', subtag: 'na', prefix: [], scope: null }, - { type: 'language', subtag: 'nb', prefix: [], scope: null }, - { type: 'language', subtag: 'nd', prefix: [], scope: null }, - { type: 'language', subtag: 'ne', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'ng', prefix: [], scope: null }, - { type: 'language', subtag: 'nl', prefix: [], scope: null }, - { type: 'language', subtag: 'nn', prefix: [], scope: null }, - { type: 'language', subtag: 'no', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'nr', prefix: [], scope: null }, - { type: 'language', subtag: 'nv', prefix: [], scope: null }, - { type: 'language', subtag: 'ny', prefix: [], scope: null }, - { type: 'language', subtag: 'oc', prefix: [], scope: null }, - { type: 'language', subtag: 'oj', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'om', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'or', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'os', prefix: [], scope: null }, - { type: 'language', subtag: 'pa', prefix: [], scope: null }, - { type: 'language', subtag: 'pi', prefix: [], scope: null }, - { type: 'language', subtag: 'pl', prefix: [], scope: null }, - { type: 'language', subtag: 'ps', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'pt', prefix: [], scope: null }, - { type: 'language', subtag: 'qu', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'rm', prefix: [], scope: null }, - { type: 'language', subtag: 'rn', prefix: [], scope: null }, - { type: 'language', subtag: 'ro', prefix: [], scope: null }, - { type: 'language', subtag: 'ru', prefix: [], scope: null }, - { type: 'language', subtag: 'rw', prefix: [], scope: null }, - { type: 'language', subtag: 'sa', prefix: [], scope: null }, - { type: 'language', subtag: 'sc', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'sd', prefix: [], scope: null }, - { type: 'language', subtag: 'se', prefix: [], scope: null }, - { type: 'language', subtag: 'sg', prefix: [], scope: null }, - { type: 'language', subtag: 'sh', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'si', prefix: [], scope: null }, - { type: 'language', subtag: 'sk', prefix: [], scope: null }, - { type: 'language', subtag: 'sl', prefix: [], scope: null }, - { type: 'language', subtag: 'sm', prefix: [], scope: null }, - { type: 'language', subtag: 'sn', prefix: [], scope: null }, - { type: 'language', subtag: 'so', prefix: [], scope: null }, - { type: 'language', subtag: 'sq', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'sr', prefix: [], scope: null }, - { type: 'language', subtag: 'ss', prefix: [], scope: null }, - { type: 'language', subtag: 'st', prefix: [], scope: null }, - { type: 'language', subtag: 'su', prefix: [], scope: null }, - { type: 'language', subtag: 'sv', prefix: [], scope: null }, - { type: 'language', subtag: 'sw', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'ta', prefix: [], scope: null }, - { type: 'language', subtag: 'te', prefix: [], scope: null }, - { type: 'language', subtag: 'tg', prefix: [], scope: null }, - { type: 'language', subtag: 'th', prefix: [], scope: null }, - { type: 'language', subtag: 'ti', prefix: [], scope: null }, - { type: 'language', subtag: 'tk', prefix: [], scope: null }, - { type: 'language', subtag: 'tl', prefix: [], scope: null }, - { type: 'language', subtag: 'tn', prefix: [], scope: null }, - { type: 'language', subtag: 'to', prefix: [], scope: null }, - { type: 'language', subtag: 'tr', prefix: [], scope: null }, - { type: 'language', subtag: 'ts', prefix: [], scope: null }, - { type: 'language', subtag: 'tt', prefix: [], scope: null }, - { type: 'language', subtag: 'tw', prefix: [], scope: null }, - { type: 'language', subtag: 'ty', prefix: [], scope: null }, - { type: 'language', subtag: 'ug', prefix: [], scope: null }, - { type: 'language', subtag: 'uk', prefix: [], scope: null }, - { type: 'language', subtag: 'ur', prefix: [], scope: null }, - { type: 'language', subtag: 'uz', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 've', prefix: [], scope: null }, - { type: 'language', subtag: 'vi', prefix: [], scope: null }, - { type: 'language', subtag: 'vo', prefix: [], scope: null }, - { type: 'language', subtag: 'wa', prefix: [], scope: null }, - { type: 'language', subtag: 'wo', prefix: [], scope: null }, - { type: 'language', subtag: 'xh', prefix: [], scope: null }, - { type: 'language', subtag: 'yi', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'yo', prefix: [], scope: null }, - { type: 'language', subtag: 'za', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'zh', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'zu', prefix: [], scope: null }, - { type: 'language', subtag: 'aaa', prefix: [], scope: null }, - { type: 'language', subtag: 'aab', prefix: [], scope: null }, - { type: 'language', subtag: 'aac', prefix: [], scope: null }, - { type: 'language', subtag: 'aad', prefix: [], scope: null }, - { type: 'language', subtag: 'aae', prefix: [], scope: null }, - { type: 'language', subtag: 'aaf', prefix: [], scope: null }, - { type: 'language', subtag: 'aag', prefix: [], scope: null }, - { type: 'language', subtag: 'aah', prefix: [], scope: null }, - { type: 'language', subtag: 'aai', prefix: [], scope: null }, - { type: 'language', subtag: 'aak', prefix: [], scope: null }, - { type: 'language', subtag: 'aal', prefix: [], scope: null }, - { type: 'language', subtag: 'aam', prefix: [], scope: null }, - { type: 'language', subtag: 'aan', prefix: [], scope: null }, - { type: 'language', subtag: 'aao', prefix: [], scope: null }, - { type: 'language', subtag: 'aap', prefix: [], scope: null }, - { type: 'language', subtag: 'aaq', prefix: [], scope: null }, - { type: 'language', subtag: 'aas', prefix: [], scope: null }, - { type: 'language', subtag: 'aat', prefix: [], scope: null }, - { type: 'language', subtag: 'aau', prefix: [], scope: null }, - { type: 'language', subtag: 'aav', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'aaw', prefix: [], scope: null }, - { type: 'language', subtag: 'aax', prefix: [], scope: null }, - { type: 'language', subtag: 'aaz', prefix: [], scope: null }, - { type: 'language', subtag: 'aba', prefix: [], scope: null }, - { type: 'language', subtag: 'abb', prefix: [], scope: null }, - { type: 'language', subtag: 'abc', prefix: [], scope: null }, - { type: 'language', subtag: 'abd', prefix: [], scope: null }, - { type: 'language', subtag: 'abe', prefix: [], scope: null }, - { type: 'language', subtag: 'abf', prefix: [], scope: null }, - { type: 'language', subtag: 'abg', prefix: [], scope: null }, - { type: 'language', subtag: 'abh', prefix: [], scope: null }, - { type: 'language', subtag: 'abi', prefix: [], scope: null }, - { type: 'language', subtag: 'abj', prefix: [], scope: null }, - { type: 'language', subtag: 'abl', prefix: [], scope: null }, - { type: 'language', subtag: 'abm', prefix: [], scope: null }, - { type: 'language', subtag: 'abn', prefix: [], scope: null }, - { type: 'language', subtag: 'abo', prefix: [], scope: null }, - { type: 'language', subtag: 'abp', prefix: [], scope: null }, - { type: 'language', subtag: 'abq', prefix: [], scope: null }, - { type: 'language', subtag: 'abr', prefix: [], scope: null }, - { type: 'language', subtag: 'abs', prefix: [], scope: null }, - { type: 'language', subtag: 'abt', prefix: [], scope: null }, - { type: 'language', subtag: 'abu', prefix: [], scope: null }, - { type: 'language', subtag: 'abv', prefix: [], scope: null }, - { type: 'language', subtag: 'abw', prefix: [], scope: null }, - { type: 'language', subtag: 'abx', prefix: [], scope: null }, - { type: 'language', subtag: 'aby', prefix: [], scope: null }, - { type: 'language', subtag: 'abz', prefix: [], scope: null }, - { type: 'language', subtag: 'aca', prefix: [], scope: null }, - { type: 'language', subtag: 'acb', prefix: [], scope: null }, - { type: 'language', subtag: 'acd', prefix: [], scope: null }, - { type: 'language', subtag: 'ace', prefix: [], scope: null }, - { type: 'language', subtag: 'acf', prefix: [], scope: null }, - { type: 'language', subtag: 'ach', prefix: [], scope: null }, - { type: 'language', subtag: 'aci', prefix: [], scope: null }, - { type: 'language', subtag: 'ack', prefix: [], scope: null }, - { type: 'language', subtag: 'acl', prefix: [], scope: null }, - { type: 'language', subtag: 'acm', prefix: [], scope: null }, - { type: 'language', subtag: 'acn', prefix: [], scope: null }, - { type: 'language', subtag: 'acp', prefix: [], scope: null }, - { type: 'language', subtag: 'acq', prefix: [], scope: null }, - { type: 'language', subtag: 'acr', prefix: [], scope: null }, - { type: 'language', subtag: 'acs', prefix: [], scope: null }, - { type: 'language', subtag: 'act', prefix: [], scope: null }, - { type: 'language', subtag: 'acu', prefix: [], scope: null }, - { type: 'language', subtag: 'acv', prefix: [], scope: null }, - { type: 'language', subtag: 'acw', prefix: [], scope: null }, - { type: 'language', subtag: 'acx', prefix: [], scope: null }, - { type: 'language', subtag: 'acy', prefix: [], scope: null }, - { type: 'language', subtag: 'acz', prefix: [], scope: null }, - { type: 'language', subtag: 'ada', prefix: [], scope: null }, - { type: 'language', subtag: 'adb', prefix: [], scope: null }, - { type: 'language', subtag: 'add', prefix: [], scope: null }, - { type: 'language', subtag: 'ade', prefix: [], scope: null }, - { type: 'language', subtag: 'adf', prefix: [], scope: null }, - { type: 'language', subtag: 'adg', prefix: [], scope: null }, - { type: 'language', subtag: 'adh', prefix: [], scope: null }, - { type: 'language', subtag: 'adi', prefix: [], scope: null }, - { type: 'language', subtag: 'adj', prefix: [], scope: null }, - { type: 'language', subtag: 'adl', prefix: [], scope: null }, - { type: 'language', subtag: 'adn', prefix: [], scope: null }, - { type: 'language', subtag: 'ado', prefix: [], scope: null }, - { type: 'language', subtag: 'adp', prefix: [], scope: null }, - { type: 'language', subtag: 'adq', prefix: [], scope: null }, - { type: 'language', subtag: 'adr', prefix: [], scope: null }, - { type: 'language', subtag: 'ads', prefix: [], scope: null }, - { type: 'language', subtag: 'adt', prefix: [], scope: null }, - { type: 'language', subtag: 'adu', prefix: [], scope: null }, - { type: 'language', subtag: 'adw', prefix: [], scope: null }, - { type: 'language', subtag: 'adx', prefix: [], scope: null }, - { type: 'language', subtag: 'ady', prefix: [], scope: null }, - { type: 'language', subtag: 'adz', prefix: [], scope: null }, - { type: 'language', subtag: 'aea', prefix: [], scope: null }, - { type: 'language', subtag: 'aeb', prefix: [], scope: null }, - { type: 'language', subtag: 'aec', prefix: [], scope: null }, - { type: 'language', subtag: 'aed', prefix: [], scope: null }, - { type: 'language', subtag: 'aee', prefix: [], scope: null }, - { type: 'language', subtag: 'aek', prefix: [], scope: null }, - { type: 'language', subtag: 'ael', prefix: [], scope: null }, - { type: 'language', subtag: 'aem', prefix: [], scope: null }, - { type: 'language', subtag: 'aen', prefix: [], scope: null }, - { type: 'language', subtag: 'aeq', prefix: [], scope: null }, - { type: 'language', subtag: 'aer', prefix: [], scope: null }, - { type: 'language', subtag: 'aes', prefix: [], scope: null }, - { type: 'language', subtag: 'aeu', prefix: [], scope: null }, - { type: 'language', subtag: 'aew', prefix: [], scope: null }, - { type: 'language', subtag: 'aey', prefix: [], scope: null }, - { type: 'language', subtag: 'aez', prefix: [], scope: null }, - { type: 'language', subtag: 'afa', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'afb', prefix: [], scope: null }, - { type: 'language', subtag: 'afd', prefix: [], scope: null }, - { type: 'language', subtag: 'afe', prefix: [], scope: null }, - { type: 'language', subtag: 'afg', prefix: [], scope: null }, - { type: 'language', subtag: 'afh', prefix: [], scope: null }, - { type: 'language', subtag: 'afi', prefix: [], scope: null }, - { type: 'language', subtag: 'afk', prefix: [], scope: null }, - { type: 'language', subtag: 'afn', prefix: [], scope: null }, - { type: 'language', subtag: 'afo', prefix: [], scope: null }, - { type: 'language', subtag: 'afp', prefix: [], scope: null }, - { type: 'language', subtag: 'afs', prefix: [], scope: null }, - { type: 'language', subtag: 'aft', prefix: [], scope: null }, - { type: 'language', subtag: 'afu', prefix: [], scope: null }, - { type: 'language', subtag: 'afz', prefix: [], scope: null }, - { type: 'language', subtag: 'aga', prefix: [], scope: null }, - { type: 'language', subtag: 'agb', prefix: [], scope: null }, - { type: 'language', subtag: 'agc', prefix: [], scope: null }, - { type: 'language', subtag: 'agd', prefix: [], scope: null }, - { type: 'language', subtag: 'age', prefix: [], scope: null }, - { type: 'language', subtag: 'agf', prefix: [], scope: null }, - { type: 'language', subtag: 'agg', prefix: [], scope: null }, - { type: 'language', subtag: 'agh', prefix: [], scope: null }, - { type: 'language', subtag: 'agi', prefix: [], scope: null }, - { type: 'language', subtag: 'agj', prefix: [], scope: null }, - { type: 'language', subtag: 'agk', prefix: [], scope: null }, - { type: 'language', subtag: 'agl', prefix: [], scope: null }, - { type: 'language', subtag: 'agm', prefix: [], scope: null }, - { type: 'language', subtag: 'agn', prefix: [], scope: null }, - { type: 'language', subtag: 'ago', prefix: [], scope: null }, - { type: 'language', subtag: 'agp', prefix: [], scope: null }, - { type: 'language', subtag: 'agq', prefix: [], scope: null }, - { type: 'language', subtag: 'agr', prefix: [], scope: null }, - { type: 'language', subtag: 'ags', prefix: [], scope: null }, - { type: 'language', subtag: 'agt', prefix: [], scope: null }, - { type: 'language', subtag: 'agu', prefix: [], scope: null }, - { type: 'language', subtag: 'agv', prefix: [], scope: null }, - { type: 'language', subtag: 'agw', prefix: [], scope: null }, - { type: 'language', subtag: 'agx', prefix: [], scope: null }, - { type: 'language', subtag: 'agy', prefix: [], scope: null }, - { type: 'language', subtag: 'agz', prefix: [], scope: null }, - { type: 'language', subtag: 'aha', prefix: [], scope: null }, - { type: 'language', subtag: 'ahb', prefix: [], scope: null }, - { type: 'language', subtag: 'ahg', prefix: [], scope: null }, - { type: 'language', subtag: 'ahh', prefix: [], scope: null }, - { type: 'language', subtag: 'ahi', prefix: [], scope: null }, - { type: 'language', subtag: 'ahk', prefix: [], scope: null }, - { type: 'language', subtag: 'ahl', prefix: [], scope: null }, - { type: 'language', subtag: 'ahm', prefix: [], scope: null }, - { type: 'language', subtag: 'ahn', prefix: [], scope: null }, - { type: 'language', subtag: 'aho', prefix: [], scope: null }, - { type: 'language', subtag: 'ahp', prefix: [], scope: null }, - { type: 'language', subtag: 'ahr', prefix: [], scope: null }, - { type: 'language', subtag: 'ahs', prefix: [], scope: null }, - { type: 'language', subtag: 'aht', prefix: [], scope: null }, - { type: 'language', subtag: 'aia', prefix: [], scope: null }, - { type: 'language', subtag: 'aib', prefix: [], scope: null }, - { type: 'language', subtag: 'aic', prefix: [], scope: null }, - { type: 'language', subtag: 'aid', prefix: [], scope: null }, - { type: 'language', subtag: 'aie', prefix: [], scope: null }, - { type: 'language', subtag: 'aif', prefix: [], scope: null }, - { type: 'language', subtag: 'aig', prefix: [], scope: null }, - { type: 'language', subtag: 'aih', prefix: [], scope: null }, - { type: 'language', subtag: 'aii', prefix: [], scope: null }, - { type: 'language', subtag: 'aij', prefix: [], scope: null }, - { type: 'language', subtag: 'aik', prefix: [], scope: null }, - { type: 'language', subtag: 'ail', prefix: [], scope: null }, - { type: 'language', subtag: 'aim', prefix: [], scope: null }, - { type: 'language', subtag: 'ain', prefix: [], scope: null }, - { type: 'language', subtag: 'aio', prefix: [], scope: null }, - { type: 'language', subtag: 'aip', prefix: [], scope: null }, - { type: 'language', subtag: 'aiq', prefix: [], scope: null }, - { type: 'language', subtag: 'air', prefix: [], scope: null }, - { type: 'language', subtag: 'ais', prefix: [], scope: null }, - { type: 'language', subtag: 'ait', prefix: [], scope: null }, - { type: 'language', subtag: 'aiw', prefix: [], scope: null }, - { type: 'language', subtag: 'aix', prefix: [], scope: null }, - { type: 'language', subtag: 'aiy', prefix: [], scope: null }, - { type: 'language', subtag: 'aja', prefix: [], scope: null }, - { type: 'language', subtag: 'ajg', prefix: [], scope: null }, - { type: 'language', subtag: 'aji', prefix: [], scope: null }, - { type: 'language', subtag: 'ajn', prefix: [], scope: null }, - { type: 'language', subtag: 'ajp', prefix: [], scope: null }, - { type: 'language', subtag: 'ajs', prefix: [], scope: null }, - { type: 'language', subtag: 'ajt', prefix: [], scope: null }, - { type: 'language', subtag: 'aju', prefix: [], scope: null }, - { type: 'language', subtag: 'ajw', prefix: [], scope: null }, - { type: 'language', subtag: 'ajz', prefix: [], scope: null }, - { type: 'language', subtag: 'akb', prefix: [], scope: null }, - { type: 'language', subtag: 'akc', prefix: [], scope: null }, - { type: 'language', subtag: 'akd', prefix: [], scope: null }, - { type: 'language', subtag: 'ake', prefix: [], scope: null }, - { type: 'language', subtag: 'akf', prefix: [], scope: null }, - { type: 'language', subtag: 'akg', prefix: [], scope: null }, - { type: 'language', subtag: 'akh', prefix: [], scope: null }, - { type: 'language', subtag: 'aki', prefix: [], scope: null }, - { type: 'language', subtag: 'akj', prefix: [], scope: null }, - { type: 'language', subtag: 'akk', prefix: [], scope: null }, - { type: 'language', subtag: 'akl', prefix: [], scope: null }, - { type: 'language', subtag: 'akm', prefix: [], scope: null }, - { type: 'language', subtag: 'ako', prefix: [], scope: null }, - { type: 'language', subtag: 'akp', prefix: [], scope: null }, - { type: 'language', subtag: 'akq', prefix: [], scope: null }, - { type: 'language', subtag: 'akr', prefix: [], scope: null }, - { type: 'language', subtag: 'aks', prefix: [], scope: null }, - { type: 'language', subtag: 'akt', prefix: [], scope: null }, - { type: 'language', subtag: 'aku', prefix: [], scope: null }, - { type: 'language', subtag: 'akv', prefix: [], scope: null }, - { type: 'language', subtag: 'akw', prefix: [], scope: null }, - { type: 'language', subtag: 'akx', prefix: [], scope: null }, - { type: 'language', subtag: 'aky', prefix: [], scope: null }, - { type: 'language', subtag: 'akz', prefix: [], scope: null }, - { type: 'language', subtag: 'ala', prefix: [], scope: null }, - { type: 'language', subtag: 'alc', prefix: [], scope: null }, - { type: 'language', subtag: 'ald', prefix: [], scope: null }, - { type: 'language', subtag: 'ale', prefix: [], scope: null }, - { type: 'language', subtag: 'alf', prefix: [], scope: null }, - { type: 'language', subtag: 'alg', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'alh', prefix: [], scope: null }, - { type: 'language', subtag: 'ali', prefix: [], scope: null }, - { type: 'language', subtag: 'alj', prefix: [], scope: null }, - { type: 'language', subtag: 'alk', prefix: [], scope: null }, - { type: 'language', subtag: 'all', prefix: [], scope: null }, - { type: 'language', subtag: 'alm', prefix: [], scope: null }, - { type: 'language', subtag: 'aln', prefix: [], scope: null }, - { type: 'language', subtag: 'alo', prefix: [], scope: null }, - { type: 'language', subtag: 'alp', prefix: [], scope: null }, - { type: 'language', subtag: 'alq', prefix: [], scope: null }, - { type: 'language', subtag: 'alr', prefix: [], scope: null }, - { type: 'language', subtag: 'als', prefix: [], scope: null }, - { type: 'language', subtag: 'alt', prefix: [], scope: null }, - { type: 'language', subtag: 'alu', prefix: [], scope: null }, - { type: 'language', subtag: 'alv', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'alw', prefix: [], scope: null }, - { type: 'language', subtag: 'alx', prefix: [], scope: null }, - { type: 'language', subtag: 'aly', prefix: [], scope: null }, - { type: 'language', subtag: 'alz', prefix: [], scope: null }, - { type: 'language', subtag: 'ama', prefix: [], scope: null }, - { type: 'language', subtag: 'amb', prefix: [], scope: null }, - { type: 'language', subtag: 'amc', prefix: [], scope: null }, - { type: 'language', subtag: 'ame', prefix: [], scope: null }, - { type: 'language', subtag: 'amf', prefix: [], scope: null }, - { type: 'language', subtag: 'amg', prefix: [], scope: null }, - { type: 'language', subtag: 'ami', prefix: [], scope: null }, - { type: 'language', subtag: 'amj', prefix: [], scope: null }, - { type: 'language', subtag: 'amk', prefix: [], scope: null }, - { type: 'language', subtag: 'aml', prefix: [], scope: null }, - { type: 'language', subtag: 'amm', prefix: [], scope: null }, - { type: 'language', subtag: 'amn', prefix: [], scope: null }, - { type: 'language', subtag: 'amo', prefix: [], scope: null }, - { type: 'language', subtag: 'amp', prefix: [], scope: null }, - { type: 'language', subtag: 'amq', prefix: [], scope: null }, - { type: 'language', subtag: 'amr', prefix: [], scope: null }, - { type: 'language', subtag: 'ams', prefix: [], scope: null }, - { type: 'language', subtag: 'amt', prefix: [], scope: null }, - { type: 'language', subtag: 'amu', prefix: [], scope: null }, - { type: 'language', subtag: 'amv', prefix: [], scope: null }, - { type: 'language', subtag: 'amw', prefix: [], scope: null }, - { type: 'language', subtag: 'amx', prefix: [], scope: null }, - { type: 'language', subtag: 'amy', prefix: [], scope: null }, - { type: 'language', subtag: 'amz', prefix: [], scope: null }, - { type: 'language', subtag: 'ana', prefix: [], scope: null }, - { type: 'language', subtag: 'anb', prefix: [], scope: null }, - { type: 'language', subtag: 'anc', prefix: [], scope: null }, - { type: 'language', subtag: 'and', prefix: [], scope: null }, - { type: 'language', subtag: 'ane', prefix: [], scope: null }, - { type: 'language', subtag: 'anf', prefix: [], scope: null }, - { type: 'language', subtag: 'ang', prefix: [], scope: null }, - { type: 'language', subtag: 'anh', prefix: [], scope: null }, - { type: 'language', subtag: 'ani', prefix: [], scope: null }, - { type: 'language', subtag: 'anj', prefix: [], scope: null }, - { type: 'language', subtag: 'ank', prefix: [], scope: null }, - { type: 'language', subtag: 'anl', prefix: [], scope: null }, - { type: 'language', subtag: 'anm', prefix: [], scope: null }, - { type: 'language', subtag: 'ann', prefix: [], scope: null }, - { type: 'language', subtag: 'ano', prefix: [], scope: null }, - { type: 'language', subtag: 'anp', prefix: [], scope: null }, - { type: 'language', subtag: 'anq', prefix: [], scope: null }, - { type: 'language', subtag: 'anr', prefix: [], scope: null }, - { type: 'language', subtag: 'ans', prefix: [], scope: null }, - { type: 'language', subtag: 'ant', prefix: [], scope: null }, - { type: 'language', subtag: 'anu', prefix: [], scope: null }, - { type: 'language', subtag: 'anv', prefix: [], scope: null }, - { type: 'language', subtag: 'anw', prefix: [], scope: null }, - { type: 'language', subtag: 'anx', prefix: [], scope: null }, - { type: 'language', subtag: 'any', prefix: [], scope: null }, - { type: 'language', subtag: 'anz', prefix: [], scope: null }, - { type: 'language', subtag: 'aoa', prefix: [], scope: null }, - { type: 'language', subtag: 'aob', prefix: [], scope: null }, - { type: 'language', subtag: 'aoc', prefix: [], scope: null }, - { type: 'language', subtag: 'aod', prefix: [], scope: null }, - { type: 'language', subtag: 'aoe', prefix: [], scope: null }, - { type: 'language', subtag: 'aof', prefix: [], scope: null }, - { type: 'language', subtag: 'aog', prefix: [], scope: null }, - { type: 'language', subtag: 'aoh', prefix: [], scope: null }, - { type: 'language', subtag: 'aoi', prefix: [], scope: null }, - { type: 'language', subtag: 'aoj', prefix: [], scope: null }, - { type: 'language', subtag: 'aok', prefix: [], scope: null }, - { type: 'language', subtag: 'aol', prefix: [], scope: null }, - { type: 'language', subtag: 'aom', prefix: [], scope: null }, - { type: 'language', subtag: 'aon', prefix: [], scope: null }, - { type: 'language', subtag: 'aor', prefix: [], scope: null }, - { type: 'language', subtag: 'aos', prefix: [], scope: null }, - { type: 'language', subtag: 'aot', prefix: [], scope: null }, - { type: 'language', subtag: 'aou', prefix: [], scope: null }, - { type: 'language', subtag: 'aox', prefix: [], scope: null }, - { type: 'language', subtag: 'aoz', prefix: [], scope: null }, - { type: 'language', subtag: 'apa', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'apb', prefix: [], scope: null }, - { type: 'language', subtag: 'apc', prefix: [], scope: null }, - { type: 'language', subtag: 'apd', prefix: [], scope: null }, - { type: 'language', subtag: 'ape', prefix: [], scope: null }, - { type: 'language', subtag: 'apf', prefix: [], scope: null }, - { type: 'language', subtag: 'apg', prefix: [], scope: null }, - { type: 'language', subtag: 'aph', prefix: [], scope: null }, - { type: 'language', subtag: 'api', prefix: [], scope: null }, - { type: 'language', subtag: 'apj', prefix: [], scope: null }, - { type: 'language', subtag: 'apk', prefix: [], scope: null }, - { type: 'language', subtag: 'apl', prefix: [], scope: null }, - { type: 'language', subtag: 'apm', prefix: [], scope: null }, - { type: 'language', subtag: 'apn', prefix: [], scope: null }, - { type: 'language', subtag: 'apo', prefix: [], scope: null }, - { type: 'language', subtag: 'app', prefix: [], scope: null }, - { type: 'language', subtag: 'apq', prefix: [], scope: null }, - { type: 'language', subtag: 'apr', prefix: [], scope: null }, - { type: 'language', subtag: 'aps', prefix: [], scope: null }, - { type: 'language', subtag: 'apt', prefix: [], scope: null }, - { type: 'language', subtag: 'apu', prefix: [], scope: null }, - { type: 'language', subtag: 'apv', prefix: [], scope: null }, - { type: 'language', subtag: 'apw', prefix: [], scope: null }, - { type: 'language', subtag: 'apx', prefix: [], scope: null }, - { type: 'language', subtag: 'apy', prefix: [], scope: null }, - { type: 'language', subtag: 'apz', prefix: [], scope: null }, - { type: 'language', subtag: 'aqa', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'aqc', prefix: [], scope: null }, - { type: 'language', subtag: 'aqd', prefix: [], scope: null }, - { type: 'language', subtag: 'aqg', prefix: [], scope: null }, - { type: 'language', subtag: 'aqk', prefix: [], scope: null }, - { type: 'language', subtag: 'aql', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'aqm', prefix: [], scope: null }, - { type: 'language', subtag: 'aqn', prefix: [], scope: null }, - { type: 'language', subtag: 'aqp', prefix: [], scope: null }, - { type: 'language', subtag: 'aqr', prefix: [], scope: null }, - { type: 'language', subtag: 'aqt', prefix: [], scope: null }, - { type: 'language', subtag: 'aqz', prefix: [], scope: null }, - { type: 'language', subtag: 'arb', prefix: [], scope: null }, - { type: 'language', subtag: 'arc', prefix: [], scope: null }, - { type: 'language', subtag: 'ard', prefix: [], scope: null }, - { type: 'language', subtag: 'are', prefix: [], scope: null }, - { type: 'language', subtag: 'arh', prefix: [], scope: null }, - { type: 'language', subtag: 'ari', prefix: [], scope: null }, - { type: 'language', subtag: 'arj', prefix: [], scope: null }, - { type: 'language', subtag: 'ark', prefix: [], scope: null }, - { type: 'language', subtag: 'arl', prefix: [], scope: null }, - { type: 'language', subtag: 'arn', prefix: [], scope: null }, - { type: 'language', subtag: 'aro', prefix: [], scope: null }, - { type: 'language', subtag: 'arp', prefix: [], scope: null }, - { type: 'language', subtag: 'arq', prefix: [], scope: null }, - { type: 'language', subtag: 'arr', prefix: [], scope: null }, - { type: 'language', subtag: 'ars', prefix: [], scope: null }, - { type: 'language', subtag: 'art', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'aru', prefix: [], scope: null }, - { type: 'language', subtag: 'arv', prefix: [], scope: null }, - { type: 'language', subtag: 'arw', prefix: [], scope: null }, - { type: 'language', subtag: 'arx', prefix: [], scope: null }, - { type: 'language', subtag: 'ary', prefix: [], scope: null }, - { type: 'language', subtag: 'arz', prefix: [], scope: null }, - { type: 'language', subtag: 'asa', prefix: [], scope: null }, - { type: 'language', subtag: 'asb', prefix: [], scope: null }, - { type: 'language', subtag: 'asc', prefix: [], scope: null }, - { type: 'language', subtag: 'asd', prefix: [], scope: null }, - { type: 'language', subtag: 'ase', prefix: [], scope: null }, - { type: 'language', subtag: 'asf', prefix: [], scope: null }, - { type: 'language', subtag: 'asg', prefix: [], scope: null }, - { type: 'language', subtag: 'ash', prefix: [], scope: null }, - { type: 'language', subtag: 'asi', prefix: [], scope: null }, - { type: 'language', subtag: 'asj', prefix: [], scope: null }, - { type: 'language', subtag: 'ask', prefix: [], scope: null }, - { type: 'language', subtag: 'asl', prefix: [], scope: null }, - { type: 'language', subtag: 'asn', prefix: [], scope: null }, - { type: 'language', subtag: 'aso', prefix: [], scope: null }, - { type: 'language', subtag: 'asp', prefix: [], scope: null }, - { type: 'language', subtag: 'asq', prefix: [], scope: null }, - { type: 'language', subtag: 'asr', prefix: [], scope: null }, - { type: 'language', subtag: 'ass', prefix: [], scope: null }, - { type: 'language', subtag: 'ast', prefix: [], scope: null }, - { type: 'language', subtag: 'asu', prefix: [], scope: null }, - { type: 'language', subtag: 'asv', prefix: [], scope: null }, - { type: 'language', subtag: 'asw', prefix: [], scope: null }, - { type: 'language', subtag: 'asx', prefix: [], scope: null }, - { type: 'language', subtag: 'asy', prefix: [], scope: null }, - { type: 'language', subtag: 'asz', prefix: [], scope: null }, - { type: 'language', subtag: 'ata', prefix: [], scope: null }, - { type: 'language', subtag: 'atb', prefix: [], scope: null }, - { type: 'language', subtag: 'atc', prefix: [], scope: null }, - { type: 'language', subtag: 'atd', prefix: [], scope: null }, - { type: 'language', subtag: 'ate', prefix: [], scope: null }, - { type: 'language', subtag: 'atg', prefix: [], scope: null }, - { type: 'language', subtag: 'ath', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'ati', prefix: [], scope: null }, - { type: 'language', subtag: 'atj', prefix: [], scope: null }, - { type: 'language', subtag: 'atk', prefix: [], scope: null }, - { type: 'language', subtag: 'atl', prefix: [], scope: null }, - { type: 'language', subtag: 'atm', prefix: [], scope: null }, - { type: 'language', subtag: 'atn', prefix: [], scope: null }, - { type: 'language', subtag: 'ato', prefix: [], scope: null }, - { type: 'language', subtag: 'atp', prefix: [], scope: null }, - { type: 'language', subtag: 'atq', prefix: [], scope: null }, - { type: 'language', subtag: 'atr', prefix: [], scope: null }, - { type: 'language', subtag: 'ats', prefix: [], scope: null }, - { type: 'language', subtag: 'att', prefix: [], scope: null }, - { type: 'language', subtag: 'atu', prefix: [], scope: null }, - { type: 'language', subtag: 'atv', prefix: [], scope: null }, - { type: 'language', subtag: 'atw', prefix: [], scope: null }, - { type: 'language', subtag: 'atx', prefix: [], scope: null }, - { type: 'language', subtag: 'aty', prefix: [], scope: null }, - { type: 'language', subtag: 'atz', prefix: [], scope: null }, - { type: 'language', subtag: 'aua', prefix: [], scope: null }, - { type: 'language', subtag: 'aub', prefix: [], scope: null }, - { type: 'language', subtag: 'auc', prefix: [], scope: null }, - { type: 'language', subtag: 'aud', prefix: [], scope: null }, - { type: 'language', subtag: 'aue', prefix: [], scope: null }, - { type: 'language', subtag: 'auf', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'aug', prefix: [], scope: null }, - { type: 'language', subtag: 'auh', prefix: [], scope: null }, - { type: 'language', subtag: 'aui', prefix: [], scope: null }, - { type: 'language', subtag: 'auj', prefix: [], scope: null }, - { type: 'language', subtag: 'auk', prefix: [], scope: null }, - { type: 'language', subtag: 'aul', prefix: [], scope: null }, - { type: 'language', subtag: 'aum', prefix: [], scope: null }, - { type: 'language', subtag: 'aun', prefix: [], scope: null }, - { type: 'language', subtag: 'auo', prefix: [], scope: null }, - { type: 'language', subtag: 'aup', prefix: [], scope: null }, - { type: 'language', subtag: 'auq', prefix: [], scope: null }, - { type: 'language', subtag: 'aur', prefix: [], scope: null }, - { type: 'language', subtag: 'aus', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'aut', prefix: [], scope: null }, - { type: 'language', subtag: 'auu', prefix: [], scope: null }, - { type: 'language', subtag: 'auw', prefix: [], scope: null }, - { type: 'language', subtag: 'aux', prefix: [], scope: null }, - { type: 'language', subtag: 'auy', prefix: [], scope: null }, - { type: 'language', subtag: 'auz', prefix: [], scope: null }, - { type: 'language', subtag: 'avb', prefix: [], scope: null }, - { type: 'language', subtag: 'avd', prefix: [], scope: null }, - { type: 'language', subtag: 'avi', prefix: [], scope: null }, - { type: 'language', subtag: 'avk', prefix: [], scope: null }, - { type: 'language', subtag: 'avl', prefix: [], scope: null }, - { type: 'language', subtag: 'avm', prefix: [], scope: null }, - { type: 'language', subtag: 'avn', prefix: [], scope: null }, - { type: 'language', subtag: 'avo', prefix: [], scope: null }, - { type: 'language', subtag: 'avs', prefix: [], scope: null }, - { type: 'language', subtag: 'avt', prefix: [], scope: null }, - { type: 'language', subtag: 'avu', prefix: [], scope: null }, - { type: 'language', subtag: 'avv', prefix: [], scope: null }, - { type: 'language', subtag: 'awa', prefix: [], scope: null }, - { type: 'language', subtag: 'awb', prefix: [], scope: null }, - { type: 'language', subtag: 'awc', prefix: [], scope: null }, - { type: 'language', subtag: 'awd', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'awe', prefix: [], scope: null }, - { type: 'language', subtag: 'awg', prefix: [], scope: null }, - { type: 'language', subtag: 'awh', prefix: [], scope: null }, - { type: 'language', subtag: 'awi', prefix: [], scope: null }, - { type: 'language', subtag: 'awk', prefix: [], scope: null }, - { type: 'language', subtag: 'awm', prefix: [], scope: null }, - { type: 'language', subtag: 'awn', prefix: [], scope: null }, - { type: 'language', subtag: 'awo', prefix: [], scope: null }, - { type: 'language', subtag: 'awr', prefix: [], scope: null }, - { type: 'language', subtag: 'aws', prefix: [], scope: null }, - { type: 'language', subtag: 'awt', prefix: [], scope: null }, - { type: 'language', subtag: 'awu', prefix: [], scope: null }, - { type: 'language', subtag: 'awv', prefix: [], scope: null }, - { type: 'language', subtag: 'aww', prefix: [], scope: null }, - { type: 'language', subtag: 'awx', prefix: [], scope: null }, - { type: 'language', subtag: 'awy', prefix: [], scope: null }, - { type: 'language', subtag: 'axb', prefix: [], scope: null }, - { type: 'language', subtag: 'axe', prefix: [], scope: null }, - { type: 'language', subtag: 'axg', prefix: [], scope: null }, - { type: 'language', subtag: 'axk', prefix: [], scope: null }, - { type: 'language', subtag: 'axl', prefix: [], scope: null }, - { type: 'language', subtag: 'axm', prefix: [], scope: null }, - { type: 'language', subtag: 'axx', prefix: [], scope: null }, - { type: 'language', subtag: 'aya', prefix: [], scope: null }, - { type: 'language', subtag: 'ayb', prefix: [], scope: null }, - { type: 'language', subtag: 'ayc', prefix: [], scope: null }, - { type: 'language', subtag: 'ayd', prefix: [], scope: null }, - { type: 'language', subtag: 'aye', prefix: [], scope: null }, - { type: 'language', subtag: 'ayg', prefix: [], scope: null }, - { type: 'language', subtag: 'ayh', prefix: [], scope: null }, - { type: 'language', subtag: 'ayi', prefix: [], scope: null }, - { type: 'language', subtag: 'ayk', prefix: [], scope: null }, - { type: 'language', subtag: 'ayl', prefix: [], scope: null }, - { type: 'language', subtag: 'ayn', prefix: [], scope: null }, - { type: 'language', subtag: 'ayo', prefix: [], scope: null }, - { type: 'language', subtag: 'ayp', prefix: [], scope: null }, - { type: 'language', subtag: 'ayq', prefix: [], scope: null }, - { type: 'language', subtag: 'ayr', prefix: [], scope: null }, - { type: 'language', subtag: 'ays', prefix: [], scope: null }, - { type: 'language', subtag: 'ayt', prefix: [], scope: null }, - { type: 'language', subtag: 'ayu', prefix: [], scope: null }, - { type: 'language', subtag: 'ayx', prefix: [], scope: null }, - { type: 'language', subtag: 'ayy', prefix: [], scope: null }, - { type: 'language', subtag: 'ayz', prefix: [], scope: null }, - { type: 'language', subtag: 'aza', prefix: [], scope: null }, - { type: 'language', subtag: 'azb', prefix: [], scope: null }, - { type: 'language', subtag: 'azc', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'azd', prefix: [], scope: null }, - { type: 'language', subtag: 'azg', prefix: [], scope: null }, - { type: 'language', subtag: 'azj', prefix: [], scope: null }, - { type: 'language', subtag: 'azm', prefix: [], scope: null }, - { type: 'language', subtag: 'azn', prefix: [], scope: null }, - { type: 'language', subtag: 'azo', prefix: [], scope: null }, - { type: 'language', subtag: 'azt', prefix: [], scope: null }, - { type: 'language', subtag: 'azz', prefix: [], scope: null }, - { type: 'language', subtag: 'baa', prefix: [], scope: null }, - { type: 'language', subtag: 'bab', prefix: [], scope: null }, - { type: 'language', subtag: 'bac', prefix: [], scope: null }, - { type: 'language', subtag: 'bad', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'bae', prefix: [], scope: null }, - { type: 'language', subtag: 'baf', prefix: [], scope: null }, - { type: 'language', subtag: 'bag', prefix: [], scope: null }, - { type: 'language', subtag: 'bah', prefix: [], scope: null }, - { type: 'language', subtag: 'bai', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'baj', prefix: [], scope: null }, - { type: 'language', subtag: 'bal', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'ban', prefix: [], scope: null }, - { type: 'language', subtag: 'bao', prefix: [], scope: null }, - { type: 'language', subtag: 'bap', prefix: [], scope: null }, - { type: 'language', subtag: 'bar', prefix: [], scope: null }, - { type: 'language', subtag: 'bas', prefix: [], scope: null }, - { type: 'language', subtag: 'bat', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'bau', prefix: [], scope: null }, - { type: 'language', subtag: 'bav', prefix: [], scope: null }, - { type: 'language', subtag: 'baw', prefix: [], scope: null }, - { type: 'language', subtag: 'bax', prefix: [], scope: null }, - { type: 'language', subtag: 'bay', prefix: [], scope: null }, - { type: 'language', subtag: 'baz', prefix: [], scope: null }, - { type: 'language', subtag: 'bba', prefix: [], scope: null }, - { type: 'language', subtag: 'bbb', prefix: [], scope: null }, - { type: 'language', subtag: 'bbc', prefix: [], scope: null }, - { type: 'language', subtag: 'bbd', prefix: [], scope: null }, - { type: 'language', subtag: 'bbe', prefix: [], scope: null }, - { type: 'language', subtag: 'bbf', prefix: [], scope: null }, - { type: 'language', subtag: 'bbg', prefix: [], scope: null }, - { type: 'language', subtag: 'bbh', prefix: [], scope: null }, - { type: 'language', subtag: 'bbi', prefix: [], scope: null }, - { type: 'language', subtag: 'bbj', prefix: [], scope: null }, - { type: 'language', subtag: 'bbk', prefix: [], scope: null }, - { type: 'language', subtag: 'bbl', prefix: [], scope: null }, - { type: 'language', subtag: 'bbm', prefix: [], scope: null }, - { type: 'language', subtag: 'bbn', prefix: [], scope: null }, - { type: 'language', subtag: 'bbo', prefix: [], scope: null }, - { type: 'language', subtag: 'bbp', prefix: [], scope: null }, - { type: 'language', subtag: 'bbq', prefix: [], scope: null }, - { type: 'language', subtag: 'bbr', prefix: [], scope: null }, - { type: 'language', subtag: 'bbs', prefix: [], scope: null }, - { type: 'language', subtag: 'bbt', prefix: [], scope: null }, - { type: 'language', subtag: 'bbu', prefix: [], scope: null }, - { type: 'language', subtag: 'bbv', prefix: [], scope: null }, - { type: 'language', subtag: 'bbw', prefix: [], scope: null }, - { type: 'language', subtag: 'bbx', prefix: [], scope: null }, - { type: 'language', subtag: 'bby', prefix: [], scope: null }, - { type: 'language', subtag: 'bbz', prefix: [], scope: null }, - { type: 'language', subtag: 'bca', prefix: [], scope: null }, - { type: 'language', subtag: 'bcb', prefix: [], scope: null }, - { type: 'language', subtag: 'bcc', prefix: [], scope: null }, - { type: 'language', subtag: 'bcd', prefix: [], scope: null }, - { type: 'language', subtag: 'bce', prefix: [], scope: null }, - { type: 'language', subtag: 'bcf', prefix: [], scope: null }, - { type: 'language', subtag: 'bcg', prefix: [], scope: null }, - { type: 'language', subtag: 'bch', prefix: [], scope: null }, - { type: 'language', subtag: 'bci', prefix: [], scope: null }, - { type: 'language', subtag: 'bcj', prefix: [], scope: null }, - { type: 'language', subtag: 'bck', prefix: [], scope: null }, - { type: 'language', subtag: 'bcl', prefix: [], scope: null }, - { type: 'language', subtag: 'bcm', prefix: [], scope: null }, - { type: 'language', subtag: 'bcn', prefix: [], scope: null }, - { type: 'language', subtag: 'bco', prefix: [], scope: null }, - { type: 'language', subtag: 'bcp', prefix: [], scope: null }, - { type: 'language', subtag: 'bcq', prefix: [], scope: null }, - { type: 'language', subtag: 'bcr', prefix: [], scope: null }, - { type: 'language', subtag: 'bcs', prefix: [], scope: null }, - { type: 'language', subtag: 'bct', prefix: [], scope: null }, - { type: 'language', subtag: 'bcu', prefix: [], scope: null }, - { type: 'language', subtag: 'bcv', prefix: [], scope: null }, - { type: 'language', subtag: 'bcw', prefix: [], scope: null }, - { type: 'language', subtag: 'bcy', prefix: [], scope: null }, - { type: 'language', subtag: 'bcz', prefix: [], scope: null }, - { type: 'language', subtag: 'bda', prefix: [], scope: null }, - { type: 'language', subtag: 'bdb', prefix: [], scope: null }, - { type: 'language', subtag: 'bdc', prefix: [], scope: null }, - { type: 'language', subtag: 'bdd', prefix: [], scope: null }, - { type: 'language', subtag: 'bde', prefix: [], scope: null }, - { type: 'language', subtag: 'bdf', prefix: [], scope: null }, - { type: 'language', subtag: 'bdg', prefix: [], scope: null }, - { type: 'language', subtag: 'bdh', prefix: [], scope: null }, - { type: 'language', subtag: 'bdi', prefix: [], scope: null }, - { type: 'language', subtag: 'bdj', prefix: [], scope: null }, - { type: 'language', subtag: 'bdk', prefix: [], scope: null }, - { type: 'language', subtag: 'bdl', prefix: [], scope: null }, - { type: 'language', subtag: 'bdm', prefix: [], scope: null }, - { type: 'language', subtag: 'bdn', prefix: [], scope: null }, - { type: 'language', subtag: 'bdo', prefix: [], scope: null }, - { type: 'language', subtag: 'bdp', prefix: [], scope: null }, - { type: 'language', subtag: 'bdq', prefix: [], scope: null }, - { type: 'language', subtag: 'bdr', prefix: [], scope: null }, - { type: 'language', subtag: 'bds', prefix: [], scope: null }, - { type: 'language', subtag: 'bdt', prefix: [], scope: null }, - { type: 'language', subtag: 'bdu', prefix: [], scope: null }, - { type: 'language', subtag: 'bdv', prefix: [], scope: null }, - { type: 'language', subtag: 'bdw', prefix: [], scope: null }, - { type: 'language', subtag: 'bdx', prefix: [], scope: null }, - { type: 'language', subtag: 'bdy', prefix: [], scope: null }, - { type: 'language', subtag: 'bdz', prefix: [], scope: null }, - { type: 'language', subtag: 'bea', prefix: [], scope: null }, - { type: 'language', subtag: 'beb', prefix: [], scope: null }, - { type: 'language', subtag: 'bec', prefix: [], scope: null }, - { type: 'language', subtag: 'bed', prefix: [], scope: null }, - { type: 'language', subtag: 'bee', prefix: [], scope: null }, - { type: 'language', subtag: 'bef', prefix: [], scope: null }, - { type: 'language', subtag: 'beg', prefix: [], scope: null }, - { type: 'language', subtag: 'beh', prefix: [], scope: null }, - { type: 'language', subtag: 'bei', prefix: [], scope: null }, - { type: 'language', subtag: 'bej', prefix: [], scope: null }, - { type: 'language', subtag: 'bek', prefix: [], scope: null }, - { type: 'language', subtag: 'bem', prefix: [], scope: null }, - { type: 'language', subtag: 'beo', prefix: [], scope: null }, - { type: 'language', subtag: 'bep', prefix: [], scope: null }, - { type: 'language', subtag: 'beq', prefix: [], scope: null }, - { type: 'language', subtag: 'ber', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'bes', prefix: [], scope: null }, - { type: 'language', subtag: 'bet', prefix: [], scope: null }, - { type: 'language', subtag: 'beu', prefix: [], scope: null }, - { type: 'language', subtag: 'bev', prefix: [], scope: null }, - { type: 'language', subtag: 'bew', prefix: [], scope: null }, - { type: 'language', subtag: 'bex', prefix: [], scope: null }, - { type: 'language', subtag: 'bey', prefix: [], scope: null }, - { type: 'language', subtag: 'bez', prefix: [], scope: null }, - { type: 'language', subtag: 'bfa', prefix: [], scope: null }, - { type: 'language', subtag: 'bfb', prefix: [], scope: null }, - { type: 'language', subtag: 'bfc', prefix: [], scope: null }, - { type: 'language', subtag: 'bfd', prefix: [], scope: null }, - { type: 'language', subtag: 'bfe', prefix: [], scope: null }, - { type: 'language', subtag: 'bff', prefix: [], scope: null }, - { type: 'language', subtag: 'bfg', prefix: [], scope: null }, - { type: 'language', subtag: 'bfh', prefix: [], scope: null }, - { type: 'language', subtag: 'bfi', prefix: [], scope: null }, - { type: 'language', subtag: 'bfj', prefix: [], scope: null }, - { type: 'language', subtag: 'bfk', prefix: [], scope: null }, - { type: 'language', subtag: 'bfl', prefix: [], scope: null }, - { type: 'language', subtag: 'bfm', prefix: [], scope: null }, - { type: 'language', subtag: 'bfn', prefix: [], scope: null }, - { type: 'language', subtag: 'bfo', prefix: [], scope: null }, - { type: 'language', subtag: 'bfp', prefix: [], scope: null }, - { type: 'language', subtag: 'bfq', prefix: [], scope: null }, - { type: 'language', subtag: 'bfr', prefix: [], scope: null }, - { type: 'language', subtag: 'bfs', prefix: [], scope: null }, - { type: 'language', subtag: 'bft', prefix: [], scope: null }, - { type: 'language', subtag: 'bfu', prefix: [], scope: null }, - { type: 'language', subtag: 'bfw', prefix: [], scope: null }, - { type: 'language', subtag: 'bfx', prefix: [], scope: null }, - { type: 'language', subtag: 'bfy', prefix: [], scope: null }, - { type: 'language', subtag: 'bfz', prefix: [], scope: null }, - { type: 'language', subtag: 'bga', prefix: [], scope: null }, - { type: 'language', subtag: 'bgb', prefix: [], scope: null }, - { type: 'language', subtag: 'bgc', prefix: [], scope: null }, - { type: 'language', subtag: 'bgd', prefix: [], scope: null }, - { type: 'language', subtag: 'bge', prefix: [], scope: null }, - { type: 'language', subtag: 'bgf', prefix: [], scope: null }, - { type: 'language', subtag: 'bgg', prefix: [], scope: null }, - { type: 'language', subtag: 'bgi', prefix: [], scope: null }, - { type: 'language', subtag: 'bgj', prefix: [], scope: null }, - { type: 'language', subtag: 'bgk', prefix: [], scope: null }, - { type: 'language', subtag: 'bgl', prefix: [], scope: null }, - { type: 'language', subtag: 'bgm', prefix: [], scope: null }, - { type: 'language', subtag: 'bgn', prefix: [], scope: null }, - { type: 'language', subtag: 'bgo', prefix: [], scope: null }, - { type: 'language', subtag: 'bgp', prefix: [], scope: null }, - { type: 'language', subtag: 'bgq', prefix: [], scope: null }, - { type: 'language', subtag: 'bgr', prefix: [], scope: null }, - { type: 'language', subtag: 'bgs', prefix: [], scope: null }, - { type: 'language', subtag: 'bgt', prefix: [], scope: null }, - { type: 'language', subtag: 'bgu', prefix: [], scope: null }, - { type: 'language', subtag: 'bgv', prefix: [], scope: null }, - { type: 'language', subtag: 'bgw', prefix: [], scope: null }, - { type: 'language', subtag: 'bgx', prefix: [], scope: null }, - { type: 'language', subtag: 'bgy', prefix: [], scope: null }, - { type: 'language', subtag: 'bgz', prefix: [], scope: null }, - { type: 'language', subtag: 'bha', prefix: [], scope: null }, - { type: 'language', subtag: 'bhb', prefix: [], scope: null }, - { type: 'language', subtag: 'bhc', prefix: [], scope: null }, - { type: 'language', subtag: 'bhd', prefix: [], scope: null }, - { type: 'language', subtag: 'bhe', prefix: [], scope: null }, - { type: 'language', subtag: 'bhf', prefix: [], scope: null }, - { type: 'language', subtag: 'bhg', prefix: [], scope: null }, - { type: 'language', subtag: 'bhh', prefix: [], scope: null }, - { type: 'language', subtag: 'bhi', prefix: [], scope: null }, - { type: 'language', subtag: 'bhj', prefix: [], scope: null }, - { type: 'language', subtag: 'bhk', prefix: [], scope: null }, - { type: 'language', subtag: 'bhl', prefix: [], scope: null }, - { type: 'language', subtag: 'bhm', prefix: [], scope: null }, - { type: 'language', subtag: 'bhn', prefix: [], scope: null }, - { type: 'language', subtag: 'bho', prefix: [], scope: null }, - { type: 'language', subtag: 'bhp', prefix: [], scope: null }, - { type: 'language', subtag: 'bhq', prefix: [], scope: null }, - { type: 'language', subtag: 'bhr', prefix: [], scope: null }, - { type: 'language', subtag: 'bhs', prefix: [], scope: null }, - { type: 'language', subtag: 'bht', prefix: [], scope: null }, - { type: 'language', subtag: 'bhu', prefix: [], scope: null }, - { type: 'language', subtag: 'bhv', prefix: [], scope: null }, - { type: 'language', subtag: 'bhw', prefix: [], scope: null }, - { type: 'language', subtag: 'bhx', prefix: [], scope: null }, - { type: 'language', subtag: 'bhy', prefix: [], scope: null }, - { type: 'language', subtag: 'bhz', prefix: [], scope: null }, - { type: 'language', subtag: 'bia', prefix: [], scope: null }, - { type: 'language', subtag: 'bib', prefix: [], scope: null }, - { type: 'language', subtag: 'bic', prefix: [], scope: null }, - { type: 'language', subtag: 'bid', prefix: [], scope: null }, - { type: 'language', subtag: 'bie', prefix: [], scope: null }, - { type: 'language', subtag: 'bif', prefix: [], scope: null }, - { type: 'language', subtag: 'big', prefix: [], scope: null }, - { type: 'language', subtag: 'bij', prefix: [], scope: null }, - { type: 'language', subtag: 'bik', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'bil', prefix: [], scope: null }, - { type: 'language', subtag: 'bim', prefix: [], scope: null }, - { type: 'language', subtag: 'bin', prefix: [], scope: null }, - { type: 'language', subtag: 'bio', prefix: [], scope: null }, - { type: 'language', subtag: 'bip', prefix: [], scope: null }, - { type: 'language', subtag: 'biq', prefix: [], scope: null }, - { type: 'language', subtag: 'bir', prefix: [], scope: null }, - { type: 'language', subtag: 'bit', prefix: [], scope: null }, - { type: 'language', subtag: 'biu', prefix: [], scope: null }, - { type: 'language', subtag: 'biv', prefix: [], scope: null }, - { type: 'language', subtag: 'biw', prefix: [], scope: null }, - { type: 'language', subtag: 'bix', prefix: [], scope: null }, - { type: 'language', subtag: 'biy', prefix: [], scope: null }, - { type: 'language', subtag: 'biz', prefix: [], scope: null }, - { type: 'language', subtag: 'bja', prefix: [], scope: null }, - { type: 'language', subtag: 'bjb', prefix: [], scope: null }, - { type: 'language', subtag: 'bjc', prefix: [], scope: null }, - { type: 'language', subtag: 'bjd', prefix: [], scope: null }, - { type: 'language', subtag: 'bje', prefix: [], scope: null }, - { type: 'language', subtag: 'bjf', prefix: [], scope: null }, - { type: 'language', subtag: 'bjg', prefix: [], scope: null }, - { type: 'language', subtag: 'bjh', prefix: [], scope: null }, - { type: 'language', subtag: 'bji', prefix: [], scope: null }, - { type: 'language', subtag: 'bjj', prefix: [], scope: null }, - { type: 'language', subtag: 'bjk', prefix: [], scope: null }, - { type: 'language', subtag: 'bjl', prefix: [], scope: null }, - { type: 'language', subtag: 'bjm', prefix: [], scope: null }, - { type: 'language', subtag: 'bjn', prefix: [], scope: null }, - { type: 'language', subtag: 'bjo', prefix: [], scope: null }, - { type: 'language', subtag: 'bjp', prefix: [], scope: null }, - { type: 'language', subtag: 'bjq', prefix: [], scope: null }, - { type: 'language', subtag: 'bjr', prefix: [], scope: null }, - { type: 'language', subtag: 'bjs', prefix: [], scope: null }, - { type: 'language', subtag: 'bjt', prefix: [], scope: null }, - { type: 'language', subtag: 'bju', prefix: [], scope: null }, - { type: 'language', subtag: 'bjv', prefix: [], scope: null }, - { type: 'language', subtag: 'bjw', prefix: [], scope: null }, - { type: 'language', subtag: 'bjx', prefix: [], scope: null }, - { type: 'language', subtag: 'bjy', prefix: [], scope: null }, - { type: 'language', subtag: 'bjz', prefix: [], scope: null }, - { type: 'language', subtag: 'bka', prefix: [], scope: null }, - { type: 'language', subtag: 'bkb', prefix: [], scope: null }, - { type: 'language', subtag: 'bkc', prefix: [], scope: null }, - { type: 'language', subtag: 'bkd', prefix: [], scope: null }, - { type: 'language', subtag: 'bkf', prefix: [], scope: null }, - { type: 'language', subtag: 'bkg', prefix: [], scope: null }, - { type: 'language', subtag: 'bkh', prefix: [], scope: null }, - { type: 'language', subtag: 'bki', prefix: [], scope: null }, - { type: 'language', subtag: 'bkj', prefix: [], scope: null }, - { type: 'language', subtag: 'bkk', prefix: [], scope: null }, - { type: 'language', subtag: 'bkl', prefix: [], scope: null }, - { type: 'language', subtag: 'bkm', prefix: [], scope: null }, - { type: 'language', subtag: 'bkn', prefix: [], scope: null }, - { type: 'language', subtag: 'bko', prefix: [], scope: null }, - { type: 'language', subtag: 'bkp', prefix: [], scope: null }, - { type: 'language', subtag: 'bkq', prefix: [], scope: null }, - { type: 'language', subtag: 'bkr', prefix: [], scope: null }, - { type: 'language', subtag: 'bks', prefix: [], scope: null }, - { type: 'language', subtag: 'bkt', prefix: [], scope: null }, - { type: 'language', subtag: 'bku', prefix: [], scope: null }, - { type: 'language', subtag: 'bkv', prefix: [], scope: null }, - { type: 'language', subtag: 'bkw', prefix: [], scope: null }, - { type: 'language', subtag: 'bkx', prefix: [], scope: null }, - { type: 'language', subtag: 'bky', prefix: [], scope: null }, - { type: 'language', subtag: 'bkz', prefix: [], scope: null }, - { type: 'language', subtag: 'bla', prefix: [], scope: null }, - { type: 'language', subtag: 'blb', prefix: [], scope: null }, - { type: 'language', subtag: 'blc', prefix: [], scope: null }, - { type: 'language', subtag: 'bld', prefix: [], scope: null }, - { type: 'language', subtag: 'ble', prefix: [], scope: null }, - { type: 'language', subtag: 'blf', prefix: [], scope: null }, - { type: 'language', subtag: 'blg', prefix: [], scope: null }, - { type: 'language', subtag: 'blh', prefix: [], scope: null }, - { type: 'language', subtag: 'bli', prefix: [], scope: null }, - { type: 'language', subtag: 'blj', prefix: [], scope: null }, - { type: 'language', subtag: 'blk', prefix: [], scope: null }, - { type: 'language', subtag: 'bll', prefix: [], scope: null }, - { type: 'language', subtag: 'blm', prefix: [], scope: null }, - { type: 'language', subtag: 'bln', prefix: [], scope: null }, - { type: 'language', subtag: 'blo', prefix: [], scope: null }, - { type: 'language', subtag: 'blp', prefix: [], scope: null }, - { type: 'language', subtag: 'blq', prefix: [], scope: null }, - { type: 'language', subtag: 'blr', prefix: [], scope: null }, - { type: 'language', subtag: 'bls', prefix: [], scope: null }, - { type: 'language', subtag: 'blt', prefix: [], scope: null }, - { type: 'language', subtag: 'blv', prefix: [], scope: null }, - { type: 'language', subtag: 'blw', prefix: [], scope: null }, - { type: 'language', subtag: 'blx', prefix: [], scope: null }, - { type: 'language', subtag: 'bly', prefix: [], scope: null }, - { type: 'language', subtag: 'blz', prefix: [], scope: null }, - { type: 'language', subtag: 'bma', prefix: [], scope: null }, - { type: 'language', subtag: 'bmb', prefix: [], scope: null }, - { type: 'language', subtag: 'bmc', prefix: [], scope: null }, - { type: 'language', subtag: 'bmd', prefix: [], scope: null }, - { type: 'language', subtag: 'bme', prefix: [], scope: null }, - { type: 'language', subtag: 'bmf', prefix: [], scope: null }, - { type: 'language', subtag: 'bmg', prefix: [], scope: null }, - { type: 'language', subtag: 'bmh', prefix: [], scope: null }, - { type: 'language', subtag: 'bmi', prefix: [], scope: null }, - { type: 'language', subtag: 'bmj', prefix: [], scope: null }, - { type: 'language', subtag: 'bmk', prefix: [], scope: null }, - { type: 'language', subtag: 'bml', prefix: [], scope: null }, - { type: 'language', subtag: 'bmm', prefix: [], scope: null }, - { type: 'language', subtag: 'bmn', prefix: [], scope: null }, - { type: 'language', subtag: 'bmo', prefix: [], scope: null }, - { type: 'language', subtag: 'bmp', prefix: [], scope: null }, - { type: 'language', subtag: 'bmq', prefix: [], scope: null }, - { type: 'language', subtag: 'bmr', prefix: [], scope: null }, - { type: 'language', subtag: 'bms', prefix: [], scope: null }, - { type: 'language', subtag: 'bmt', prefix: [], scope: null }, - { type: 'language', subtag: 'bmu', prefix: [], scope: null }, - { type: 'language', subtag: 'bmv', prefix: [], scope: null }, - { type: 'language', subtag: 'bmw', prefix: [], scope: null }, - { type: 'language', subtag: 'bmx', prefix: [], scope: null }, - { type: 'language', subtag: 'bmy', prefix: [], scope: null }, - { type: 'language', subtag: 'bmz', prefix: [], scope: null }, - { type: 'language', subtag: 'bna', prefix: [], scope: null }, - { type: 'language', subtag: 'bnb', prefix: [], scope: null }, - { type: 'language', subtag: 'bnc', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'bnd', prefix: [], scope: null }, - { type: 'language', subtag: 'bne', prefix: [], scope: null }, - { type: 'language', subtag: 'bnf', prefix: [], scope: null }, - { type: 'language', subtag: 'bng', prefix: [], scope: null }, - { type: 'language', subtag: 'bni', prefix: [], scope: null }, - { type: 'language', subtag: 'bnj', prefix: [], scope: null }, - { type: 'language', subtag: 'bnk', prefix: [], scope: null }, - { type: 'language', subtag: 'bnl', prefix: [], scope: null }, - { type: 'language', subtag: 'bnm', prefix: [], scope: null }, - { type: 'language', subtag: 'bnn', prefix: [], scope: null }, - { type: 'language', subtag: 'bno', prefix: [], scope: null }, - { type: 'language', subtag: 'bnp', prefix: [], scope: null }, - { type: 'language', subtag: 'bnq', prefix: [], scope: null }, - { type: 'language', subtag: 'bnr', prefix: [], scope: null }, - { type: 'language', subtag: 'bns', prefix: [], scope: null }, - { type: 'language', subtag: 'bnt', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'bnu', prefix: [], scope: null }, - { type: 'language', subtag: 'bnv', prefix: [], scope: null }, - { type: 'language', subtag: 'bnw', prefix: [], scope: null }, - { type: 'language', subtag: 'bnx', prefix: [], scope: null }, - { type: 'language', subtag: 'bny', prefix: [], scope: null }, - { type: 'language', subtag: 'bnz', prefix: [], scope: null }, - { type: 'language', subtag: 'boa', prefix: [], scope: null }, - { type: 'language', subtag: 'bob', prefix: [], scope: null }, - { type: 'language', subtag: 'boe', prefix: [], scope: null }, - { type: 'language', subtag: 'bof', prefix: [], scope: null }, - { type: 'language', subtag: 'bog', prefix: [], scope: null }, - { type: 'language', subtag: 'boh', prefix: [], scope: null }, - { type: 'language', subtag: 'boi', prefix: [], scope: null }, - { type: 'language', subtag: 'boj', prefix: [], scope: null }, - { type: 'language', subtag: 'bok', prefix: [], scope: null }, - { type: 'language', subtag: 'bol', prefix: [], scope: null }, - { type: 'language', subtag: 'bom', prefix: [], scope: null }, - { type: 'language', subtag: 'bon', prefix: [], scope: null }, - { type: 'language', subtag: 'boo', prefix: [], scope: null }, - { type: 'language', subtag: 'bop', prefix: [], scope: null }, - { type: 'language', subtag: 'boq', prefix: [], scope: null }, - { type: 'language', subtag: 'bor', prefix: [], scope: null }, - { type: 'language', subtag: 'bot', prefix: [], scope: null }, - { type: 'language', subtag: 'bou', prefix: [], scope: null }, - { type: 'language', subtag: 'bov', prefix: [], scope: null }, - { type: 'language', subtag: 'bow', prefix: [], scope: null }, - { type: 'language', subtag: 'box', prefix: [], scope: null }, - { type: 'language', subtag: 'boy', prefix: [], scope: null }, - { type: 'language', subtag: 'boz', prefix: [], scope: null }, - { type: 'language', subtag: 'bpa', prefix: [], scope: null }, - { type: 'language', subtag: 'bpb', prefix: [], scope: null }, - { type: 'language', subtag: 'bpc', prefix: [], scope: null }, - { type: 'language', subtag: 'bpd', prefix: [], scope: null }, - { type: 'language', subtag: 'bpe', prefix: [], scope: null }, - { type: 'language', subtag: 'bpg', prefix: [], scope: null }, - { type: 'language', subtag: 'bph', prefix: [], scope: null }, - { type: 'language', subtag: 'bpi', prefix: [], scope: null }, - { type: 'language', subtag: 'bpj', prefix: [], scope: null }, - { type: 'language', subtag: 'bpk', prefix: [], scope: null }, - { type: 'language', subtag: 'bpl', prefix: [], scope: null }, - { type: 'language', subtag: 'bpm', prefix: [], scope: null }, - { type: 'language', subtag: 'bpn', prefix: [], scope: null }, - { type: 'language', subtag: 'bpo', prefix: [], scope: null }, - { type: 'language', subtag: 'bpp', prefix: [], scope: null }, - { type: 'language', subtag: 'bpq', prefix: [], scope: null }, - { type: 'language', subtag: 'bpr', prefix: [], scope: null }, - { type: 'language', subtag: 'bps', prefix: [], scope: null }, - { type: 'language', subtag: 'bpt', prefix: [], scope: null }, - { type: 'language', subtag: 'bpu', prefix: [], scope: null }, - { type: 'language', subtag: 'bpv', prefix: [], scope: null }, - { type: 'language', subtag: 'bpw', prefix: [], scope: null }, - { type: 'language', subtag: 'bpx', prefix: [], scope: null }, - { type: 'language', subtag: 'bpy', prefix: [], scope: null }, - { type: 'language', subtag: 'bpz', prefix: [], scope: null }, - { type: 'language', subtag: 'bqa', prefix: [], scope: null }, - { type: 'language', subtag: 'bqb', prefix: [], scope: null }, - { type: 'language', subtag: 'bqc', prefix: [], scope: null }, - { type: 'language', subtag: 'bqd', prefix: [], scope: null }, - { type: 'language', subtag: 'bqf', prefix: [], scope: null }, - { type: 'language', subtag: 'bqg', prefix: [], scope: null }, - { type: 'language', subtag: 'bqh', prefix: [], scope: null }, - { type: 'language', subtag: 'bqi', prefix: [], scope: null }, - { type: 'language', subtag: 'bqj', prefix: [], scope: null }, - { type: 'language', subtag: 'bqk', prefix: [], scope: null }, - { type: 'language', subtag: 'bql', prefix: [], scope: null }, - { type: 'language', subtag: 'bqm', prefix: [], scope: null }, - { type: 'language', subtag: 'bqn', prefix: [], scope: null }, - { type: 'language', subtag: 'bqo', prefix: [], scope: null }, - { type: 'language', subtag: 'bqp', prefix: [], scope: null }, - { type: 'language', subtag: 'bqq', prefix: [], scope: null }, - { type: 'language', subtag: 'bqr', prefix: [], scope: null }, - { type: 'language', subtag: 'bqs', prefix: [], scope: null }, - { type: 'language', subtag: 'bqt', prefix: [], scope: null }, - { type: 'language', subtag: 'bqu', prefix: [], scope: null }, - { type: 'language', subtag: 'bqv', prefix: [], scope: null }, - { type: 'language', subtag: 'bqw', prefix: [], scope: null }, - { type: 'language', subtag: 'bqx', prefix: [], scope: null }, - { type: 'language', subtag: 'bqy', prefix: [], scope: null }, - { type: 'language', subtag: 'bqz', prefix: [], scope: null }, - { type: 'language', subtag: 'bra', prefix: [], scope: null }, - { type: 'language', subtag: 'brb', prefix: [], scope: null }, - { type: 'language', subtag: 'brc', prefix: [], scope: null }, - { type: 'language', subtag: 'brd', prefix: [], scope: null }, - { type: 'language', subtag: 'brf', prefix: [], scope: null }, - { type: 'language', subtag: 'brg', prefix: [], scope: null }, - { type: 'language', subtag: 'brh', prefix: [], scope: null }, - { type: 'language', subtag: 'bri', prefix: [], scope: null }, - { type: 'language', subtag: 'brj', prefix: [], scope: null }, - { type: 'language', subtag: 'brk', prefix: [], scope: null }, - { type: 'language', subtag: 'brl', prefix: [], scope: null }, - { type: 'language', subtag: 'brm', prefix: [], scope: null }, - { type: 'language', subtag: 'brn', prefix: [], scope: null }, - { type: 'language', subtag: 'bro', prefix: [], scope: null }, - { type: 'language', subtag: 'brp', prefix: [], scope: null }, - { type: 'language', subtag: 'brq', prefix: [], scope: null }, - { type: 'language', subtag: 'brr', prefix: [], scope: null }, - { type: 'language', subtag: 'brs', prefix: [], scope: null }, - { type: 'language', subtag: 'brt', prefix: [], scope: null }, - { type: 'language', subtag: 'bru', prefix: [], scope: null }, - { type: 'language', subtag: 'brv', prefix: [], scope: null }, - { type: 'language', subtag: 'brw', prefix: [], scope: null }, - { type: 'language', subtag: 'brx', prefix: [], scope: null }, - { type: 'language', subtag: 'bry', prefix: [], scope: null }, - { type: 'language', subtag: 'brz', prefix: [], scope: null }, - { type: 'language', subtag: 'bsa', prefix: [], scope: null }, - { type: 'language', subtag: 'bsb', prefix: [], scope: null }, - { type: 'language', subtag: 'bsc', prefix: [], scope: null }, - { type: 'language', subtag: 'bse', prefix: [], scope: null }, - { type: 'language', subtag: 'bsf', prefix: [], scope: null }, - { type: 'language', subtag: 'bsg', prefix: [], scope: null }, - { type: 'language', subtag: 'bsh', prefix: [], scope: null }, - { type: 'language', subtag: 'bsi', prefix: [], scope: null }, - { type: 'language', subtag: 'bsj', prefix: [], scope: null }, - { type: 'language', subtag: 'bsk', prefix: [], scope: null }, - { type: 'language', subtag: 'bsl', prefix: [], scope: null }, - { type: 'language', subtag: 'bsm', prefix: [], scope: null }, - { type: 'language', subtag: 'bsn', prefix: [], scope: null }, - { type: 'language', subtag: 'bso', prefix: [], scope: null }, - { type: 'language', subtag: 'bsp', prefix: [], scope: null }, - { type: 'language', subtag: 'bsq', prefix: [], scope: null }, - { type: 'language', subtag: 'bsr', prefix: [], scope: null }, - { type: 'language', subtag: 'bss', prefix: [], scope: null }, - { type: 'language', subtag: 'bst', prefix: [], scope: null }, - { type: 'language', subtag: 'bsu', prefix: [], scope: null }, - { type: 'language', subtag: 'bsv', prefix: [], scope: null }, - { type: 'language', subtag: 'bsw', prefix: [], scope: null }, - { type: 'language', subtag: 'bsx', prefix: [], scope: null }, - { type: 'language', subtag: 'bsy', prefix: [], scope: null }, - { type: 'language', subtag: 'bta', prefix: [], scope: null }, - { type: 'language', subtag: 'btb', prefix: [], scope: null }, - { type: 'language', subtag: 'btc', prefix: [], scope: null }, - { type: 'language', subtag: 'btd', prefix: [], scope: null }, - { type: 'language', subtag: 'bte', prefix: [], scope: null }, - { type: 'language', subtag: 'btf', prefix: [], scope: null }, - { type: 'language', subtag: 'btg', prefix: [], scope: null }, - { type: 'language', subtag: 'bth', prefix: [], scope: null }, - { type: 'language', subtag: 'bti', prefix: [], scope: null }, - { type: 'language', subtag: 'btj', prefix: [], scope: null }, - { type: 'language', subtag: 'btk', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'btl', prefix: [], scope: null }, - { type: 'language', subtag: 'btm', prefix: [], scope: null }, - { type: 'language', subtag: 'btn', prefix: [], scope: null }, - { type: 'language', subtag: 'bto', prefix: [], scope: null }, - { type: 'language', subtag: 'btp', prefix: [], scope: null }, - { type: 'language', subtag: 'btq', prefix: [], scope: null }, - { type: 'language', subtag: 'btr', prefix: [], scope: null }, - { type: 'language', subtag: 'bts', prefix: [], scope: null }, - { type: 'language', subtag: 'btt', prefix: [], scope: null }, - { type: 'language', subtag: 'btu', prefix: [], scope: null }, - { type: 'language', subtag: 'btv', prefix: [], scope: null }, - { type: 'language', subtag: 'btw', prefix: [], scope: null }, - { type: 'language', subtag: 'btx', prefix: [], scope: null }, - { type: 'language', subtag: 'bty', prefix: [], scope: null }, - { type: 'language', subtag: 'btz', prefix: [], scope: null }, - { type: 'language', subtag: 'bua', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'bub', prefix: [], scope: null }, - { type: 'language', subtag: 'buc', prefix: [], scope: null }, - { type: 'language', subtag: 'bud', prefix: [], scope: null }, - { type: 'language', subtag: 'bue', prefix: [], scope: null }, - { type: 'language', subtag: 'buf', prefix: [], scope: null }, - { type: 'language', subtag: 'bug', prefix: [], scope: null }, - { type: 'language', subtag: 'buh', prefix: [], scope: null }, - { type: 'language', subtag: 'bui', prefix: [], scope: null }, - { type: 'language', subtag: 'buj', prefix: [], scope: null }, - { type: 'language', subtag: 'buk', prefix: [], scope: null }, - { type: 'language', subtag: 'bum', prefix: [], scope: null }, - { type: 'language', subtag: 'bun', prefix: [], scope: null }, - { type: 'language', subtag: 'buo', prefix: [], scope: null }, - { type: 'language', subtag: 'bup', prefix: [], scope: null }, - { type: 'language', subtag: 'buq', prefix: [], scope: null }, - { type: 'language', subtag: 'bus', prefix: [], scope: null }, - { type: 'language', subtag: 'but', prefix: [], scope: null }, - { type: 'language', subtag: 'buu', prefix: [], scope: null }, - { type: 'language', subtag: 'buv', prefix: [], scope: null }, - { type: 'language', subtag: 'buw', prefix: [], scope: null }, - { type: 'language', subtag: 'bux', prefix: [], scope: null }, - { type: 'language', subtag: 'buy', prefix: [], scope: null }, - { type: 'language', subtag: 'buz', prefix: [], scope: null }, - { type: 'language', subtag: 'bva', prefix: [], scope: null }, - { type: 'language', subtag: 'bvb', prefix: [], scope: null }, - { type: 'language', subtag: 'bvc', prefix: [], scope: null }, - { type: 'language', subtag: 'bvd', prefix: [], scope: null }, - { type: 'language', subtag: 'bve', prefix: [], scope: null }, - { type: 'language', subtag: 'bvf', prefix: [], scope: null }, - { type: 'language', subtag: 'bvg', prefix: [], scope: null }, - { type: 'language', subtag: 'bvh', prefix: [], scope: null }, - { type: 'language', subtag: 'bvi', prefix: [], scope: null }, - { type: 'language', subtag: 'bvj', prefix: [], scope: null }, - { type: 'language', subtag: 'bvk', prefix: [], scope: null }, - { type: 'language', subtag: 'bvl', prefix: [], scope: null }, - { type: 'language', subtag: 'bvm', prefix: [], scope: null }, - { type: 'language', subtag: 'bvn', prefix: [], scope: null }, - { type: 'language', subtag: 'bvo', prefix: [], scope: null }, - { type: 'language', subtag: 'bvp', prefix: [], scope: null }, - { type: 'language', subtag: 'bvq', prefix: [], scope: null }, - { type: 'language', subtag: 'bvr', prefix: [], scope: null }, - { type: 'language', subtag: 'bvt', prefix: [], scope: null }, - { type: 'language', subtag: 'bvu', prefix: [], scope: null }, - { type: 'language', subtag: 'bvv', prefix: [], scope: null }, - { type: 'language', subtag: 'bvw', prefix: [], scope: null }, - { type: 'language', subtag: 'bvx', prefix: [], scope: null }, - { type: 'language', subtag: 'bvy', prefix: [], scope: null }, - { type: 'language', subtag: 'bvz', prefix: [], scope: null }, - { type: 'language', subtag: 'bwa', prefix: [], scope: null }, - { type: 'language', subtag: 'bwb', prefix: [], scope: null }, - { type: 'language', subtag: 'bwc', prefix: [], scope: null }, - { type: 'language', subtag: 'bwd', prefix: [], scope: null }, - { type: 'language', subtag: 'bwe', prefix: [], scope: null }, - { type: 'language', subtag: 'bwf', prefix: [], scope: null }, - { type: 'language', subtag: 'bwg', prefix: [], scope: null }, - { type: 'language', subtag: 'bwh', prefix: [], scope: null }, - { type: 'language', subtag: 'bwi', prefix: [], scope: null }, - { type: 'language', subtag: 'bwj', prefix: [], scope: null }, - { type: 'language', subtag: 'bwk', prefix: [], scope: null }, - { type: 'language', subtag: 'bwl', prefix: [], scope: null }, - { type: 'language', subtag: 'bwm', prefix: [], scope: null }, - { type: 'language', subtag: 'bwn', prefix: [], scope: null }, - { type: 'language', subtag: 'bwo', prefix: [], scope: null }, - { type: 'language', subtag: 'bwp', prefix: [], scope: null }, - { type: 'language', subtag: 'bwq', prefix: [], scope: null }, - { type: 'language', subtag: 'bwr', prefix: [], scope: null }, - { type: 'language', subtag: 'bws', prefix: [], scope: null }, - { type: 'language', subtag: 'bwt', prefix: [], scope: null }, - { type: 'language', subtag: 'bwu', prefix: [], scope: null }, - { type: 'language', subtag: 'bww', prefix: [], scope: null }, - { type: 'language', subtag: 'bwx', prefix: [], scope: null }, - { type: 'language', subtag: 'bwy', prefix: [], scope: null }, - { type: 'language', subtag: 'bwz', prefix: [], scope: null }, - { type: 'language', subtag: 'bxa', prefix: [], scope: null }, - { type: 'language', subtag: 'bxb', prefix: [], scope: null }, - { type: 'language', subtag: 'bxc', prefix: [], scope: null }, - { type: 'language', subtag: 'bxd', prefix: [], scope: null }, - { type: 'language', subtag: 'bxe', prefix: [], scope: null }, - { type: 'language', subtag: 'bxf', prefix: [], scope: null }, - { type: 'language', subtag: 'bxg', prefix: [], scope: null }, - { type: 'language', subtag: 'bxh', prefix: [], scope: null }, - { type: 'language', subtag: 'bxi', prefix: [], scope: null }, - { type: 'language', subtag: 'bxj', prefix: [], scope: null }, - { type: 'language', subtag: 'bxk', prefix: [], scope: null }, - { type: 'language', subtag: 'bxl', prefix: [], scope: null }, - { type: 'language', subtag: 'bxm', prefix: [], scope: null }, - { type: 'language', subtag: 'bxn', prefix: [], scope: null }, - { type: 'language', subtag: 'bxo', prefix: [], scope: null }, - { type: 'language', subtag: 'bxp', prefix: [], scope: null }, - { type: 'language', subtag: 'bxq', prefix: [], scope: null }, - { type: 'language', subtag: 'bxr', prefix: [], scope: null }, - { type: 'language', subtag: 'bxs', prefix: [], scope: null }, - { type: 'language', subtag: 'bxu', prefix: [], scope: null }, - { type: 'language', subtag: 'bxv', prefix: [], scope: null }, - { type: 'language', subtag: 'bxw', prefix: [], scope: null }, - { type: 'language', subtag: 'bxx', prefix: [], scope: null }, - { type: 'language', subtag: 'bxz', prefix: [], scope: null }, - { type: 'language', subtag: 'bya', prefix: [], scope: null }, - { type: 'language', subtag: 'byb', prefix: [], scope: null }, - { type: 'language', subtag: 'byc', prefix: [], scope: null }, - { type: 'language', subtag: 'byd', prefix: [], scope: null }, - { type: 'language', subtag: 'bye', prefix: [], scope: null }, - { type: 'language', subtag: 'byf', prefix: [], scope: null }, - { type: 'language', subtag: 'byg', prefix: [], scope: null }, - { type: 'language', subtag: 'byh', prefix: [], scope: null }, - { type: 'language', subtag: 'byi', prefix: [], scope: null }, - { type: 'language', subtag: 'byj', prefix: [], scope: null }, - { type: 'language', subtag: 'byk', prefix: [], scope: null }, - { type: 'language', subtag: 'byl', prefix: [], scope: null }, - { type: 'language', subtag: 'bym', prefix: [], scope: null }, - { type: 'language', subtag: 'byn', prefix: [], scope: null }, - { type: 'language', subtag: 'byo', prefix: [], scope: null }, - { type: 'language', subtag: 'byp', prefix: [], scope: null }, - { type: 'language', subtag: 'byq', prefix: [], scope: null }, - { type: 'language', subtag: 'byr', prefix: [], scope: null }, - { type: 'language', subtag: 'bys', prefix: [], scope: null }, - { type: 'language', subtag: 'byt', prefix: [], scope: null }, - { type: 'language', subtag: 'byv', prefix: [], scope: null }, - { type: 'language', subtag: 'byw', prefix: [], scope: null }, - { type: 'language', subtag: 'byx', prefix: [], scope: null }, - { type: 'language', subtag: 'byy', prefix: [], scope: null }, - { type: 'language', subtag: 'byz', prefix: [], scope: null }, - { type: 'language', subtag: 'bza', prefix: [], scope: null }, - { type: 'language', subtag: 'bzb', prefix: [], scope: null }, - { type: 'language', subtag: 'bzc', prefix: [], scope: null }, - { type: 'language', subtag: 'bzd', prefix: [], scope: null }, - { type: 'language', subtag: 'bze', prefix: [], scope: null }, - { type: 'language', subtag: 'bzf', prefix: [], scope: null }, - { type: 'language', subtag: 'bzg', prefix: [], scope: null }, - { type: 'language', subtag: 'bzh', prefix: [], scope: null }, - { type: 'language', subtag: 'bzi', prefix: [], scope: null }, - { type: 'language', subtag: 'bzj', prefix: [], scope: null }, - { type: 'language', subtag: 'bzk', prefix: [], scope: null }, - { type: 'language', subtag: 'bzl', prefix: [], scope: null }, - { type: 'language', subtag: 'bzm', prefix: [], scope: null }, - { type: 'language', subtag: 'bzn', prefix: [], scope: null }, - { type: 'language', subtag: 'bzo', prefix: [], scope: null }, - { type: 'language', subtag: 'bzp', prefix: [], scope: null }, - { type: 'language', subtag: 'bzq', prefix: [], scope: null }, - { type: 'language', subtag: 'bzr', prefix: [], scope: null }, - { type: 'language', subtag: 'bzs', prefix: [], scope: null }, - { type: 'language', subtag: 'bzt', prefix: [], scope: null }, - { type: 'language', subtag: 'bzu', prefix: [], scope: null }, - { type: 'language', subtag: 'bzv', prefix: [], scope: null }, - { type: 'language', subtag: 'bzw', prefix: [], scope: null }, - { type: 'language', subtag: 'bzx', prefix: [], scope: null }, - { type: 'language', subtag: 'bzy', prefix: [], scope: null }, - { type: 'language', subtag: 'bzz', prefix: [], scope: null }, - { type: 'language', subtag: 'caa', prefix: [], scope: null }, - { type: 'language', subtag: 'cab', prefix: [], scope: null }, - { type: 'language', subtag: 'cac', prefix: [], scope: null }, - { type: 'language', subtag: 'cad', prefix: [], scope: null }, - { type: 'language', subtag: 'cae', prefix: [], scope: null }, - { type: 'language', subtag: 'caf', prefix: [], scope: null }, - { type: 'language', subtag: 'cag', prefix: [], scope: null }, - { type: 'language', subtag: 'cah', prefix: [], scope: null }, - { type: 'language', subtag: 'cai', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'caj', prefix: [], scope: null }, - { type: 'language', subtag: 'cak', prefix: [], scope: null }, - { type: 'language', subtag: 'cal', prefix: [], scope: null }, - { type: 'language', subtag: 'cam', prefix: [], scope: null }, - { type: 'language', subtag: 'can', prefix: [], scope: null }, - { type: 'language', subtag: 'cao', prefix: [], scope: null }, - { type: 'language', subtag: 'cap', prefix: [], scope: null }, - { type: 'language', subtag: 'caq', prefix: [], scope: null }, - { type: 'language', subtag: 'car', prefix: [], scope: null }, - { type: 'language', subtag: 'cas', prefix: [], scope: null }, - { type: 'language', subtag: 'cau', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'cav', prefix: [], scope: null }, - { type: 'language', subtag: 'caw', prefix: [], scope: null }, - { type: 'language', subtag: 'cax', prefix: [], scope: null }, - { type: 'language', subtag: 'cay', prefix: [], scope: null }, - { type: 'language', subtag: 'caz', prefix: [], scope: null }, - { type: 'language', subtag: 'cba', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'cbb', prefix: [], scope: null }, - { type: 'language', subtag: 'cbc', prefix: [], scope: null }, - { type: 'language', subtag: 'cbd', prefix: [], scope: null }, - { type: 'language', subtag: 'cbe', prefix: [], scope: null }, - { type: 'language', subtag: 'cbg', prefix: [], scope: null }, - { type: 'language', subtag: 'cbh', prefix: [], scope: null }, - { type: 'language', subtag: 'cbi', prefix: [], scope: null }, - { type: 'language', subtag: 'cbj', prefix: [], scope: null }, - { type: 'language', subtag: 'cbk', prefix: [], scope: null }, - { type: 'language', subtag: 'cbl', prefix: [], scope: null }, - { type: 'language', subtag: 'cbn', prefix: [], scope: null }, - { type: 'language', subtag: 'cbo', prefix: [], scope: null }, - { type: 'language', subtag: 'cbq', prefix: [], scope: null }, - { type: 'language', subtag: 'cbr', prefix: [], scope: null }, - { type: 'language', subtag: 'cbs', prefix: [], scope: null }, - { type: 'language', subtag: 'cbt', prefix: [], scope: null }, - { type: 'language', subtag: 'cbu', prefix: [], scope: null }, - { type: 'language', subtag: 'cbv', prefix: [], scope: null }, - { type: 'language', subtag: 'cbw', prefix: [], scope: null }, - { type: 'language', subtag: 'cby', prefix: [], scope: null }, - { type: 'language', subtag: 'cca', prefix: [], scope: null }, - { type: 'language', subtag: 'ccc', prefix: [], scope: null }, - { type: 'language', subtag: 'ccd', prefix: [], scope: null }, - { type: 'language', subtag: 'cce', prefix: [], scope: null }, - { type: 'language', subtag: 'ccg', prefix: [], scope: null }, - { type: 'language', subtag: 'cch', prefix: [], scope: null }, - { type: 'language', subtag: 'ccj', prefix: [], scope: null }, - { type: 'language', subtag: 'ccl', prefix: [], scope: null }, - { type: 'language', subtag: 'ccm', prefix: [], scope: null }, - { type: 'language', subtag: 'ccn', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'cco', prefix: [], scope: null }, - { type: 'language', subtag: 'ccp', prefix: [], scope: null }, - { type: 'language', subtag: 'ccq', prefix: [], scope: null }, - { type: 'language', subtag: 'ccr', prefix: [], scope: null }, - { type: 'language', subtag: 'ccs', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'cda', prefix: [], scope: null }, - { type: 'language', subtag: 'cdc', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'cdd', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'cde', prefix: [], scope: null }, - { type: 'language', subtag: 'cdf', prefix: [], scope: null }, - { type: 'language', subtag: 'cdg', prefix: [], scope: null }, - { type: 'language', subtag: 'cdh', prefix: [], scope: null }, - { type: 'language', subtag: 'cdi', prefix: [], scope: null }, - { type: 'language', subtag: 'cdj', prefix: [], scope: null }, - { type: 'language', subtag: 'cdm', prefix: [], scope: null }, - { type: 'language', subtag: 'cdn', prefix: [], scope: null }, - { type: 'language', subtag: 'cdo', prefix: [], scope: null }, - { type: 'language', subtag: 'cdr', prefix: [], scope: null }, - { type: 'language', subtag: 'cds', prefix: [], scope: null }, - { type: 'language', subtag: 'cdy', prefix: [], scope: null }, - { type: 'language', subtag: 'cdz', prefix: [], scope: null }, - { type: 'language', subtag: 'cea', prefix: [], scope: null }, - { type: 'language', subtag: 'ceb', prefix: [], scope: null }, - { type: 'language', subtag: 'ceg', prefix: [], scope: null }, - { type: 'language', subtag: 'cek', prefix: [], scope: null }, - { type: 'language', subtag: 'cel', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'cen', prefix: [], scope: null }, - { type: 'language', subtag: 'cet', prefix: [], scope: null }, - { type: 'language', subtag: 'cey', prefix: [], scope: null }, - { type: 'language', subtag: 'cfa', prefix: [], scope: null }, - { type: 'language', subtag: 'cfd', prefix: [], scope: null }, - { type: 'language', subtag: 'cfg', prefix: [], scope: null }, - { type: 'language', subtag: 'cfm', prefix: [], scope: null }, - { type: 'language', subtag: 'cga', prefix: [], scope: null }, - { type: 'language', subtag: 'cgc', prefix: [], scope: null }, - { type: 'language', subtag: 'cgg', prefix: [], scope: null }, - { type: 'language', subtag: 'cgk', prefix: [], scope: null }, - { type: 'language', subtag: 'chb', prefix: [], scope: null }, - { type: 'language', subtag: 'chc', prefix: [], scope: null }, - { type: 'language', subtag: 'chd', prefix: [], scope: null }, - { type: 'language', subtag: 'chf', prefix: [], scope: null }, - { type: 'language', subtag: 'chg', prefix: [], scope: null }, - { type: 'language', subtag: 'chh', prefix: [], scope: null }, - { type: 'language', subtag: 'chj', prefix: [], scope: null }, - { type: 'language', subtag: 'chk', prefix: [], scope: null }, - { type: 'language', subtag: 'chl', prefix: [], scope: null }, - { type: 'language', subtag: 'chm', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'chn', prefix: [], scope: null }, - { type: 'language', subtag: 'cho', prefix: [], scope: null }, - { type: 'language', subtag: 'chp', prefix: [], scope: null }, - { type: 'language', subtag: 'chq', prefix: [], scope: null }, - { type: 'language', subtag: 'chr', prefix: [], scope: null }, - { type: 'language', subtag: 'cht', prefix: [], scope: null }, - { type: 'language', subtag: 'chw', prefix: [], scope: null }, - { type: 'language', subtag: 'chx', prefix: [], scope: null }, - { type: 'language', subtag: 'chy', prefix: [], scope: null }, - { type: 'language', subtag: 'chz', prefix: [], scope: null }, - { type: 'language', subtag: 'cia', prefix: [], scope: null }, - { type: 'language', subtag: 'cib', prefix: [], scope: null }, - { type: 'language', subtag: 'cic', prefix: [], scope: null }, - { type: 'language', subtag: 'cid', prefix: [], scope: null }, - { type: 'language', subtag: 'cie', prefix: [], scope: null }, - { type: 'language', subtag: 'cih', prefix: [], scope: null }, - { type: 'language', subtag: 'cik', prefix: [], scope: null }, - { type: 'language', subtag: 'cim', prefix: [], scope: null }, - { type: 'language', subtag: 'cin', prefix: [], scope: null }, - { type: 'language', subtag: 'cip', prefix: [], scope: null }, - { type: 'language', subtag: 'cir', prefix: [], scope: null }, - { type: 'language', subtag: 'ciw', prefix: [], scope: null }, - { type: 'language', subtag: 'ciy', prefix: [], scope: null }, - { type: 'language', subtag: 'cja', prefix: [], scope: null }, - { type: 'language', subtag: 'cje', prefix: [], scope: null }, - { type: 'language', subtag: 'cjh', prefix: [], scope: null }, - { type: 'language', subtag: 'cji', prefix: [], scope: null }, - { type: 'language', subtag: 'cjk', prefix: [], scope: null }, - { type: 'language', subtag: 'cjm', prefix: [], scope: null }, - { type: 'language', subtag: 'cjn', prefix: [], scope: null }, - { type: 'language', subtag: 'cjo', prefix: [], scope: null }, - { type: 'language', subtag: 'cjp', prefix: [], scope: null }, - { type: 'language', subtag: 'cjr', prefix: [], scope: null }, - { type: 'language', subtag: 'cjs', prefix: [], scope: null }, - { type: 'language', subtag: 'cjv', prefix: [], scope: null }, - { type: 'language', subtag: 'cjy', prefix: [], scope: null }, - { type: 'language', subtag: 'cka', prefix: [], scope: null }, - { type: 'language', subtag: 'ckb', prefix: [], scope: null }, - { type: 'language', subtag: 'ckh', prefix: [], scope: null }, - { type: 'language', subtag: 'ckl', prefix: [], scope: null }, - { type: 'language', subtag: 'ckm', prefix: [], scope: null }, - { type: 'language', subtag: 'ckn', prefix: [], scope: null }, - { type: 'language', subtag: 'cko', prefix: [], scope: null }, - { type: 'language', subtag: 'ckq', prefix: [], scope: null }, - { type: 'language', subtag: 'ckr', prefix: [], scope: null }, - { type: 'language', subtag: 'cks', prefix: [], scope: null }, - { type: 'language', subtag: 'ckt', prefix: [], scope: null }, - { type: 'language', subtag: 'cku', prefix: [], scope: null }, - { type: 'language', subtag: 'ckv', prefix: [], scope: null }, - { type: 'language', subtag: 'ckx', prefix: [], scope: null }, - { type: 'language', subtag: 'cky', prefix: [], scope: null }, - { type: 'language', subtag: 'ckz', prefix: [], scope: null }, - { type: 'language', subtag: 'cla', prefix: [], scope: null }, - { type: 'language', subtag: 'clc', prefix: [], scope: null }, - { type: 'language', subtag: 'cld', prefix: [], scope: null }, - { type: 'language', subtag: 'cle', prefix: [], scope: null }, - { type: 'language', subtag: 'clh', prefix: [], scope: null }, - { type: 'language', subtag: 'cli', prefix: [], scope: null }, - { type: 'language', subtag: 'clj', prefix: [], scope: null }, - { type: 'language', subtag: 'clk', prefix: [], scope: null }, - { type: 'language', subtag: 'cll', prefix: [], scope: null }, - { type: 'language', subtag: 'clm', prefix: [], scope: null }, - { type: 'language', subtag: 'clo', prefix: [], scope: null }, - { type: 'language', subtag: 'clt', prefix: [], scope: null }, - { type: 'language', subtag: 'clu', prefix: [], scope: null }, - { type: 'language', subtag: 'clw', prefix: [], scope: null }, - { type: 'language', subtag: 'cly', prefix: [], scope: null }, - { type: 'language', subtag: 'cma', prefix: [], scope: null }, - { type: 'language', subtag: 'cmc', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'cme', prefix: [], scope: null }, - { type: 'language', subtag: 'cmg', prefix: [], scope: null }, - { type: 'language', subtag: 'cmi', prefix: [], scope: null }, - { type: 'language', subtag: 'cmk', prefix: [], scope: null }, - { type: 'language', subtag: 'cml', prefix: [], scope: null }, - { type: 'language', subtag: 'cmm', prefix: [], scope: null }, - { type: 'language', subtag: 'cmn', prefix: [], scope: null }, - { type: 'language', subtag: 'cmo', prefix: [], scope: null }, - { type: 'language', subtag: 'cmr', prefix: [], scope: null }, - { type: 'language', subtag: 'cms', prefix: [], scope: null }, - { type: 'language', subtag: 'cmt', prefix: [], scope: null }, - { type: 'language', subtag: 'cna', prefix: [], scope: null }, - { type: 'language', subtag: 'cnb', prefix: [], scope: null }, - { type: 'language', subtag: 'cnc', prefix: [], scope: null }, - { type: 'language', subtag: 'cng', prefix: [], scope: null }, - { type: 'language', subtag: 'cnh', prefix: [], scope: null }, - { type: 'language', subtag: 'cni', prefix: [], scope: null }, - { type: 'language', subtag: 'cnk', prefix: [], scope: null }, - { type: 'language', subtag: 'cnl', prefix: [], scope: null }, - { type: 'language', subtag: 'cno', prefix: [], scope: null }, - { type: 'language', subtag: 'cnp', prefix: [], scope: null }, - { type: 'language', subtag: 'cnq', prefix: [], scope: null }, - { type: 'language', subtag: 'cnr', prefix: [], scope: null }, - { type: 'language', subtag: 'cns', prefix: [], scope: null }, - { type: 'language', subtag: 'cnt', prefix: [], scope: null }, - { type: 'language', subtag: 'cnu', prefix: [], scope: null }, - { type: 'language', subtag: 'cnw', prefix: [], scope: null }, - { type: 'language', subtag: 'cnx', prefix: [], scope: null }, - { type: 'language', subtag: 'coa', prefix: [], scope: null }, - { type: 'language', subtag: 'cob', prefix: [], scope: null }, - { type: 'language', subtag: 'coc', prefix: [], scope: null }, - { type: 'language', subtag: 'cod', prefix: [], scope: null }, - { type: 'language', subtag: 'coe', prefix: [], scope: null }, - { type: 'language', subtag: 'cof', prefix: [], scope: null }, - { type: 'language', subtag: 'cog', prefix: [], scope: null }, - { type: 'language', subtag: 'coh', prefix: [], scope: null }, - { type: 'language', subtag: 'coj', prefix: [], scope: null }, - { type: 'language', subtag: 'cok', prefix: [], scope: null }, - { type: 'language', subtag: 'col', prefix: [], scope: null }, - { type: 'language', subtag: 'com', prefix: [], scope: null }, - { type: 'language', subtag: 'con', prefix: [], scope: null }, - { type: 'language', subtag: 'coo', prefix: [], scope: null }, - { type: 'language', subtag: 'cop', prefix: [], scope: null }, - { type: 'language', subtag: 'coq', prefix: [], scope: null }, - { type: 'language', subtag: 'cot', prefix: [], scope: null }, - { type: 'language', subtag: 'cou', prefix: [], scope: null }, - { type: 'language', subtag: 'cov', prefix: [], scope: null }, - { type: 'language', subtag: 'cow', prefix: [], scope: null }, - { type: 'language', subtag: 'cox', prefix: [], scope: null }, - { type: 'language', subtag: 'coy', prefix: [], scope: null }, - { type: 'language', subtag: 'coz', prefix: [], scope: null }, - { type: 'language', subtag: 'cpa', prefix: [], scope: null }, - { type: 'language', subtag: 'cpb', prefix: [], scope: null }, - { type: 'language', subtag: 'cpc', prefix: [], scope: null }, - { type: 'language', subtag: 'cpe', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'cpf', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'cpg', prefix: [], scope: null }, - { type: 'language', subtag: 'cpi', prefix: [], scope: null }, - { type: 'language', subtag: 'cpn', prefix: [], scope: null }, - { type: 'language', subtag: 'cpo', prefix: [], scope: null }, - { type: 'language', subtag: 'cpp', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'cps', prefix: [], scope: null }, - { type: 'language', subtag: 'cpu', prefix: [], scope: null }, - { type: 'language', subtag: 'cpx', prefix: [], scope: null }, - { type: 'language', subtag: 'cpy', prefix: [], scope: null }, - { type: 'language', subtag: 'cqd', prefix: [], scope: null }, - { type: 'language', subtag: 'cqu', prefix: [], scope: null }, - { type: 'language', subtag: 'cra', prefix: [], scope: null }, - { type: 'language', subtag: 'crb', prefix: [], scope: null }, - { type: 'language', subtag: 'crc', prefix: [], scope: null }, - { type: 'language', subtag: 'crd', prefix: [], scope: null }, - { type: 'language', subtag: 'crf', prefix: [], scope: null }, - { type: 'language', subtag: 'crg', prefix: [], scope: null }, - { type: 'language', subtag: 'crh', prefix: [], scope: null }, - { type: 'language', subtag: 'cri', prefix: [], scope: null }, - { type: 'language', subtag: 'crj', prefix: [], scope: null }, - { type: 'language', subtag: 'crk', prefix: [], scope: null }, - { type: 'language', subtag: 'crl', prefix: [], scope: null }, - { type: 'language', subtag: 'crm', prefix: [], scope: null }, - { type: 'language', subtag: 'crn', prefix: [], scope: null }, - { type: 'language', subtag: 'cro', prefix: [], scope: null }, - { type: 'language', subtag: 'crp', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'crq', prefix: [], scope: null }, - { type: 'language', subtag: 'crr', prefix: [], scope: null }, - { type: 'language', subtag: 'crs', prefix: [], scope: null }, - { type: 'language', subtag: 'crt', prefix: [], scope: null }, - { type: 'language', subtag: 'crv', prefix: [], scope: null }, - { type: 'language', subtag: 'crw', prefix: [], scope: null }, - { type: 'language', subtag: 'crx', prefix: [], scope: null }, - { type: 'language', subtag: 'cry', prefix: [], scope: null }, - { type: 'language', subtag: 'crz', prefix: [], scope: null }, - { type: 'language', subtag: 'csa', prefix: [], scope: null }, - { type: 'language', subtag: 'csb', prefix: [], scope: null }, - { type: 'language', subtag: 'csc', prefix: [], scope: null }, - { type: 'language', subtag: 'csd', prefix: [], scope: null }, - { type: 'language', subtag: 'cse', prefix: [], scope: null }, - { type: 'language', subtag: 'csf', prefix: [], scope: null }, - { type: 'language', subtag: 'csg', prefix: [], scope: null }, - { type: 'language', subtag: 'csh', prefix: [], scope: null }, - { type: 'language', subtag: 'csi', prefix: [], scope: null }, - { type: 'language', subtag: 'csj', prefix: [], scope: null }, - { type: 'language', subtag: 'csk', prefix: [], scope: null }, - { type: 'language', subtag: 'csl', prefix: [], scope: null }, - { type: 'language', subtag: 'csm', prefix: [], scope: null }, - { type: 'language', subtag: 'csn', prefix: [], scope: null }, - { type: 'language', subtag: 'cso', prefix: [], scope: null }, - { type: 'language', subtag: 'csp', prefix: [], scope: null }, - { type: 'language', subtag: 'csq', prefix: [], scope: null }, - { type: 'language', subtag: 'csr', prefix: [], scope: null }, - { type: 'language', subtag: 'css', prefix: [], scope: null }, - { type: 'language', subtag: 'cst', prefix: [], scope: null }, - { type: 'language', subtag: 'csu', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'csv', prefix: [], scope: null }, - { type: 'language', subtag: 'csw', prefix: [], scope: null }, - { type: 'language', subtag: 'csx', prefix: [], scope: null }, - { type: 'language', subtag: 'csy', prefix: [], scope: null }, - { type: 'language', subtag: 'csz', prefix: [], scope: null }, - { type: 'language', subtag: 'cta', prefix: [], scope: null }, - { type: 'language', subtag: 'ctc', prefix: [], scope: null }, - { type: 'language', subtag: 'ctd', prefix: [], scope: null }, - { type: 'language', subtag: 'cte', prefix: [], scope: null }, - { type: 'language', subtag: 'ctg', prefix: [], scope: null }, - { type: 'language', subtag: 'cth', prefix: [], scope: null }, - { type: 'language', subtag: 'ctl', prefix: [], scope: null }, - { type: 'language', subtag: 'ctm', prefix: [], scope: null }, - { type: 'language', subtag: 'ctn', prefix: [], scope: null }, - { type: 'language', subtag: 'cto', prefix: [], scope: null }, - { type: 'language', subtag: 'ctp', prefix: [], scope: null }, - { type: 'language', subtag: 'cts', prefix: [], scope: null }, - { type: 'language', subtag: 'ctt', prefix: [], scope: null }, - { type: 'language', subtag: 'ctu', prefix: [], scope: null }, - { type: 'language', subtag: 'cty', prefix: [], scope: null }, - { type: 'language', subtag: 'ctz', prefix: [], scope: null }, - { type: 'language', subtag: 'cua', prefix: [], scope: null }, - { type: 'language', subtag: 'cub', prefix: [], scope: null }, - { type: 'language', subtag: 'cuc', prefix: [], scope: null }, - { type: 'language', subtag: 'cug', prefix: [], scope: null }, - { type: 'language', subtag: 'cuh', prefix: [], scope: null }, - { type: 'language', subtag: 'cui', prefix: [], scope: null }, - { type: 'language', subtag: 'cuj', prefix: [], scope: null }, - { type: 'language', subtag: 'cuk', prefix: [], scope: null }, - { type: 'language', subtag: 'cul', prefix: [], scope: null }, - { type: 'language', subtag: 'cum', prefix: [], scope: null }, - { type: 'language', subtag: 'cuo', prefix: [], scope: null }, - { type: 'language', subtag: 'cup', prefix: [], scope: null }, - { type: 'language', subtag: 'cuq', prefix: [], scope: null }, - { type: 'language', subtag: 'cur', prefix: [], scope: null }, - { type: 'language', subtag: 'cus', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'cut', prefix: [], scope: null }, - { type: 'language', subtag: 'cuu', prefix: [], scope: null }, - { type: 'language', subtag: 'cuv', prefix: [], scope: null }, - { type: 'language', subtag: 'cuw', prefix: [], scope: null }, - { type: 'language', subtag: 'cux', prefix: [], scope: null }, - { type: 'language', subtag: 'cuy', prefix: [], scope: null }, - { type: 'language', subtag: 'cvg', prefix: [], scope: null }, - { type: 'language', subtag: 'cvn', prefix: [], scope: null }, - { type: 'language', subtag: 'cwa', prefix: [], scope: null }, - { type: 'language', subtag: 'cwb', prefix: [], scope: null }, - { type: 'language', subtag: 'cwd', prefix: [], scope: null }, - { type: 'language', subtag: 'cwe', prefix: [], scope: null }, - { type: 'language', subtag: 'cwg', prefix: [], scope: null }, - { type: 'language', subtag: 'cwt', prefix: [], scope: null }, - { type: 'language', subtag: 'cya', prefix: [], scope: null }, - { type: 'language', subtag: 'cyb', prefix: [], scope: null }, - { type: 'language', subtag: 'cyo', prefix: [], scope: null }, - { type: 'language', subtag: 'czh', prefix: [], scope: null }, - { type: 'language', subtag: 'czk', prefix: [], scope: null }, - { type: 'language', subtag: 'czn', prefix: [], scope: null }, - { type: 'language', subtag: 'czo', prefix: [], scope: null }, - { type: 'language', subtag: 'czt', prefix: [], scope: null }, - { type: 'language', subtag: 'daa', prefix: [], scope: null }, - { type: 'language', subtag: 'dac', prefix: [], scope: null }, - { type: 'language', subtag: 'dad', prefix: [], scope: null }, - { type: 'language', subtag: 'dae', prefix: [], scope: null }, - { type: 'language', subtag: 'daf', prefix: [], scope: null }, - { type: 'language', subtag: 'dag', prefix: [], scope: null }, - { type: 'language', subtag: 'dah', prefix: [], scope: null }, - { type: 'language', subtag: 'dai', prefix: [], scope: null }, - { type: 'language', subtag: 'daj', prefix: [], scope: null }, - { type: 'language', subtag: 'dak', prefix: [], scope: null }, - { type: 'language', subtag: 'dal', prefix: [], scope: null }, - { type: 'language', subtag: 'dam', prefix: [], scope: null }, - { type: 'language', subtag: 'dao', prefix: [], scope: null }, - { type: 'language', subtag: 'dap', prefix: [], scope: null }, - { type: 'language', subtag: 'daq', prefix: [], scope: null }, - { type: 'language', subtag: 'dar', prefix: [], scope: null }, - { type: 'language', subtag: 'das', prefix: [], scope: null }, - { type: 'language', subtag: 'dau', prefix: [], scope: null }, - { type: 'language', subtag: 'dav', prefix: [], scope: null }, - { type: 'language', subtag: 'daw', prefix: [], scope: null }, - { type: 'language', subtag: 'dax', prefix: [], scope: null }, - { type: 'language', subtag: 'day', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'daz', prefix: [], scope: null }, - { type: 'language', subtag: 'dba', prefix: [], scope: null }, - { type: 'language', subtag: 'dbb', prefix: [], scope: null }, - { type: 'language', subtag: 'dbd', prefix: [], scope: null }, - { type: 'language', subtag: 'dbe', prefix: [], scope: null }, - { type: 'language', subtag: 'dbf', prefix: [], scope: null }, - { type: 'language', subtag: 'dbg', prefix: [], scope: null }, - { type: 'language', subtag: 'dbi', prefix: [], scope: null }, - { type: 'language', subtag: 'dbj', prefix: [], scope: null }, - { type: 'language', subtag: 'dbl', prefix: [], scope: null }, - { type: 'language', subtag: 'dbm', prefix: [], scope: null }, - { type: 'language', subtag: 'dbn', prefix: [], scope: null }, - { type: 'language', subtag: 'dbo', prefix: [], scope: null }, - { type: 'language', subtag: 'dbp', prefix: [], scope: null }, - { type: 'language', subtag: 'dbq', prefix: [], scope: null }, - { type: 'language', subtag: 'dbr', prefix: [], scope: null }, - { type: 'language', subtag: 'dbt', prefix: [], scope: null }, - { type: 'language', subtag: 'dbu', prefix: [], scope: null }, - { type: 'language', subtag: 'dbv', prefix: [], scope: null }, - { type: 'language', subtag: 'dbw', prefix: [], scope: null }, - { type: 'language', subtag: 'dby', prefix: [], scope: null }, - { type: 'language', subtag: 'dcc', prefix: [], scope: null }, - { type: 'language', subtag: 'dcr', prefix: [], scope: null }, - { type: 'language', subtag: 'dda', prefix: [], scope: null }, - { type: 'language', subtag: 'ddd', prefix: [], scope: null }, - { type: 'language', subtag: 'dde', prefix: [], scope: null }, - { type: 'language', subtag: 'ddg', prefix: [], scope: null }, - { type: 'language', subtag: 'ddi', prefix: [], scope: null }, - { type: 'language', subtag: 'ddj', prefix: [], scope: null }, - { type: 'language', subtag: 'ddn', prefix: [], scope: null }, - { type: 'language', subtag: 'ddo', prefix: [], scope: null }, - { type: 'language', subtag: 'ddr', prefix: [], scope: null }, - { type: 'language', subtag: 'dds', prefix: [], scope: null }, - { type: 'language', subtag: 'ddw', prefix: [], scope: null }, - { type: 'language', subtag: 'dec', prefix: [], scope: null }, - { type: 'language', subtag: 'ded', prefix: [], scope: null }, - { type: 'language', subtag: 'dee', prefix: [], scope: null }, - { type: 'language', subtag: 'def', prefix: [], scope: null }, - { type: 'language', subtag: 'deg', prefix: [], scope: null }, - { type: 'language', subtag: 'deh', prefix: [], scope: null }, - { type: 'language', subtag: 'dei', prefix: [], scope: null }, - { type: 'language', subtag: 'dek', prefix: [], scope: null }, - { type: 'language', subtag: 'del', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'dem', prefix: [], scope: null }, - { type: 'language', subtag: 'den', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'dep', prefix: [], scope: null }, - { type: 'language', subtag: 'deq', prefix: [], scope: null }, - { type: 'language', subtag: 'der', prefix: [], scope: null }, - { type: 'language', subtag: 'des', prefix: [], scope: null }, - { type: 'language', subtag: 'dev', prefix: [], scope: null }, - { type: 'language', subtag: 'dez', prefix: [], scope: null }, - { type: 'language', subtag: 'dga', prefix: [], scope: null }, - { type: 'language', subtag: 'dgb', prefix: [], scope: null }, - { type: 'language', subtag: 'dgc', prefix: [], scope: null }, - { type: 'language', subtag: 'dgd', prefix: [], scope: null }, - { type: 'language', subtag: 'dge', prefix: [], scope: null }, - { type: 'language', subtag: 'dgg', prefix: [], scope: null }, - { type: 'language', subtag: 'dgh', prefix: [], scope: null }, - { type: 'language', subtag: 'dgi', prefix: [], scope: null }, - { type: 'language', subtag: 'dgk', prefix: [], scope: null }, - { type: 'language', subtag: 'dgl', prefix: [], scope: null }, - { type: 'language', subtag: 'dgn', prefix: [], scope: null }, - { type: 'language', subtag: 'dgo', prefix: [], scope: null }, - { type: 'language', subtag: 'dgr', prefix: [], scope: null }, - { type: 'language', subtag: 'dgs', prefix: [], scope: null }, - { type: 'language', subtag: 'dgt', prefix: [], scope: null }, - { type: 'language', subtag: 'dgu', prefix: [], scope: null }, - { type: 'language', subtag: 'dgw', prefix: [], scope: null }, - { type: 'language', subtag: 'dgx', prefix: [], scope: null }, - { type: 'language', subtag: 'dgz', prefix: [], scope: null }, - { type: 'language', subtag: 'dha', prefix: [], scope: null }, - { type: 'language', subtag: 'dhd', prefix: [], scope: null }, - { type: 'language', subtag: 'dhg', prefix: [], scope: null }, - { type: 'language', subtag: 'dhi', prefix: [], scope: null }, - { type: 'language', subtag: 'dhl', prefix: [], scope: null }, - { type: 'language', subtag: 'dhm', prefix: [], scope: null }, - { type: 'language', subtag: 'dhn', prefix: [], scope: null }, - { type: 'language', subtag: 'dho', prefix: [], scope: null }, - { type: 'language', subtag: 'dhr', prefix: [], scope: null }, - { type: 'language', subtag: 'dhs', prefix: [], scope: null }, - { type: 'language', subtag: 'dhu', prefix: [], scope: null }, - { type: 'language', subtag: 'dhv', prefix: [], scope: null }, - { type: 'language', subtag: 'dhw', prefix: [], scope: null }, - { type: 'language', subtag: 'dhx', prefix: [], scope: null }, - { type: 'language', subtag: 'dia', prefix: [], scope: null }, - { type: 'language', subtag: 'dib', prefix: [], scope: null }, - { type: 'language', subtag: 'dic', prefix: [], scope: null }, - { type: 'language', subtag: 'did', prefix: [], scope: null }, - { type: 'language', subtag: 'dif', prefix: [], scope: null }, - { type: 'language', subtag: 'dig', prefix: [], scope: null }, - { type: 'language', subtag: 'dih', prefix: [], scope: null }, - { type: 'language', subtag: 'dii', prefix: [], scope: null }, - { type: 'language', subtag: 'dij', prefix: [], scope: null }, - { type: 'language', subtag: 'dik', prefix: [], scope: null }, - { type: 'language', subtag: 'dil', prefix: [], scope: null }, - { type: 'language', subtag: 'dim', prefix: [], scope: null }, - { type: 'language', subtag: 'din', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'dio', prefix: [], scope: null }, - { type: 'language', subtag: 'dip', prefix: [], scope: null }, - { type: 'language', subtag: 'diq', prefix: [], scope: null }, - { type: 'language', subtag: 'dir', prefix: [], scope: null }, - { type: 'language', subtag: 'dis', prefix: [], scope: null }, - { type: 'language', subtag: 'dit', prefix: [], scope: null }, - { type: 'language', subtag: 'diu', prefix: [], scope: null }, - { type: 'language', subtag: 'diw', prefix: [], scope: null }, - { type: 'language', subtag: 'dix', prefix: [], scope: null }, - { type: 'language', subtag: 'diy', prefix: [], scope: null }, - { type: 'language', subtag: 'diz', prefix: [], scope: null }, - { type: 'language', subtag: 'dja', prefix: [], scope: null }, - { type: 'language', subtag: 'djb', prefix: [], scope: null }, - { type: 'language', subtag: 'djc', prefix: [], scope: null }, - { type: 'language', subtag: 'djd', prefix: [], scope: null }, - { type: 'language', subtag: 'dje', prefix: [], scope: null }, - { type: 'language', subtag: 'djf', prefix: [], scope: null }, - { type: 'language', subtag: 'dji', prefix: [], scope: null }, - { type: 'language', subtag: 'djj', prefix: [], scope: null }, - { type: 'language', subtag: 'djk', prefix: [], scope: null }, - { type: 'language', subtag: 'djl', prefix: [], scope: null }, - { type: 'language', subtag: 'djm', prefix: [], scope: null }, - { type: 'language', subtag: 'djn', prefix: [], scope: null }, - { type: 'language', subtag: 'djo', prefix: [], scope: null }, - { type: 'language', subtag: 'djr', prefix: [], scope: null }, - { type: 'language', subtag: 'dju', prefix: [], scope: null }, - { type: 'language', subtag: 'djw', prefix: [], scope: null }, - { type: 'language', subtag: 'dka', prefix: [], scope: null }, - { type: 'language', subtag: 'dkg', prefix: [], scope: null }, - { type: 'language', subtag: 'dkk', prefix: [], scope: null }, - { type: 'language', subtag: 'dkl', prefix: [], scope: null }, - { type: 'language', subtag: 'dkr', prefix: [], scope: null }, - { type: 'language', subtag: 'dks', prefix: [], scope: null }, - { type: 'language', subtag: 'dkx', prefix: [], scope: null }, - { type: 'language', subtag: 'dlg', prefix: [], scope: null }, - { type: 'language', subtag: 'dlk', prefix: [], scope: null }, - { type: 'language', subtag: 'dlm', prefix: [], scope: null }, - { type: 'language', subtag: 'dln', prefix: [], scope: null }, - { type: 'language', subtag: 'dma', prefix: [], scope: null }, - { type: 'language', subtag: 'dmb', prefix: [], scope: null }, - { type: 'language', subtag: 'dmc', prefix: [], scope: null }, - { type: 'language', subtag: 'dmd', prefix: [], scope: null }, - { type: 'language', subtag: 'dme', prefix: [], scope: null }, - { type: 'language', subtag: 'dmf', prefix: [], scope: null }, - { type: 'language', subtag: 'dmg', prefix: [], scope: null }, - { type: 'language', subtag: 'dmk', prefix: [], scope: null }, - { type: 'language', subtag: 'dml', prefix: [], scope: null }, - { type: 'language', subtag: 'dmm', prefix: [], scope: null }, - { type: 'language', subtag: 'dmn', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'dmo', prefix: [], scope: null }, - { type: 'language', subtag: 'dmr', prefix: [], scope: null }, - { type: 'language', subtag: 'dms', prefix: [], scope: null }, - { type: 'language', subtag: 'dmu', prefix: [], scope: null }, - { type: 'language', subtag: 'dmv', prefix: [], scope: null }, - { type: 'language', subtag: 'dmw', prefix: [], scope: null }, - { type: 'language', subtag: 'dmx', prefix: [], scope: null }, - { type: 'language', subtag: 'dmy', prefix: [], scope: null }, - { type: 'language', subtag: 'dna', prefix: [], scope: null }, - { type: 'language', subtag: 'dnd', prefix: [], scope: null }, - { type: 'language', subtag: 'dne', prefix: [], scope: null }, - { type: 'language', subtag: 'dng', prefix: [], scope: null }, - { type: 'language', subtag: 'dni', prefix: [], scope: null }, - { type: 'language', subtag: 'dnj', prefix: [], scope: null }, - { type: 'language', subtag: 'dnk', prefix: [], scope: null }, - { type: 'language', subtag: 'dnn', prefix: [], scope: null }, - { type: 'language', subtag: 'dno', prefix: [], scope: null }, - { type: 'language', subtag: 'dnr', prefix: [], scope: null }, - { type: 'language', subtag: 'dnt', prefix: [], scope: null }, - { type: 'language', subtag: 'dnu', prefix: [], scope: null }, - { type: 'language', subtag: 'dnv', prefix: [], scope: null }, - { type: 'language', subtag: 'dnw', prefix: [], scope: null }, - { type: 'language', subtag: 'dny', prefix: [], scope: null }, - { type: 'language', subtag: 'doa', prefix: [], scope: null }, - { type: 'language', subtag: 'dob', prefix: [], scope: null }, - { type: 'language', subtag: 'doc', prefix: [], scope: null }, - { type: 'language', subtag: 'doe', prefix: [], scope: null }, - { type: 'language', subtag: 'dof', prefix: [], scope: null }, - { type: 'language', subtag: 'doh', prefix: [], scope: null }, - { type: 'language', subtag: 'doi', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'dok', prefix: [], scope: null }, - { type: 'language', subtag: 'dol', prefix: [], scope: null }, - { type: 'language', subtag: 'don', prefix: [], scope: null }, - { type: 'language', subtag: 'doo', prefix: [], scope: null }, - { type: 'language', subtag: 'dop', prefix: [], scope: null }, - { type: 'language', subtag: 'doq', prefix: [], scope: null }, - { type: 'language', subtag: 'dor', prefix: [], scope: null }, - { type: 'language', subtag: 'dos', prefix: [], scope: null }, - { type: 'language', subtag: 'dot', prefix: [], scope: null }, - { type: 'language', subtag: 'dov', prefix: [], scope: null }, - { type: 'language', subtag: 'dow', prefix: [], scope: null }, - { type: 'language', subtag: 'dox', prefix: [], scope: null }, - { type: 'language', subtag: 'doy', prefix: [], scope: null }, - { type: 'language', subtag: 'doz', prefix: [], scope: null }, - { type: 'language', subtag: 'dpp', prefix: [], scope: null }, - { type: 'language', subtag: 'dra', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'drb', prefix: [], scope: null }, - { type: 'language', subtag: 'drc', prefix: [], scope: null }, - { type: 'language', subtag: 'drd', prefix: [], scope: null }, - { type: 'language', subtag: 'dre', prefix: [], scope: null }, - { type: 'language', subtag: 'drg', prefix: [], scope: null }, - { type: 'language', subtag: 'drh', prefix: [], scope: null }, - { type: 'language', subtag: 'dri', prefix: [], scope: null }, - { type: 'language', subtag: 'drl', prefix: [], scope: null }, - { type: 'language', subtag: 'drn', prefix: [], scope: null }, - { type: 'language', subtag: 'dro', prefix: [], scope: null }, - { type: 'language', subtag: 'drq', prefix: [], scope: null }, - { type: 'language', subtag: 'drr', prefix: [], scope: null }, - { type: 'language', subtag: 'drs', prefix: [], scope: null }, - { type: 'language', subtag: 'drt', prefix: [], scope: null }, - { type: 'language', subtag: 'dru', prefix: [], scope: null }, - { type: 'language', subtag: 'drw', prefix: [], scope: null }, - { type: 'language', subtag: 'dry', prefix: [], scope: null }, - { type: 'language', subtag: 'dsb', prefix: [], scope: null }, - { type: 'language', subtag: 'dse', prefix: [], scope: null }, - { type: 'language', subtag: 'dsh', prefix: [], scope: null }, - { type: 'language', subtag: 'dsi', prefix: [], scope: null }, - { type: 'language', subtag: 'dsl', prefix: [], scope: null }, - { type: 'language', subtag: 'dsn', prefix: [], scope: null }, - { type: 'language', subtag: 'dso', prefix: [], scope: null }, - { type: 'language', subtag: 'dsq', prefix: [], scope: null }, - { type: 'language', subtag: 'dsz', prefix: [], scope: null }, - { type: 'language', subtag: 'dta', prefix: [], scope: null }, - { type: 'language', subtag: 'dtb', prefix: [], scope: null }, - { type: 'language', subtag: 'dtd', prefix: [], scope: null }, - { type: 'language', subtag: 'dth', prefix: [], scope: null }, - { type: 'language', subtag: 'dti', prefix: [], scope: null }, - { type: 'language', subtag: 'dtk', prefix: [], scope: null }, - { type: 'language', subtag: 'dtm', prefix: [], scope: null }, - { type: 'language', subtag: 'dtn', prefix: [], scope: null }, - { type: 'language', subtag: 'dto', prefix: [], scope: null }, - { type: 'language', subtag: 'dtp', prefix: [], scope: null }, - { type: 'language', subtag: 'dtr', prefix: [], scope: null }, - { type: 'language', subtag: 'dts', prefix: [], scope: null }, - { type: 'language', subtag: 'dtt', prefix: [], scope: null }, - { type: 'language', subtag: 'dtu', prefix: [], scope: null }, - { type: 'language', subtag: 'dty', prefix: [], scope: null }, - { type: 'language', subtag: 'dua', prefix: [], scope: null }, - { type: 'language', subtag: 'dub', prefix: [], scope: null }, - { type: 'language', subtag: 'duc', prefix: [], scope: null }, - { type: 'language', subtag: 'dud', prefix: [], scope: null }, - { type: 'language', subtag: 'due', prefix: [], scope: null }, - { type: 'language', subtag: 'duf', prefix: [], scope: null }, - { type: 'language', subtag: 'dug', prefix: [], scope: null }, - { type: 'language', subtag: 'duh', prefix: [], scope: null }, - { type: 'language', subtag: 'dui', prefix: [], scope: null }, - { type: 'language', subtag: 'duj', prefix: [], scope: null }, - { type: 'language', subtag: 'duk', prefix: [], scope: null }, - { type: 'language', subtag: 'dul', prefix: [], scope: null }, - { type: 'language', subtag: 'dum', prefix: [], scope: null }, - { type: 'language', subtag: 'dun', prefix: [], scope: null }, - { type: 'language', subtag: 'duo', prefix: [], scope: null }, - { type: 'language', subtag: 'dup', prefix: [], scope: null }, - { type: 'language', subtag: 'duq', prefix: [], scope: null }, - { type: 'language', subtag: 'dur', prefix: [], scope: null }, - { type: 'language', subtag: 'dus', prefix: [], scope: null }, - { type: 'language', subtag: 'duu', prefix: [], scope: null }, - { type: 'language', subtag: 'duv', prefix: [], scope: null }, - { type: 'language', subtag: 'duw', prefix: [], scope: null }, - { type: 'language', subtag: 'dux', prefix: [], scope: null }, - { type: 'language', subtag: 'duy', prefix: [], scope: null }, - { type: 'language', subtag: 'duz', prefix: [], scope: null }, - { type: 'language', subtag: 'dva', prefix: [], scope: null }, - { type: 'language', subtag: 'dwa', prefix: [], scope: null }, - { type: 'language', subtag: 'dwk', prefix: [], scope: null }, - { type: 'language', subtag: 'dwl', prefix: [], scope: null }, - { type: 'language', subtag: 'dwr', prefix: [], scope: null }, - { type: 'language', subtag: 'dws', prefix: [], scope: null }, - { type: 'language', subtag: 'dwu', prefix: [], scope: null }, - { type: 'language', subtag: 'dww', prefix: [], scope: null }, - { type: 'language', subtag: 'dwy', prefix: [], scope: null }, - { type: 'language', subtag: 'dwz', prefix: [], scope: null }, - { type: 'language', subtag: 'dya', prefix: [], scope: null }, - { type: 'language', subtag: 'dyb', prefix: [], scope: null }, - { type: 'language', subtag: 'dyd', prefix: [], scope: null }, - { type: 'language', subtag: 'dyg', prefix: [], scope: null }, - { type: 'language', subtag: 'dyi', prefix: [], scope: null }, - { type: 'language', subtag: 'dym', prefix: [], scope: null }, - { type: 'language', subtag: 'dyn', prefix: [], scope: null }, - { type: 'language', subtag: 'dyo', prefix: [], scope: null }, - { type: 'language', subtag: 'dyu', prefix: [], scope: null }, - { type: 'language', subtag: 'dyy', prefix: [], scope: null }, - { type: 'language', subtag: 'dza', prefix: [], scope: null }, - { type: 'language', subtag: 'dzd', prefix: [], scope: null }, - { type: 'language', subtag: 'dze', prefix: [], scope: null }, - { type: 'language', subtag: 'dzg', prefix: [], scope: null }, - { type: 'language', subtag: 'dzl', prefix: [], scope: null }, - { type: 'language', subtag: 'dzn', prefix: [], scope: null }, - { type: 'language', subtag: 'eaa', prefix: [], scope: null }, - { type: 'language', subtag: 'ebc', prefix: [], scope: null }, - { type: 'language', subtag: 'ebg', prefix: [], scope: null }, - { type: 'language', subtag: 'ebk', prefix: [], scope: null }, - { type: 'language', subtag: 'ebo', prefix: [], scope: null }, - { type: 'language', subtag: 'ebr', prefix: [], scope: null }, - { type: 'language', subtag: 'ebu', prefix: [], scope: null }, - { type: 'language', subtag: 'ecr', prefix: [], scope: null }, - { type: 'language', subtag: 'ecs', prefix: [], scope: null }, - { type: 'language', subtag: 'ecy', prefix: [], scope: null }, - { type: 'language', subtag: 'eee', prefix: [], scope: null }, - { type: 'language', subtag: 'efa', prefix: [], scope: null }, - { type: 'language', subtag: 'efe', prefix: [], scope: null }, - { type: 'language', subtag: 'efi', prefix: [], scope: null }, - { type: 'language', subtag: 'ega', prefix: [], scope: null }, - { type: 'language', subtag: 'egl', prefix: [], scope: null }, - { type: 'language', subtag: 'egm', prefix: [], scope: null }, - { type: 'language', subtag: 'ego', prefix: [], scope: null }, - { type: 'language', subtag: 'egx', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'egy', prefix: [], scope: null }, - { type: 'language', subtag: 'ehs', prefix: [], scope: null }, - { type: 'language', subtag: 'ehu', prefix: [], scope: null }, - { type: 'language', subtag: 'eip', prefix: [], scope: null }, - { type: 'language', subtag: 'eit', prefix: [], scope: null }, - { type: 'language', subtag: 'eiv', prefix: [], scope: null }, - { type: 'language', subtag: 'eja', prefix: [], scope: null }, - { type: 'language', subtag: 'eka', prefix: [], scope: null }, - { type: 'language', subtag: 'ekc', prefix: [], scope: null }, - { type: 'language', subtag: 'eke', prefix: [], scope: null }, - { type: 'language', subtag: 'ekg', prefix: [], scope: null }, - { type: 'language', subtag: 'eki', prefix: [], scope: null }, - { type: 'language', subtag: 'ekk', prefix: [], scope: null }, - { type: 'language', subtag: 'ekl', prefix: [], scope: null }, - { type: 'language', subtag: 'ekm', prefix: [], scope: null }, - { type: 'language', subtag: 'eko', prefix: [], scope: null }, - { type: 'language', subtag: 'ekp', prefix: [], scope: null }, - { type: 'language', subtag: 'ekr', prefix: [], scope: null }, - { type: 'language', subtag: 'eky', prefix: [], scope: null }, - { type: 'language', subtag: 'ele', prefix: [], scope: null }, - { type: 'language', subtag: 'elh', prefix: [], scope: null }, - { type: 'language', subtag: 'eli', prefix: [], scope: null }, - { type: 'language', subtag: 'elk', prefix: [], scope: null }, - { type: 'language', subtag: 'elm', prefix: [], scope: null }, - { type: 'language', subtag: 'elo', prefix: [], scope: null }, - { type: 'language', subtag: 'elp', prefix: [], scope: null }, - { type: 'language', subtag: 'elu', prefix: [], scope: null }, - { type: 'language', subtag: 'elx', prefix: [], scope: null }, - { type: 'language', subtag: 'ema', prefix: [], scope: null }, - { type: 'language', subtag: 'emb', prefix: [], scope: null }, - { type: 'language', subtag: 'eme', prefix: [], scope: null }, - { type: 'language', subtag: 'emg', prefix: [], scope: null }, - { type: 'language', subtag: 'emi', prefix: [], scope: null }, - { type: 'language', subtag: 'emk', prefix: [], scope: null }, - { type: 'language', subtag: 'emm', prefix: [], scope: null }, - { type: 'language', subtag: 'emn', prefix: [], scope: null }, - { type: 'language', subtag: 'emo', prefix: [], scope: null }, - { type: 'language', subtag: 'emp', prefix: [], scope: null }, - { type: 'language', subtag: 'emq', prefix: [], scope: null }, - { type: 'language', subtag: 'ems', prefix: [], scope: null }, - { type: 'language', subtag: 'emu', prefix: [], scope: null }, - { type: 'language', subtag: 'emw', prefix: [], scope: null }, - { type: 'language', subtag: 'emx', prefix: [], scope: null }, - { type: 'language', subtag: 'emy', prefix: [], scope: null }, - { type: 'language', subtag: 'emz', prefix: [], scope: null }, - { type: 'language', subtag: 'ena', prefix: [], scope: null }, - { type: 'language', subtag: 'enb', prefix: [], scope: null }, - { type: 'language', subtag: 'enc', prefix: [], scope: null }, - { type: 'language', subtag: 'end', prefix: [], scope: null }, - { type: 'language', subtag: 'enf', prefix: [], scope: null }, - { type: 'language', subtag: 'enh', prefix: [], scope: null }, - { type: 'language', subtag: 'enl', prefix: [], scope: null }, - { type: 'language', subtag: 'enm', prefix: [], scope: null }, - { type: 'language', subtag: 'enn', prefix: [], scope: null }, - { type: 'language', subtag: 'eno', prefix: [], scope: null }, - { type: 'language', subtag: 'enq', prefix: [], scope: null }, - { type: 'language', subtag: 'enr', prefix: [], scope: null }, - { type: 'language', subtag: 'enu', prefix: [], scope: null }, - { type: 'language', subtag: 'env', prefix: [], scope: null }, - { type: 'language', subtag: 'enw', prefix: [], scope: null }, - { type: 'language', subtag: 'enx', prefix: [], scope: null }, - { type: 'language', subtag: 'eot', prefix: [], scope: null }, - { type: 'language', subtag: 'epi', prefix: [], scope: null }, - { type: 'language', subtag: 'era', prefix: [], scope: null }, - { type: 'language', subtag: 'erg', prefix: [], scope: null }, - { type: 'language', subtag: 'erh', prefix: [], scope: null }, - { type: 'language', subtag: 'eri', prefix: [], scope: null }, - { type: 'language', subtag: 'erk', prefix: [], scope: null }, - { type: 'language', subtag: 'ero', prefix: [], scope: null }, - { type: 'language', subtag: 'err', prefix: [], scope: null }, - { type: 'language', subtag: 'ers', prefix: [], scope: null }, - { type: 'language', subtag: 'ert', prefix: [], scope: null }, - { type: 'language', subtag: 'erw', prefix: [], scope: null }, - { type: 'language', subtag: 'ese', prefix: [], scope: null }, - { type: 'language', subtag: 'esg', prefix: [], scope: null }, - { type: 'language', subtag: 'esh', prefix: [], scope: null }, - { type: 'language', subtag: 'esi', prefix: [], scope: null }, - { type: 'language', subtag: 'esk', prefix: [], scope: null }, - { type: 'language', subtag: 'esl', prefix: [], scope: null }, - { type: 'language', subtag: 'esm', prefix: [], scope: null }, - { type: 'language', subtag: 'esn', prefix: [], scope: null }, - { type: 'language', subtag: 'eso', prefix: [], scope: null }, - { type: 'language', subtag: 'esq', prefix: [], scope: null }, - { type: 'language', subtag: 'ess', prefix: [], scope: null }, - { type: 'language', subtag: 'esu', prefix: [], scope: null }, - { type: 'language', subtag: 'esx', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'esy', prefix: [], scope: null }, - { type: 'language', subtag: 'etb', prefix: [], scope: null }, - { type: 'language', subtag: 'etc', prefix: [], scope: null }, - { type: 'language', subtag: 'eth', prefix: [], scope: null }, - { type: 'language', subtag: 'etn', prefix: [], scope: null }, - { type: 'language', subtag: 'eto', prefix: [], scope: null }, - { type: 'language', subtag: 'etr', prefix: [], scope: null }, - { type: 'language', subtag: 'ets', prefix: [], scope: null }, - { type: 'language', subtag: 'ett', prefix: [], scope: null }, - { type: 'language', subtag: 'etu', prefix: [], scope: null }, - { type: 'language', subtag: 'etx', prefix: [], scope: null }, - { type: 'language', subtag: 'etz', prefix: [], scope: null }, - { type: 'language', subtag: 'euq', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'eve', prefix: [], scope: null }, - { type: 'language', subtag: 'evh', prefix: [], scope: null }, - { type: 'language', subtag: 'evn', prefix: [], scope: null }, - { type: 'language', subtag: 'ewo', prefix: [], scope: null }, - { type: 'language', subtag: 'ext', prefix: [], scope: null }, - { type: 'language', subtag: 'eya', prefix: [], scope: null }, - { type: 'language', subtag: 'eyo', prefix: [], scope: null }, - { type: 'language', subtag: 'eza', prefix: [], scope: null }, - { type: 'language', subtag: 'eze', prefix: [], scope: null }, - { type: 'language', subtag: 'faa', prefix: [], scope: null }, - { type: 'language', subtag: 'fab', prefix: [], scope: null }, - { type: 'language', subtag: 'fad', prefix: [], scope: null }, - { type: 'language', subtag: 'faf', prefix: [], scope: null }, - { type: 'language', subtag: 'fag', prefix: [], scope: null }, - { type: 'language', subtag: 'fah', prefix: [], scope: null }, - { type: 'language', subtag: 'fai', prefix: [], scope: null }, - { type: 'language', subtag: 'faj', prefix: [], scope: null }, - { type: 'language', subtag: 'fak', prefix: [], scope: null }, - { type: 'language', subtag: 'fal', prefix: [], scope: null }, - { type: 'language', subtag: 'fam', prefix: [], scope: null }, - { type: 'language', subtag: 'fan', prefix: [], scope: null }, - { type: 'language', subtag: 'fap', prefix: [], scope: null }, - { type: 'language', subtag: 'far', prefix: [], scope: null }, - { type: 'language', subtag: 'fat', prefix: [], scope: null }, - { type: 'language', subtag: 'fau', prefix: [], scope: null }, - { type: 'language', subtag: 'fax', prefix: [], scope: null }, - { type: 'language', subtag: 'fay', prefix: [], scope: null }, - { type: 'language', subtag: 'faz', prefix: [], scope: null }, - { type: 'language', subtag: 'fbl', prefix: [], scope: null }, - { type: 'language', subtag: 'fcs', prefix: [], scope: null }, - { type: 'language', subtag: 'fer', prefix: [], scope: null }, - { type: 'language', subtag: 'ffi', prefix: [], scope: null }, - { type: 'language', subtag: 'ffm', prefix: [], scope: null }, - { type: 'language', subtag: 'fgr', prefix: [], scope: null }, - { type: 'language', subtag: 'fia', prefix: [], scope: null }, - { type: 'language', subtag: 'fie', prefix: [], scope: null }, - { type: 'language', subtag: 'fif', prefix: [], scope: null }, - { type: 'language', subtag: 'fil', prefix: [], scope: null }, - { type: 'language', subtag: 'fip', prefix: [], scope: null }, - { type: 'language', subtag: 'fir', prefix: [], scope: null }, - { type: 'language', subtag: 'fit', prefix: [], scope: null }, - { type: 'language', subtag: 'fiu', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'fiw', prefix: [], scope: null }, - { type: 'language', subtag: 'fkk', prefix: [], scope: null }, - { type: 'language', subtag: 'fkv', prefix: [], scope: null }, - { type: 'language', subtag: 'fla', prefix: [], scope: null }, - { type: 'language', subtag: 'flh', prefix: [], scope: null }, - { type: 'language', subtag: 'fli', prefix: [], scope: null }, - { type: 'language', subtag: 'fll', prefix: [], scope: null }, - { type: 'language', subtag: 'fln', prefix: [], scope: null }, - { type: 'language', subtag: 'flr', prefix: [], scope: null }, - { type: 'language', subtag: 'fly', prefix: [], scope: null }, - { type: 'language', subtag: 'fmp', prefix: [], scope: null }, - { type: 'language', subtag: 'fmu', prefix: [], scope: null }, - { type: 'language', subtag: 'fnb', prefix: [], scope: null }, - { type: 'language', subtag: 'fng', prefix: [], scope: null }, - { type: 'language', subtag: 'fni', prefix: [], scope: null }, - { type: 'language', subtag: 'fod', prefix: [], scope: null }, - { type: 'language', subtag: 'foi', prefix: [], scope: null }, - { type: 'language', subtag: 'fom', prefix: [], scope: null }, - { type: 'language', subtag: 'fon', prefix: [], scope: null }, - { type: 'language', subtag: 'for', prefix: [], scope: null }, - { type: 'language', subtag: 'fos', prefix: [], scope: null }, - { type: 'language', subtag: 'fox', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'fpe', prefix: [], scope: null }, - { type: 'language', subtag: 'fqs', prefix: [], scope: null }, - { type: 'language', subtag: 'frc', prefix: [], scope: null }, - { type: 'language', subtag: 'frd', prefix: [], scope: null }, - { type: 'language', subtag: 'frk', prefix: [], scope: null }, - { type: 'language', subtag: 'frm', prefix: [], scope: null }, - { type: 'language', subtag: 'fro', prefix: [], scope: null }, - { type: 'language', subtag: 'frp', prefix: [], scope: null }, - { type: 'language', subtag: 'frq', prefix: [], scope: null }, - { type: 'language', subtag: 'frr', prefix: [], scope: null }, - { type: 'language', subtag: 'frs', prefix: [], scope: null }, - { type: 'language', subtag: 'frt', prefix: [], scope: null }, - { type: 'language', subtag: 'fse', prefix: [], scope: null }, - { type: 'language', subtag: 'fsl', prefix: [], scope: null }, - { type: 'language', subtag: 'fss', prefix: [], scope: null }, - { type: 'language', subtag: 'fub', prefix: [], scope: null }, - { type: 'language', subtag: 'fuc', prefix: [], scope: null }, - { type: 'language', subtag: 'fud', prefix: [], scope: null }, - { type: 'language', subtag: 'fue', prefix: [], scope: null }, - { type: 'language', subtag: 'fuf', prefix: [], scope: null }, - { type: 'language', subtag: 'fuh', prefix: [], scope: null }, - { type: 'language', subtag: 'fui', prefix: [], scope: null }, - { type: 'language', subtag: 'fuj', prefix: [], scope: null }, - { type: 'language', subtag: 'fum', prefix: [], scope: null }, - { type: 'language', subtag: 'fun', prefix: [], scope: null }, - { type: 'language', subtag: 'fuq', prefix: [], scope: null }, - { type: 'language', subtag: 'fur', prefix: [], scope: null }, - { type: 'language', subtag: 'fut', prefix: [], scope: null }, - { type: 'language', subtag: 'fuu', prefix: [], scope: null }, - { type: 'language', subtag: 'fuv', prefix: [], scope: null }, - { type: 'language', subtag: 'fuy', prefix: [], scope: null }, - { type: 'language', subtag: 'fvr', prefix: [], scope: null }, - { type: 'language', subtag: 'fwa', prefix: [], scope: null }, - { type: 'language', subtag: 'fwe', prefix: [], scope: null }, - { type: 'language', subtag: 'gaa', prefix: [], scope: null }, - { type: 'language', subtag: 'gab', prefix: [], scope: null }, - { type: 'language', subtag: 'gac', prefix: [], scope: null }, - { type: 'language', subtag: 'gad', prefix: [], scope: null }, - { type: 'language', subtag: 'gae', prefix: [], scope: null }, - { type: 'language', subtag: 'gaf', prefix: [], scope: null }, - { type: 'language', subtag: 'gag', prefix: [], scope: null }, - { type: 'language', subtag: 'gah', prefix: [], scope: null }, - { type: 'language', subtag: 'gai', prefix: [], scope: null }, - { type: 'language', subtag: 'gaj', prefix: [], scope: null }, - { type: 'language', subtag: 'gak', prefix: [], scope: null }, - { type: 'language', subtag: 'gal', prefix: [], scope: null }, - { type: 'language', subtag: 'gam', prefix: [], scope: null }, - { type: 'language', subtag: 'gan', prefix: [], scope: null }, - { type: 'language', subtag: 'gao', prefix: [], scope: null }, - { type: 'language', subtag: 'gap', prefix: [], scope: null }, - { type: 'language', subtag: 'gaq', prefix: [], scope: null }, - { type: 'language', subtag: 'gar', prefix: [], scope: null }, - { type: 'language', subtag: 'gas', prefix: [], scope: null }, - { type: 'language', subtag: 'gat', prefix: [], scope: null }, - { type: 'language', subtag: 'gau', prefix: [], scope: null }, - { type: 'language', subtag: 'gav', prefix: [], scope: null }, - { type: 'language', subtag: 'gaw', prefix: [], scope: null }, - { type: 'language', subtag: 'gax', prefix: [], scope: null }, - { type: 'language', subtag: 'gay', prefix: [], scope: null }, - { type: 'language', subtag: 'gaz', prefix: [], scope: null }, - { type: 'language', subtag: 'gba', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'gbb', prefix: [], scope: null }, - { type: 'language', subtag: 'gbc', prefix: [], scope: null }, - { type: 'language', subtag: 'gbd', prefix: [], scope: null }, - { type: 'language', subtag: 'gbe', prefix: [], scope: null }, - { type: 'language', subtag: 'gbf', prefix: [], scope: null }, - { type: 'language', subtag: 'gbg', prefix: [], scope: null }, - { type: 'language', subtag: 'gbh', prefix: [], scope: null }, - { type: 'language', subtag: 'gbi', prefix: [], scope: null }, - { type: 'language', subtag: 'gbj', prefix: [], scope: null }, - { type: 'language', subtag: 'gbk', prefix: [], scope: null }, - { type: 'language', subtag: 'gbl', prefix: [], scope: null }, - { type: 'language', subtag: 'gbm', prefix: [], scope: null }, - { type: 'language', subtag: 'gbn', prefix: [], scope: null }, - { type: 'language', subtag: 'gbo', prefix: [], scope: null }, - { type: 'language', subtag: 'gbp', prefix: [], scope: null }, - { type: 'language', subtag: 'gbq', prefix: [], scope: null }, - { type: 'language', subtag: 'gbr', prefix: [], scope: null }, - { type: 'language', subtag: 'gbs', prefix: [], scope: null }, - { type: 'language', subtag: 'gbu', prefix: [], scope: null }, - { type: 'language', subtag: 'gbv', prefix: [], scope: null }, - { type: 'language', subtag: 'gbw', prefix: [], scope: null }, - { type: 'language', subtag: 'gbx', prefix: [], scope: null }, - { type: 'language', subtag: 'gby', prefix: [], scope: null }, - { type: 'language', subtag: 'gbz', prefix: [], scope: null }, - { type: 'language', subtag: 'gcc', prefix: [], scope: null }, - { type: 'language', subtag: 'gcd', prefix: [], scope: null }, - { type: 'language', subtag: 'gce', prefix: [], scope: null }, - { type: 'language', subtag: 'gcf', prefix: [], scope: null }, - { type: 'language', subtag: 'gcl', prefix: [], scope: null }, - { type: 'language', subtag: 'gcn', prefix: [], scope: null }, - { type: 'language', subtag: 'gcr', prefix: [], scope: null }, - { type: 'language', subtag: 'gct', prefix: [], scope: null }, - { type: 'language', subtag: 'gda', prefix: [], scope: null }, - { type: 'language', subtag: 'gdb', prefix: [], scope: null }, - { type: 'language', subtag: 'gdc', prefix: [], scope: null }, - { type: 'language', subtag: 'gdd', prefix: [], scope: null }, - { type: 'language', subtag: 'gde', prefix: [], scope: null }, - { type: 'language', subtag: 'gdf', prefix: [], scope: null }, - { type: 'language', subtag: 'gdg', prefix: [], scope: null }, - { type: 'language', subtag: 'gdh', prefix: [], scope: null }, - { type: 'language', subtag: 'gdi', prefix: [], scope: null }, - { type: 'language', subtag: 'gdj', prefix: [], scope: null }, - { type: 'language', subtag: 'gdk', prefix: [], scope: null }, - { type: 'language', subtag: 'gdl', prefix: [], scope: null }, - { type: 'language', subtag: 'gdm', prefix: [], scope: null }, - { type: 'language', subtag: 'gdn', prefix: [], scope: null }, - { type: 'language', subtag: 'gdo', prefix: [], scope: null }, - { type: 'language', subtag: 'gdq', prefix: [], scope: null }, - { type: 'language', subtag: 'gdr', prefix: [], scope: null }, - { type: 'language', subtag: 'gds', prefix: [], scope: null }, - { type: 'language', subtag: 'gdt', prefix: [], scope: null }, - { type: 'language', subtag: 'gdu', prefix: [], scope: null }, - { type: 'language', subtag: 'gdx', prefix: [], scope: null }, - { type: 'language', subtag: 'gea', prefix: [], scope: null }, - { type: 'language', subtag: 'geb', prefix: [], scope: null }, - { type: 'language', subtag: 'gec', prefix: [], scope: null }, - { type: 'language', subtag: 'ged', prefix: [], scope: null }, - { type: 'language', subtag: 'gef', prefix: [], scope: null }, - { type: 'language', subtag: 'geg', prefix: [], scope: null }, - { type: 'language', subtag: 'geh', prefix: [], scope: null }, - { type: 'language', subtag: 'gei', prefix: [], scope: null }, - { type: 'language', subtag: 'gej', prefix: [], scope: null }, - { type: 'language', subtag: 'gek', prefix: [], scope: null }, - { type: 'language', subtag: 'gel', prefix: [], scope: null }, - { type: 'language', subtag: 'gem', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'geq', prefix: [], scope: null }, - { type: 'language', subtag: 'ges', prefix: [], scope: null }, - { type: 'language', subtag: 'gev', prefix: [], scope: null }, - { type: 'language', subtag: 'gew', prefix: [], scope: null }, - { type: 'language', subtag: 'gex', prefix: [], scope: null }, - { type: 'language', subtag: 'gey', prefix: [], scope: null }, - { type: 'language', subtag: 'gez', prefix: [], scope: null }, - { type: 'language', subtag: 'gfk', prefix: [], scope: null }, - { type: 'language', subtag: 'gft', prefix: [], scope: null }, - { type: 'language', subtag: 'gfx', prefix: [], scope: null }, - { type: 'language', subtag: 'gga', prefix: [], scope: null }, - { type: 'language', subtag: 'ggb', prefix: [], scope: null }, - { type: 'language', subtag: 'ggd', prefix: [], scope: null }, - { type: 'language', subtag: 'gge', prefix: [], scope: null }, - { type: 'language', subtag: 'ggg', prefix: [], scope: null }, - { type: 'language', subtag: 'ggk', prefix: [], scope: null }, - { type: 'language', subtag: 'ggl', prefix: [], scope: null }, - { type: 'language', subtag: 'ggn', prefix: [], scope: null }, - { type: 'language', subtag: 'ggo', prefix: [], scope: null }, - { type: 'language', subtag: 'ggr', prefix: [], scope: null }, - { type: 'language', subtag: 'ggt', prefix: [], scope: null }, - { type: 'language', subtag: 'ggu', prefix: [], scope: null }, - { type: 'language', subtag: 'ggw', prefix: [], scope: null }, - { type: 'language', subtag: 'gha', prefix: [], scope: null }, - { type: 'language', subtag: 'ghc', prefix: [], scope: null }, - { type: 'language', subtag: 'ghe', prefix: [], scope: null }, - { type: 'language', subtag: 'ghh', prefix: [], scope: null }, - { type: 'language', subtag: 'ghk', prefix: [], scope: null }, - { type: 'language', subtag: 'ghl', prefix: [], scope: null }, - { type: 'language', subtag: 'ghn', prefix: [], scope: null }, - { type: 'language', subtag: 'gho', prefix: [], scope: null }, - { type: 'language', subtag: 'ghr', prefix: [], scope: null }, - { type: 'language', subtag: 'ghs', prefix: [], scope: null }, - { type: 'language', subtag: 'ght', prefix: [], scope: null }, - { type: 'language', subtag: 'gia', prefix: [], scope: null }, - { type: 'language', subtag: 'gib', prefix: [], scope: null }, - { type: 'language', subtag: 'gic', prefix: [], scope: null }, - { type: 'language', subtag: 'gid', prefix: [], scope: null }, - { type: 'language', subtag: 'gie', prefix: [], scope: null }, - { type: 'language', subtag: 'gig', prefix: [], scope: null }, - { type: 'language', subtag: 'gih', prefix: [], scope: null }, - { type: 'language', subtag: 'gii', prefix: [], scope: null }, - { type: 'language', subtag: 'gil', prefix: [], scope: null }, - { type: 'language', subtag: 'gim', prefix: [], scope: null }, - { type: 'language', subtag: 'gin', prefix: [], scope: null }, - { type: 'language', subtag: 'gio', prefix: [], scope: null }, - { type: 'language', subtag: 'gip', prefix: [], scope: null }, - { type: 'language', subtag: 'giq', prefix: [], scope: null }, - { type: 'language', subtag: 'gir', prefix: [], scope: null }, - { type: 'language', subtag: 'gis', prefix: [], scope: null }, - { type: 'language', subtag: 'git', prefix: [], scope: null }, - { type: 'language', subtag: 'giu', prefix: [], scope: null }, - { type: 'language', subtag: 'giw', prefix: [], scope: null }, - { type: 'language', subtag: 'gix', prefix: [], scope: null }, - { type: 'language', subtag: 'giy', prefix: [], scope: null }, - { type: 'language', subtag: 'giz', prefix: [], scope: null }, - { type: 'language', subtag: 'gji', prefix: [], scope: null }, - { type: 'language', subtag: 'gjk', prefix: [], scope: null }, - { type: 'language', subtag: 'gjm', prefix: [], scope: null }, - { type: 'language', subtag: 'gjn', prefix: [], scope: null }, - { type: 'language', subtag: 'gjr', prefix: [], scope: null }, - { type: 'language', subtag: 'gju', prefix: [], scope: null }, - { type: 'language', subtag: 'gka', prefix: [], scope: null }, - { type: 'language', subtag: 'gkd', prefix: [], scope: null }, - { type: 'language', subtag: 'gke', prefix: [], scope: null }, - { type: 'language', subtag: 'gkn', prefix: [], scope: null }, - { type: 'language', subtag: 'gko', prefix: [], scope: null }, - { type: 'language', subtag: 'gkp', prefix: [], scope: null }, - { type: 'language', subtag: 'gku', prefix: [], scope: null }, - { type: 'language', subtag: 'glb', prefix: [], scope: null }, - { type: 'language', subtag: 'glc', prefix: [], scope: null }, - { type: 'language', subtag: 'gld', prefix: [], scope: null }, - { type: 'language', subtag: 'glh', prefix: [], scope: null }, - { type: 'language', subtag: 'gli', prefix: [], scope: null }, - { type: 'language', subtag: 'glj', prefix: [], scope: null }, - { type: 'language', subtag: 'glk', prefix: [], scope: null }, - { type: 'language', subtag: 'gll', prefix: [], scope: null }, - { type: 'language', subtag: 'glo', prefix: [], scope: null }, - { type: 'language', subtag: 'glr', prefix: [], scope: null }, - { type: 'language', subtag: 'glu', prefix: [], scope: null }, - { type: 'language', subtag: 'glw', prefix: [], scope: null }, - { type: 'language', subtag: 'gly', prefix: [], scope: null }, - { type: 'language', subtag: 'gma', prefix: [], scope: null }, - { type: 'language', subtag: 'gmb', prefix: [], scope: null }, - { type: 'language', subtag: 'gmd', prefix: [], scope: null }, - { type: 'language', subtag: 'gme', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'gmg', prefix: [], scope: null }, - { type: 'language', subtag: 'gmh', prefix: [], scope: null }, - { type: 'language', subtag: 'gml', prefix: [], scope: null }, - { type: 'language', subtag: 'gmm', prefix: [], scope: null }, - { type: 'language', subtag: 'gmn', prefix: [], scope: null }, - { type: 'language', subtag: 'gmq', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'gmr', prefix: [], scope: null }, - { type: 'language', subtag: 'gmu', prefix: [], scope: null }, - { type: 'language', subtag: 'gmv', prefix: [], scope: null }, - { type: 'language', subtag: 'gmw', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'gmx', prefix: [], scope: null }, - { type: 'language', subtag: 'gmy', prefix: [], scope: null }, - { type: 'language', subtag: 'gmz', prefix: [], scope: null }, - { type: 'language', subtag: 'gna', prefix: [], scope: null }, - { type: 'language', subtag: 'gnb', prefix: [], scope: null }, - { type: 'language', subtag: 'gnc', prefix: [], scope: null }, - { type: 'language', subtag: 'gnd', prefix: [], scope: null }, - { type: 'language', subtag: 'gne', prefix: [], scope: null }, - { type: 'language', subtag: 'gng', prefix: [], scope: null }, - { type: 'language', subtag: 'gnh', prefix: [], scope: null }, - { type: 'language', subtag: 'gni', prefix: [], scope: null }, - { type: 'language', subtag: 'gnj', prefix: [], scope: null }, - { type: 'language', subtag: 'gnk', prefix: [], scope: null }, - { type: 'language', subtag: 'gnl', prefix: [], scope: null }, - { type: 'language', subtag: 'gnm', prefix: [], scope: null }, - { type: 'language', subtag: 'gnn', prefix: [], scope: null }, - { type: 'language', subtag: 'gno', prefix: [], scope: null }, - { type: 'language', subtag: 'gnq', prefix: [], scope: null }, - { type: 'language', subtag: 'gnr', prefix: [], scope: null }, - { type: 'language', subtag: 'gnt', prefix: [], scope: null }, - { type: 'language', subtag: 'gnu', prefix: [], scope: null }, - { type: 'language', subtag: 'gnw', prefix: [], scope: null }, - { type: 'language', subtag: 'gnz', prefix: [], scope: null }, - { type: 'language', subtag: 'goa', prefix: [], scope: null }, - { type: 'language', subtag: 'gob', prefix: [], scope: null }, - { type: 'language', subtag: 'goc', prefix: [], scope: null }, - { type: 'language', subtag: 'god', prefix: [], scope: null }, - { type: 'language', subtag: 'goe', prefix: [], scope: null }, - { type: 'language', subtag: 'gof', prefix: [], scope: null }, - { type: 'language', subtag: 'gog', prefix: [], scope: null }, - { type: 'language', subtag: 'goh', prefix: [], scope: null }, - { type: 'language', subtag: 'goi', prefix: [], scope: null }, - { type: 'language', subtag: 'goj', prefix: [], scope: null }, - { type: 'language', subtag: 'gok', prefix: [], scope: null }, - { type: 'language', subtag: 'gol', prefix: [], scope: null }, - { type: 'language', subtag: 'gom', prefix: [], scope: null }, - { type: 'language', subtag: 'gon', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'goo', prefix: [], scope: null }, - { type: 'language', subtag: 'gop', prefix: [], scope: null }, - { type: 'language', subtag: 'goq', prefix: [], scope: null }, - { type: 'language', subtag: 'gor', prefix: [], scope: null }, - { type: 'language', subtag: 'gos', prefix: [], scope: null }, - { type: 'language', subtag: 'got', prefix: [], scope: null }, - { type: 'language', subtag: 'gou', prefix: [], scope: null }, - { type: 'language', subtag: 'gov', prefix: [], scope: null }, - { type: 'language', subtag: 'gow', prefix: [], scope: null }, - { type: 'language', subtag: 'gox', prefix: [], scope: null }, - { type: 'language', subtag: 'goy', prefix: [], scope: null }, - { type: 'language', subtag: 'goz', prefix: [], scope: null }, - { type: 'language', subtag: 'gpa', prefix: [], scope: null }, - { type: 'language', subtag: 'gpe', prefix: [], scope: null }, - { type: 'language', subtag: 'gpn', prefix: [], scope: null }, - { type: 'language', subtag: 'gqa', prefix: [], scope: null }, - { type: 'language', subtag: 'gqi', prefix: [], scope: null }, - { type: 'language', subtag: 'gqn', prefix: [], scope: null }, - { type: 'language', subtag: 'gqr', prefix: [], scope: null }, - { type: 'language', subtag: 'gqu', prefix: [], scope: null }, - { type: 'language', subtag: 'gra', prefix: [], scope: null }, - { type: 'language', subtag: 'grb', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'grc', prefix: [], scope: null }, - { type: 'language', subtag: 'grd', prefix: [], scope: null }, - { type: 'language', subtag: 'grg', prefix: [], scope: null }, - { type: 'language', subtag: 'grh', prefix: [], scope: null }, - { type: 'language', subtag: 'gri', prefix: [], scope: null }, - { type: 'language', subtag: 'grj', prefix: [], scope: null }, - { type: 'language', subtag: 'grk', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'grm', prefix: [], scope: null }, - { type: 'language', subtag: 'gro', prefix: [], scope: null }, - { type: 'language', subtag: 'grq', prefix: [], scope: null }, - { type: 'language', subtag: 'grr', prefix: [], scope: null }, - { type: 'language', subtag: 'grs', prefix: [], scope: null }, - { type: 'language', subtag: 'grt', prefix: [], scope: null }, - { type: 'language', subtag: 'gru', prefix: [], scope: null }, - { type: 'language', subtag: 'grv', prefix: [], scope: null }, - { type: 'language', subtag: 'grw', prefix: [], scope: null }, - { type: 'language', subtag: 'grx', prefix: [], scope: null }, - { type: 'language', subtag: 'gry', prefix: [], scope: null }, - { type: 'language', subtag: 'grz', prefix: [], scope: null }, - { type: 'language', subtag: 'gse', prefix: [], scope: null }, - { type: 'language', subtag: 'gsg', prefix: [], scope: null }, - { type: 'language', subtag: 'gsl', prefix: [], scope: null }, - { type: 'language', subtag: 'gsm', prefix: [], scope: null }, - { type: 'language', subtag: 'gsn', prefix: [], scope: null }, - { type: 'language', subtag: 'gso', prefix: [], scope: null }, - { type: 'language', subtag: 'gsp', prefix: [], scope: null }, - { type: 'language', subtag: 'gss', prefix: [], scope: null }, - { type: 'language', subtag: 'gsw', prefix: [], scope: null }, - { type: 'language', subtag: 'gta', prefix: [], scope: null }, - { type: 'language', subtag: 'gti', prefix: [], scope: null }, - { type: 'language', subtag: 'gtu', prefix: [], scope: null }, - { type: 'language', subtag: 'gua', prefix: [], scope: null }, - { type: 'language', subtag: 'gub', prefix: [], scope: null }, - { type: 'language', subtag: 'guc', prefix: [], scope: null }, - { type: 'language', subtag: 'gud', prefix: [], scope: null }, - { type: 'language', subtag: 'gue', prefix: [], scope: null }, - { type: 'language', subtag: 'guf', prefix: [], scope: null }, - { type: 'language', subtag: 'gug', prefix: [], scope: null }, - { type: 'language', subtag: 'guh', prefix: [], scope: null }, - { type: 'language', subtag: 'gui', prefix: [], scope: null }, - { type: 'language', subtag: 'guk', prefix: [], scope: null }, - { type: 'language', subtag: 'gul', prefix: [], scope: null }, - { type: 'language', subtag: 'gum', prefix: [], scope: null }, - { type: 'language', subtag: 'gun', prefix: [], scope: null }, - { type: 'language', subtag: 'guo', prefix: [], scope: null }, - { type: 'language', subtag: 'gup', prefix: [], scope: null }, - { type: 'language', subtag: 'guq', prefix: [], scope: null }, - { type: 'language', subtag: 'gur', prefix: [], scope: null }, - { type: 'language', subtag: 'gus', prefix: [], scope: null }, - { type: 'language', subtag: 'gut', prefix: [], scope: null }, - { type: 'language', subtag: 'guu', prefix: [], scope: null }, - { type: 'language', subtag: 'guv', prefix: [], scope: null }, - { type: 'language', subtag: 'guw', prefix: [], scope: null }, - { type: 'language', subtag: 'gux', prefix: [], scope: null }, - { type: 'language', subtag: 'guz', prefix: [], scope: null }, - { type: 'language', subtag: 'gva', prefix: [], scope: null }, - { type: 'language', subtag: 'gvc', prefix: [], scope: null }, - { type: 'language', subtag: 'gve', prefix: [], scope: null }, - { type: 'language', subtag: 'gvf', prefix: [], scope: null }, - { type: 'language', subtag: 'gvj', prefix: [], scope: null }, - { type: 'language', subtag: 'gvl', prefix: [], scope: null }, - { type: 'language', subtag: 'gvm', prefix: [], scope: null }, - { type: 'language', subtag: 'gvn', prefix: [], scope: null }, - { type: 'language', subtag: 'gvo', prefix: [], scope: null }, - { type: 'language', subtag: 'gvp', prefix: [], scope: null }, - { type: 'language', subtag: 'gvr', prefix: [], scope: null }, - { type: 'language', subtag: 'gvs', prefix: [], scope: null }, - { type: 'language', subtag: 'gvy', prefix: [], scope: null }, - { type: 'language', subtag: 'gwa', prefix: [], scope: null }, - { type: 'language', subtag: 'gwb', prefix: [], scope: null }, - { type: 'language', subtag: 'gwc', prefix: [], scope: null }, - { type: 'language', subtag: 'gwd', prefix: [], scope: null }, - { type: 'language', subtag: 'gwe', prefix: [], scope: null }, - { type: 'language', subtag: 'gwf', prefix: [], scope: null }, - { type: 'language', subtag: 'gwg', prefix: [], scope: null }, - { type: 'language', subtag: 'gwi', prefix: [], scope: null }, - { type: 'language', subtag: 'gwj', prefix: [], scope: null }, - { type: 'language', subtag: 'gwm', prefix: [], scope: null }, - { type: 'language', subtag: 'gwn', prefix: [], scope: null }, - { type: 'language', subtag: 'gwr', prefix: [], scope: null }, - { type: 'language', subtag: 'gwt', prefix: [], scope: null }, - { type: 'language', subtag: 'gwu', prefix: [], scope: null }, - { type: 'language', subtag: 'gww', prefix: [], scope: null }, - { type: 'language', subtag: 'gwx', prefix: [], scope: null }, - { type: 'language', subtag: 'gxx', prefix: [], scope: null }, - { type: 'language', subtag: 'gya', prefix: [], scope: null }, - { type: 'language', subtag: 'gyb', prefix: [], scope: null }, - { type: 'language', subtag: 'gyd', prefix: [], scope: null }, - { type: 'language', subtag: 'gye', prefix: [], scope: null }, - { type: 'language', subtag: 'gyf', prefix: [], scope: null }, - { type: 'language', subtag: 'gyg', prefix: [], scope: null }, - { type: 'language', subtag: 'gyi', prefix: [], scope: null }, - { type: 'language', subtag: 'gyl', prefix: [], scope: null }, - { type: 'language', subtag: 'gym', prefix: [], scope: null }, - { type: 'language', subtag: 'gyn', prefix: [], scope: null }, - { type: 'language', subtag: 'gyo', prefix: [], scope: null }, - { type: 'language', subtag: 'gyr', prefix: [], scope: null }, - { type: 'language', subtag: 'gyy', prefix: [], scope: null }, - { type: 'language', subtag: 'gyz', prefix: [], scope: null }, - { type: 'language', subtag: 'gza', prefix: [], scope: null }, - { type: 'language', subtag: 'gzi', prefix: [], scope: null }, - { type: 'language', subtag: 'gzn', prefix: [], scope: null }, - { type: 'language', subtag: 'haa', prefix: [], scope: null }, - { type: 'language', subtag: 'hab', prefix: [], scope: null }, - { type: 'language', subtag: 'hac', prefix: [], scope: null }, - { type: 'language', subtag: 'had', prefix: [], scope: null }, - { type: 'language', subtag: 'hae', prefix: [], scope: null }, - { type: 'language', subtag: 'haf', prefix: [], scope: null }, - { type: 'language', subtag: 'hag', prefix: [], scope: null }, - { type: 'language', subtag: 'hah', prefix: [], scope: null }, - { type: 'language', subtag: 'hai', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'haj', prefix: [], scope: null }, - { type: 'language', subtag: 'hak', prefix: [], scope: null }, - { type: 'language', subtag: 'hal', prefix: [], scope: null }, - { type: 'language', subtag: 'ham', prefix: [], scope: null }, - { type: 'language', subtag: 'han', prefix: [], scope: null }, - { type: 'language', subtag: 'hao', prefix: [], scope: null }, - { type: 'language', subtag: 'hap', prefix: [], scope: null }, - { type: 'language', subtag: 'haq', prefix: [], scope: null }, - { type: 'language', subtag: 'har', prefix: [], scope: null }, - { type: 'language', subtag: 'has', prefix: [], scope: null }, - { type: 'language', subtag: 'hav', prefix: [], scope: null }, - { type: 'language', subtag: 'haw', prefix: [], scope: null }, - { type: 'language', subtag: 'hax', prefix: [], scope: null }, - { type: 'language', subtag: 'hay', prefix: [], scope: null }, - { type: 'language', subtag: 'haz', prefix: [], scope: null }, - { type: 'language', subtag: 'hba', prefix: [], scope: null }, - { type: 'language', subtag: 'hbb', prefix: [], scope: null }, - { type: 'language', subtag: 'hbn', prefix: [], scope: null }, - { type: 'language', subtag: 'hbo', prefix: [], scope: null }, - { type: 'language', subtag: 'hbu', prefix: [], scope: null }, - { type: 'language', subtag: 'hca', prefix: [], scope: null }, - { type: 'language', subtag: 'hch', prefix: [], scope: null }, - { type: 'language', subtag: 'hdn', prefix: [], scope: null }, - { type: 'language', subtag: 'hds', prefix: [], scope: null }, - { type: 'language', subtag: 'hdy', prefix: [], scope: null }, - { type: 'language', subtag: 'hea', prefix: [], scope: null }, - { type: 'language', subtag: 'hed', prefix: [], scope: null }, - { type: 'language', subtag: 'heg', prefix: [], scope: null }, - { type: 'language', subtag: 'heh', prefix: [], scope: null }, - { type: 'language', subtag: 'hei', prefix: [], scope: null }, - { type: 'language', subtag: 'hem', prefix: [], scope: null }, - { type: 'language', subtag: 'hgm', prefix: [], scope: null }, - { type: 'language', subtag: 'hgw', prefix: [], scope: null }, - { type: 'language', subtag: 'hhi', prefix: [], scope: null }, - { type: 'language', subtag: 'hhr', prefix: [], scope: null }, - { type: 'language', subtag: 'hhy', prefix: [], scope: null }, - { type: 'language', subtag: 'hia', prefix: [], scope: null }, - { type: 'language', subtag: 'hib', prefix: [], scope: null }, - { type: 'language', subtag: 'hid', prefix: [], scope: null }, - { type: 'language', subtag: 'hif', prefix: [], scope: null }, - { type: 'language', subtag: 'hig', prefix: [], scope: null }, - { type: 'language', subtag: 'hih', prefix: [], scope: null }, - { type: 'language', subtag: 'hii', prefix: [], scope: null }, - { type: 'language', subtag: 'hij', prefix: [], scope: null }, - { type: 'language', subtag: 'hik', prefix: [], scope: null }, - { type: 'language', subtag: 'hil', prefix: [], scope: null }, - { type: 'language', subtag: 'him', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'hio', prefix: [], scope: null }, - { type: 'language', subtag: 'hir', prefix: [], scope: null }, - { type: 'language', subtag: 'hit', prefix: [], scope: null }, - { type: 'language', subtag: 'hiw', prefix: [], scope: null }, - { type: 'language', subtag: 'hix', prefix: [], scope: null }, - { type: 'language', subtag: 'hji', prefix: [], scope: null }, - { type: 'language', subtag: 'hka', prefix: [], scope: null }, - { type: 'language', subtag: 'hke', prefix: [], scope: null }, - { type: 'language', subtag: 'hkh', prefix: [], scope: null }, - { type: 'language', subtag: 'hkk', prefix: [], scope: null }, - { type: 'language', subtag: 'hkn', prefix: [], scope: null }, - { type: 'language', subtag: 'hks', prefix: [], scope: null }, - { type: 'language', subtag: 'hla', prefix: [], scope: null }, - { type: 'language', subtag: 'hlb', prefix: [], scope: null }, - { type: 'language', subtag: 'hld', prefix: [], scope: null }, - { type: 'language', subtag: 'hle', prefix: [], scope: null }, - { type: 'language', subtag: 'hlt', prefix: [], scope: null }, - { type: 'language', subtag: 'hlu', prefix: [], scope: null }, - { type: 'language', subtag: 'hma', prefix: [], scope: null }, - { type: 'language', subtag: 'hmb', prefix: [], scope: null }, - { type: 'language', subtag: 'hmc', prefix: [], scope: null }, - { type: 'language', subtag: 'hmd', prefix: [], scope: null }, - { type: 'language', subtag: 'hme', prefix: [], scope: null }, - { type: 'language', subtag: 'hmf', prefix: [], scope: null }, - { type: 'language', subtag: 'hmg', prefix: [], scope: null }, - { type: 'language', subtag: 'hmh', prefix: [], scope: null }, - { type: 'language', subtag: 'hmi', prefix: [], scope: null }, - { type: 'language', subtag: 'hmj', prefix: [], scope: null }, - { type: 'language', subtag: 'hmk', prefix: [], scope: null }, - { type: 'language', subtag: 'hml', prefix: [], scope: null }, - { type: 'language', subtag: 'hmm', prefix: [], scope: null }, - { type: 'language', subtag: 'hmn', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'hmp', prefix: [], scope: null }, - { type: 'language', subtag: 'hmq', prefix: [], scope: null }, - { type: 'language', subtag: 'hmr', prefix: [], scope: null }, - { type: 'language', subtag: 'hms', prefix: [], scope: null }, - { type: 'language', subtag: 'hmt', prefix: [], scope: null }, - { type: 'language', subtag: 'hmu', prefix: [], scope: null }, - { type: 'language', subtag: 'hmv', prefix: [], scope: null }, - { type: 'language', subtag: 'hmw', prefix: [], scope: null }, - { type: 'language', subtag: 'hmx', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'hmy', prefix: [], scope: null }, - { type: 'language', subtag: 'hmz', prefix: [], scope: null }, - { type: 'language', subtag: 'hna', prefix: [], scope: null }, - { type: 'language', subtag: 'hnd', prefix: [], scope: null }, - { type: 'language', subtag: 'hne', prefix: [], scope: null }, - { type: 'language', subtag: 'hng', prefix: [], scope: null }, - { type: 'language', subtag: 'hnh', prefix: [], scope: null }, - { type: 'language', subtag: 'hni', prefix: [], scope: null }, - { type: 'language', subtag: 'hnj', prefix: [], scope: null }, - { type: 'language', subtag: 'hnn', prefix: [], scope: null }, - { type: 'language', subtag: 'hno', prefix: [], scope: null }, - { type: 'language', subtag: 'hns', prefix: [], scope: null }, - { type: 'language', subtag: 'hnu', prefix: [], scope: null }, - { type: 'language', subtag: 'hoa', prefix: [], scope: null }, - { type: 'language', subtag: 'hob', prefix: [], scope: null }, - { type: 'language', subtag: 'hoc', prefix: [], scope: null }, - { type: 'language', subtag: 'hod', prefix: [], scope: null }, - { type: 'language', subtag: 'hoe', prefix: [], scope: null }, - { type: 'language', subtag: 'hoh', prefix: [], scope: null }, - { type: 'language', subtag: 'hoi', prefix: [], scope: null }, - { type: 'language', subtag: 'hoj', prefix: [], scope: null }, - { type: 'language', subtag: 'hok', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'hol', prefix: [], scope: null }, - { type: 'language', subtag: 'hom', prefix: [], scope: null }, - { type: 'language', subtag: 'hoo', prefix: [], scope: null }, - { type: 'language', subtag: 'hop', prefix: [], scope: null }, - { type: 'language', subtag: 'hor', prefix: [], scope: null }, - { type: 'language', subtag: 'hos', prefix: [], scope: null }, - { type: 'language', subtag: 'hot', prefix: [], scope: null }, - { type: 'language', subtag: 'hov', prefix: [], scope: null }, - { type: 'language', subtag: 'how', prefix: [], scope: null }, - { type: 'language', subtag: 'hoy', prefix: [], scope: null }, - { type: 'language', subtag: 'hoz', prefix: [], scope: null }, - { type: 'language', subtag: 'hpo', prefix: [], scope: null }, - { type: 'language', subtag: 'hps', prefix: [], scope: null }, - { type: 'language', subtag: 'hra', prefix: [], scope: null }, - { type: 'language', subtag: 'hrc', prefix: [], scope: null }, - { type: 'language', subtag: 'hre', prefix: [], scope: null }, - { type: 'language', subtag: 'hrk', prefix: [], scope: null }, - { type: 'language', subtag: 'hrm', prefix: [], scope: null }, - { type: 'language', subtag: 'hro', prefix: [], scope: null }, - { type: 'language', subtag: 'hrp', prefix: [], scope: null }, - { type: 'language', subtag: 'hrr', prefix: [], scope: null }, - { type: 'language', subtag: 'hrt', prefix: [], scope: null }, - { type: 'language', subtag: 'hru', prefix: [], scope: null }, - { type: 'language', subtag: 'hrw', prefix: [], scope: null }, - { type: 'language', subtag: 'hrx', prefix: [], scope: null }, - { type: 'language', subtag: 'hrz', prefix: [], scope: null }, - { type: 'language', subtag: 'hsb', prefix: [], scope: null }, - { type: 'language', subtag: 'hsh', prefix: [], scope: null }, - { type: 'language', subtag: 'hsl', prefix: [], scope: null }, - { type: 'language', subtag: 'hsn', prefix: [], scope: null }, - { type: 'language', subtag: 'hss', prefix: [], scope: null }, - { type: 'language', subtag: 'hti', prefix: [], scope: null }, - { type: 'language', subtag: 'hto', prefix: [], scope: null }, - { type: 'language', subtag: 'hts', prefix: [], scope: null }, - { type: 'language', subtag: 'htu', prefix: [], scope: null }, - { type: 'language', subtag: 'htx', prefix: [], scope: null }, - { type: 'language', subtag: 'hub', prefix: [], scope: null }, - { type: 'language', subtag: 'huc', prefix: [], scope: null }, - { type: 'language', subtag: 'hud', prefix: [], scope: null }, - { type: 'language', subtag: 'hue', prefix: [], scope: null }, - { type: 'language', subtag: 'huf', prefix: [], scope: null }, - { type: 'language', subtag: 'hug', prefix: [], scope: null }, - { type: 'language', subtag: 'huh', prefix: [], scope: null }, - { type: 'language', subtag: 'hui', prefix: [], scope: null }, - { type: 'language', subtag: 'huj', prefix: [], scope: null }, - { type: 'language', subtag: 'huk', prefix: [], scope: null }, - { type: 'language', subtag: 'hul', prefix: [], scope: null }, - { type: 'language', subtag: 'hum', prefix: [], scope: null }, - { type: 'language', subtag: 'huo', prefix: [], scope: null }, - { type: 'language', subtag: 'hup', prefix: [], scope: null }, - { type: 'language', subtag: 'huq', prefix: [], scope: null }, - { type: 'language', subtag: 'hur', prefix: [], scope: null }, - { type: 'language', subtag: 'hus', prefix: [], scope: null }, - { type: 'language', subtag: 'hut', prefix: [], scope: null }, - { type: 'language', subtag: 'huu', prefix: [], scope: null }, - { type: 'language', subtag: 'huv', prefix: [], scope: null }, - { type: 'language', subtag: 'huw', prefix: [], scope: null }, - { type: 'language', subtag: 'hux', prefix: [], scope: null }, - { type: 'language', subtag: 'huy', prefix: [], scope: null }, - { type: 'language', subtag: 'huz', prefix: [], scope: null }, - { type: 'language', subtag: 'hvc', prefix: [], scope: null }, - { type: 'language', subtag: 'hve', prefix: [], scope: null }, - { type: 'language', subtag: 'hvk', prefix: [], scope: null }, - { type: 'language', subtag: 'hvn', prefix: [], scope: null }, - { type: 'language', subtag: 'hvv', prefix: [], scope: null }, - { type: 'language', subtag: 'hwa', prefix: [], scope: null }, - { type: 'language', subtag: 'hwc', prefix: [], scope: null }, - { type: 'language', subtag: 'hwo', prefix: [], scope: null }, - { type: 'language', subtag: 'hya', prefix: [], scope: null }, - { type: 'language', subtag: 'hyw', prefix: [], scope: null }, - { type: 'language', subtag: 'hyx', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'iai', prefix: [], scope: null }, - { type: 'language', subtag: 'ian', prefix: [], scope: null }, - { type: 'language', subtag: 'iap', prefix: [], scope: null }, - { type: 'language', subtag: 'iar', prefix: [], scope: null }, - { type: 'language', subtag: 'iba', prefix: [], scope: null }, - { type: 'language', subtag: 'ibb', prefix: [], scope: null }, - { type: 'language', subtag: 'ibd', prefix: [], scope: null }, - { type: 'language', subtag: 'ibe', prefix: [], scope: null }, - { type: 'language', subtag: 'ibg', prefix: [], scope: null }, - { type: 'language', subtag: 'ibh', prefix: [], scope: null }, - { type: 'language', subtag: 'ibi', prefix: [], scope: null }, - { type: 'language', subtag: 'ibl', prefix: [], scope: null }, - { type: 'language', subtag: 'ibm', prefix: [], scope: null }, - { type: 'language', subtag: 'ibn', prefix: [], scope: null }, - { type: 'language', subtag: 'ibr', prefix: [], scope: null }, - { type: 'language', subtag: 'ibu', prefix: [], scope: null }, - { type: 'language', subtag: 'iby', prefix: [], scope: null }, - { type: 'language', subtag: 'ica', prefix: [], scope: null }, - { type: 'language', subtag: 'ich', prefix: [], scope: null }, - { type: 'language', subtag: 'icl', prefix: [], scope: null }, - { type: 'language', subtag: 'icr', prefix: [], scope: null }, - { type: 'language', subtag: 'ida', prefix: [], scope: null }, - { type: 'language', subtag: 'idb', prefix: [], scope: null }, - { type: 'language', subtag: 'idc', prefix: [], scope: null }, - { type: 'language', subtag: 'idd', prefix: [], scope: null }, - { type: 'language', subtag: 'ide', prefix: [], scope: null }, - { type: 'language', subtag: 'idi', prefix: [], scope: null }, - { type: 'language', subtag: 'idr', prefix: [], scope: null }, - { type: 'language', subtag: 'ids', prefix: [], scope: null }, - { type: 'language', subtag: 'idt', prefix: [], scope: null }, - { type: 'language', subtag: 'idu', prefix: [], scope: null }, - { type: 'language', subtag: 'ifa', prefix: [], scope: null }, - { type: 'language', subtag: 'ifb', prefix: [], scope: null }, - { type: 'language', subtag: 'ife', prefix: [], scope: null }, - { type: 'language', subtag: 'iff', prefix: [], scope: null }, - { type: 'language', subtag: 'ifk', prefix: [], scope: null }, - { type: 'language', subtag: 'ifm', prefix: [], scope: null }, - { type: 'language', subtag: 'ifu', prefix: [], scope: null }, - { type: 'language', subtag: 'ify', prefix: [], scope: null }, - { type: 'language', subtag: 'igb', prefix: [], scope: null }, - { type: 'language', subtag: 'ige', prefix: [], scope: null }, - { type: 'language', subtag: 'igg', prefix: [], scope: null }, - { type: 'language', subtag: 'igl', prefix: [], scope: null }, - { type: 'language', subtag: 'igm', prefix: [], scope: null }, - { type: 'language', subtag: 'ign', prefix: [], scope: null }, - { type: 'language', subtag: 'igo', prefix: [], scope: null }, - { type: 'language', subtag: 'igs', prefix: [], scope: null }, - { type: 'language', subtag: 'igw', prefix: [], scope: null }, - { type: 'language', subtag: 'ihb', prefix: [], scope: null }, - { type: 'language', subtag: 'ihi', prefix: [], scope: null }, - { type: 'language', subtag: 'ihp', prefix: [], scope: null }, - { type: 'language', subtag: 'ihw', prefix: [], scope: null }, - { type: 'language', subtag: 'iin', prefix: [], scope: null }, - { type: 'language', subtag: 'iir', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'ijc', prefix: [], scope: null }, - { type: 'language', subtag: 'ije', prefix: [], scope: null }, - { type: 'language', subtag: 'ijj', prefix: [], scope: null }, - { type: 'language', subtag: 'ijn', prefix: [], scope: null }, - { type: 'language', subtag: 'ijo', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'ijs', prefix: [], scope: null }, - { type: 'language', subtag: 'ike', prefix: [], scope: null }, - { type: 'language', subtag: 'iki', prefix: [], scope: null }, - { type: 'language', subtag: 'ikk', prefix: [], scope: null }, - { type: 'language', subtag: 'ikl', prefix: [], scope: null }, - { type: 'language', subtag: 'iko', prefix: [], scope: null }, - { type: 'language', subtag: 'ikp', prefix: [], scope: null }, - { type: 'language', subtag: 'ikr', prefix: [], scope: null }, - { type: 'language', subtag: 'iks', prefix: [], scope: null }, - { type: 'language', subtag: 'ikt', prefix: [], scope: null }, - { type: 'language', subtag: 'ikv', prefix: [], scope: null }, - { type: 'language', subtag: 'ikw', prefix: [], scope: null }, - { type: 'language', subtag: 'ikx', prefix: [], scope: null }, - { type: 'language', subtag: 'ikz', prefix: [], scope: null }, - { type: 'language', subtag: 'ila', prefix: [], scope: null }, - { type: 'language', subtag: 'ilb', prefix: [], scope: null }, - { type: 'language', subtag: 'ilg', prefix: [], scope: null }, - { type: 'language', subtag: 'ili', prefix: [], scope: null }, - { type: 'language', subtag: 'ilk', prefix: [], scope: null }, - { type: 'language', subtag: 'ill', prefix: [], scope: null }, - { type: 'language', subtag: 'ilm', prefix: [], scope: null }, - { type: 'language', subtag: 'ilo', prefix: [], scope: null }, - { type: 'language', subtag: 'ilp', prefix: [], scope: null }, - { type: 'language', subtag: 'ils', prefix: [], scope: null }, - { type: 'language', subtag: 'ilu', prefix: [], scope: null }, - { type: 'language', subtag: 'ilv', prefix: [], scope: null }, - { type: 'language', subtag: 'ilw', prefix: [], scope: null }, - { type: 'language', subtag: 'ima', prefix: [], scope: null }, - { type: 'language', subtag: 'ime', prefix: [], scope: null }, - { type: 'language', subtag: 'imi', prefix: [], scope: null }, - { type: 'language', subtag: 'iml', prefix: [], scope: null }, - { type: 'language', subtag: 'imn', prefix: [], scope: null }, - { type: 'language', subtag: 'imo', prefix: [], scope: null }, - { type: 'language', subtag: 'imr', prefix: [], scope: null }, - { type: 'language', subtag: 'ims', prefix: [], scope: null }, - { type: 'language', subtag: 'imt', prefix: [], scope: null }, - { type: 'language', subtag: 'imy', prefix: [], scope: null }, - { type: 'language', subtag: 'inb', prefix: [], scope: null }, - { type: 'language', subtag: 'inc', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'ine', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'ing', prefix: [], scope: null }, - { type: 'language', subtag: 'inh', prefix: [], scope: null }, - { type: 'language', subtag: 'inj', prefix: [], scope: null }, - { type: 'language', subtag: 'inl', prefix: [], scope: null }, - { type: 'language', subtag: 'inm', prefix: [], scope: null }, - { type: 'language', subtag: 'inn', prefix: [], scope: null }, - { type: 'language', subtag: 'ino', prefix: [], scope: null }, - { type: 'language', subtag: 'inp', prefix: [], scope: null }, - { type: 'language', subtag: 'ins', prefix: [], scope: null }, - { type: 'language', subtag: 'int', prefix: [], scope: null }, - { type: 'language', subtag: 'inz', prefix: [], scope: null }, - { type: 'language', subtag: 'ior', prefix: [], scope: null }, - { type: 'language', subtag: 'iou', prefix: [], scope: null }, - { type: 'language', subtag: 'iow', prefix: [], scope: null }, - { type: 'language', subtag: 'ipi', prefix: [], scope: null }, - { type: 'language', subtag: 'ipo', prefix: [], scope: null }, - { type: 'language', subtag: 'iqu', prefix: [], scope: null }, - { type: 'language', subtag: 'iqw', prefix: [], scope: null }, - { type: 'language', subtag: 'ira', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'ire', prefix: [], scope: null }, - { type: 'language', subtag: 'irh', prefix: [], scope: null }, - { type: 'language', subtag: 'iri', prefix: [], scope: null }, - { type: 'language', subtag: 'irk', prefix: [], scope: null }, - { type: 'language', subtag: 'irn', prefix: [], scope: null }, - { type: 'language', subtag: 'iro', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'irr', prefix: [], scope: null }, - { type: 'language', subtag: 'iru', prefix: [], scope: null }, - { type: 'language', subtag: 'irx', prefix: [], scope: null }, - { type: 'language', subtag: 'iry', prefix: [], scope: null }, - { type: 'language', subtag: 'isa', prefix: [], scope: null }, - { type: 'language', subtag: 'isc', prefix: [], scope: null }, - { type: 'language', subtag: 'isd', prefix: [], scope: null }, - { type: 'language', subtag: 'ise', prefix: [], scope: null }, - { type: 'language', subtag: 'isg', prefix: [], scope: null }, - { type: 'language', subtag: 'ish', prefix: [], scope: null }, - { type: 'language', subtag: 'isi', prefix: [], scope: null }, - { type: 'language', subtag: 'isk', prefix: [], scope: null }, - { type: 'language', subtag: 'ism', prefix: [], scope: null }, - { type: 'language', subtag: 'isn', prefix: [], scope: null }, - { type: 'language', subtag: 'iso', prefix: [], scope: null }, - { type: 'language', subtag: 'isr', prefix: [], scope: null }, - { type: 'language', subtag: 'ist', prefix: [], scope: null }, - { type: 'language', subtag: 'isu', prefix: [], scope: null }, - { type: 'language', subtag: 'itb', prefix: [], scope: null }, - { type: 'language', subtag: 'itc', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'itd', prefix: [], scope: null }, - { type: 'language', subtag: 'ite', prefix: [], scope: null }, - { type: 'language', subtag: 'iti', prefix: [], scope: null }, - { type: 'language', subtag: 'itk', prefix: [], scope: null }, - { type: 'language', subtag: 'itl', prefix: [], scope: null }, - { type: 'language', subtag: 'itm', prefix: [], scope: null }, - { type: 'language', subtag: 'ito', prefix: [], scope: null }, - { type: 'language', subtag: 'itr', prefix: [], scope: null }, - { type: 'language', subtag: 'its', prefix: [], scope: null }, - { type: 'language', subtag: 'itt', prefix: [], scope: null }, - { type: 'language', subtag: 'itv', prefix: [], scope: null }, - { type: 'language', subtag: 'itw', prefix: [], scope: null }, - { type: 'language', subtag: 'itx', prefix: [], scope: null }, - { type: 'language', subtag: 'ity', prefix: [], scope: null }, - { type: 'language', subtag: 'itz', prefix: [], scope: null }, - { type: 'language', subtag: 'ium', prefix: [], scope: null }, - { type: 'language', subtag: 'ivb', prefix: [], scope: null }, - { type: 'language', subtag: 'ivv', prefix: [], scope: null }, - { type: 'language', subtag: 'iwk', prefix: [], scope: null }, - { type: 'language', subtag: 'iwm', prefix: [], scope: null }, - { type: 'language', subtag: 'iwo', prefix: [], scope: null }, - { type: 'language', subtag: 'iws', prefix: [], scope: null }, - { type: 'language', subtag: 'ixc', prefix: [], scope: null }, - { type: 'language', subtag: 'ixl', prefix: [], scope: null }, - { type: 'language', subtag: 'iya', prefix: [], scope: null }, - { type: 'language', subtag: 'iyo', prefix: [], scope: null }, - { type: 'language', subtag: 'iyx', prefix: [], scope: null }, - { type: 'language', subtag: 'izh', prefix: [], scope: null }, - { type: 'language', subtag: 'izi', prefix: [], scope: null }, - { type: 'language', subtag: 'izr', prefix: [], scope: null }, - { type: 'language', subtag: 'izz', prefix: [], scope: null }, - { type: 'language', subtag: 'jaa', prefix: [], scope: null }, - { type: 'language', subtag: 'jab', prefix: [], scope: null }, - { type: 'language', subtag: 'jac', prefix: [], scope: null }, - { type: 'language', subtag: 'jad', prefix: [], scope: null }, - { type: 'language', subtag: 'jae', prefix: [], scope: null }, - { type: 'language', subtag: 'jaf', prefix: [], scope: null }, - { type: 'language', subtag: 'jah', prefix: [], scope: null }, - { type: 'language', subtag: 'jaj', prefix: [], scope: null }, - { type: 'language', subtag: 'jak', prefix: [], scope: null }, - { type: 'language', subtag: 'jal', prefix: [], scope: null }, - { type: 'language', subtag: 'jam', prefix: [], scope: null }, - { type: 'language', subtag: 'jan', prefix: [], scope: null }, - { type: 'language', subtag: 'jao', prefix: [], scope: null }, - { type: 'language', subtag: 'jaq', prefix: [], scope: null }, - { type: 'language', subtag: 'jar', prefix: [], scope: null }, - { type: 'language', subtag: 'jas', prefix: [], scope: null }, - { type: 'language', subtag: 'jat', prefix: [], scope: null }, - { type: 'language', subtag: 'jau', prefix: [], scope: null }, - { type: 'language', subtag: 'jax', prefix: [], scope: null }, - { type: 'language', subtag: 'jay', prefix: [], scope: null }, - { type: 'language', subtag: 'jaz', prefix: [], scope: null }, - { type: 'language', subtag: 'jbe', prefix: [], scope: null }, - { type: 'language', subtag: 'jbi', prefix: [], scope: null }, - { type: 'language', subtag: 'jbj', prefix: [], scope: null }, - { type: 'language', subtag: 'jbk', prefix: [], scope: null }, - { type: 'language', subtag: 'jbm', prefix: [], scope: null }, - { type: 'language', subtag: 'jbn', prefix: [], scope: null }, - { type: 'language', subtag: 'jbo', prefix: [], scope: null }, - { type: 'language', subtag: 'jbr', prefix: [], scope: null }, - { type: 'language', subtag: 'jbt', prefix: [], scope: null }, - { type: 'language', subtag: 'jbu', prefix: [], scope: null }, - { type: 'language', subtag: 'jbw', prefix: [], scope: null }, - { type: 'language', subtag: 'jcs', prefix: [], scope: null }, - { type: 'language', subtag: 'jct', prefix: [], scope: null }, - { type: 'language', subtag: 'jda', prefix: [], scope: null }, - { type: 'language', subtag: 'jdg', prefix: [], scope: null }, - { type: 'language', subtag: 'jdt', prefix: [], scope: null }, - { type: 'language', subtag: 'jeb', prefix: [], scope: null }, - { type: 'language', subtag: 'jee', prefix: [], scope: null }, - { type: 'language', subtag: 'jeg', prefix: [], scope: null }, - { type: 'language', subtag: 'jeh', prefix: [], scope: null }, - { type: 'language', subtag: 'jei', prefix: [], scope: null }, - { type: 'language', subtag: 'jek', prefix: [], scope: null }, - { type: 'language', subtag: 'jel', prefix: [], scope: null }, - { type: 'language', subtag: 'jen', prefix: [], scope: null }, - { type: 'language', subtag: 'jer', prefix: [], scope: null }, - { type: 'language', subtag: 'jet', prefix: [], scope: null }, - { type: 'language', subtag: 'jeu', prefix: [], scope: null }, - { type: 'language', subtag: 'jgb', prefix: [], scope: null }, - { type: 'language', subtag: 'jge', prefix: [], scope: null }, - { type: 'language', subtag: 'jgk', prefix: [], scope: null }, - { type: 'language', subtag: 'jgo', prefix: [], scope: null }, - { type: 'language', subtag: 'jhi', prefix: [], scope: null }, - { type: 'language', subtag: 'jhs', prefix: [], scope: null }, - { type: 'language', subtag: 'jia', prefix: [], scope: null }, - { type: 'language', subtag: 'jib', prefix: [], scope: null }, - { type: 'language', subtag: 'jic', prefix: [], scope: null }, - { type: 'language', subtag: 'jid', prefix: [], scope: null }, - { type: 'language', subtag: 'jie', prefix: [], scope: null }, - { type: 'language', subtag: 'jig', prefix: [], scope: null }, - { type: 'language', subtag: 'jih', prefix: [], scope: null }, - { type: 'language', subtag: 'jii', prefix: [], scope: null }, - { type: 'language', subtag: 'jil', prefix: [], scope: null }, - { type: 'language', subtag: 'jim', prefix: [], scope: null }, - { type: 'language', subtag: 'jio', prefix: [], scope: null }, - { type: 'language', subtag: 'jiq', prefix: [], scope: null }, - { type: 'language', subtag: 'jit', prefix: [], scope: null }, - { type: 'language', subtag: 'jiu', prefix: [], scope: null }, - { type: 'language', subtag: 'jiv', prefix: [], scope: null }, - { type: 'language', subtag: 'jiy', prefix: [], scope: null }, - { type: 'language', subtag: 'jje', prefix: [], scope: null }, - { type: 'language', subtag: 'jjr', prefix: [], scope: null }, - { type: 'language', subtag: 'jka', prefix: [], scope: null }, - { type: 'language', subtag: 'jkm', prefix: [], scope: null }, - { type: 'language', subtag: 'jko', prefix: [], scope: null }, - { type: 'language', subtag: 'jkp', prefix: [], scope: null }, - { type: 'language', subtag: 'jkr', prefix: [], scope: null }, - { type: 'language', subtag: 'jks', prefix: [], scope: null }, - { type: 'language', subtag: 'jku', prefix: [], scope: null }, - { type: 'language', subtag: 'jle', prefix: [], scope: null }, - { type: 'language', subtag: 'jls', prefix: [], scope: null }, - { type: 'language', subtag: 'jma', prefix: [], scope: null }, - { type: 'language', subtag: 'jmb', prefix: [], scope: null }, - { type: 'language', subtag: 'jmc', prefix: [], scope: null }, - { type: 'language', subtag: 'jmd', prefix: [], scope: null }, - { type: 'language', subtag: 'jmi', prefix: [], scope: null }, - { type: 'language', subtag: 'jml', prefix: [], scope: null }, - { type: 'language', subtag: 'jmn', prefix: [], scope: null }, - { type: 'language', subtag: 'jmr', prefix: [], scope: null }, - { type: 'language', subtag: 'jms', prefix: [], scope: null }, - { type: 'language', subtag: 'jmw', prefix: [], scope: null }, - { type: 'language', subtag: 'jmx', prefix: [], scope: null }, - { type: 'language', subtag: 'jna', prefix: [], scope: null }, - { type: 'language', subtag: 'jnd', prefix: [], scope: null }, - { type: 'language', subtag: 'jng', prefix: [], scope: null }, - { type: 'language', subtag: 'jni', prefix: [], scope: null }, - { type: 'language', subtag: 'jnj', prefix: [], scope: null }, - { type: 'language', subtag: 'jnl', prefix: [], scope: null }, - { type: 'language', subtag: 'jns', prefix: [], scope: null }, - { type: 'language', subtag: 'job', prefix: [], scope: null }, - { type: 'language', subtag: 'jod', prefix: [], scope: null }, - { type: 'language', subtag: 'jog', prefix: [], scope: null }, - { type: 'language', subtag: 'jor', prefix: [], scope: null }, - { type: 'language', subtag: 'jos', prefix: [], scope: null }, - { type: 'language', subtag: 'jow', prefix: [], scope: null }, - { type: 'language', subtag: 'jpa', prefix: [], scope: null }, - { type: 'language', subtag: 'jpr', prefix: [], scope: null }, - { type: 'language', subtag: 'jpx', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'jqr', prefix: [], scope: null }, - { type: 'language', subtag: 'jra', prefix: [], scope: null }, - { type: 'language', subtag: 'jrb', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'jrr', prefix: [], scope: null }, - { type: 'language', subtag: 'jrt', prefix: [], scope: null }, - { type: 'language', subtag: 'jru', prefix: [], scope: null }, - { type: 'language', subtag: 'jsl', prefix: [], scope: null }, - { type: 'language', subtag: 'jua', prefix: [], scope: null }, - { type: 'language', subtag: 'jub', prefix: [], scope: null }, - { type: 'language', subtag: 'juc', prefix: [], scope: null }, - { type: 'language', subtag: 'jud', prefix: [], scope: null }, - { type: 'language', subtag: 'juh', prefix: [], scope: null }, - { type: 'language', subtag: 'jui', prefix: [], scope: null }, - { type: 'language', subtag: 'juk', prefix: [], scope: null }, - { type: 'language', subtag: 'jul', prefix: [], scope: null }, - { type: 'language', subtag: 'jum', prefix: [], scope: null }, - { type: 'language', subtag: 'jun', prefix: [], scope: null }, - { type: 'language', subtag: 'juo', prefix: [], scope: null }, - { type: 'language', subtag: 'jup', prefix: [], scope: null }, - { type: 'language', subtag: 'jur', prefix: [], scope: null }, - { type: 'language', subtag: 'jus', prefix: [], scope: null }, - { type: 'language', subtag: 'jut', prefix: [], scope: null }, - { type: 'language', subtag: 'juu', prefix: [], scope: null }, - { type: 'language', subtag: 'juw', prefix: [], scope: null }, - { type: 'language', subtag: 'juy', prefix: [], scope: null }, - { type: 'language', subtag: 'jvd', prefix: [], scope: null }, - { type: 'language', subtag: 'jvn', prefix: [], scope: null }, - { type: 'language', subtag: 'jwi', prefix: [], scope: null }, - { type: 'language', subtag: 'jya', prefix: [], scope: null }, - { type: 'language', subtag: 'jye', prefix: [], scope: null }, - { type: 'language', subtag: 'jyy', prefix: [], scope: null }, - { type: 'language', subtag: 'kaa', prefix: [], scope: null }, - { type: 'language', subtag: 'kab', prefix: [], scope: null }, - { type: 'language', subtag: 'kac', prefix: [], scope: null }, - { type: 'language', subtag: 'kad', prefix: [], scope: null }, - { type: 'language', subtag: 'kae', prefix: [], scope: null }, - { type: 'language', subtag: 'kaf', prefix: [], scope: null }, - { type: 'language', subtag: 'kag', prefix: [], scope: null }, - { type: 'language', subtag: 'kah', prefix: [], scope: null }, - { type: 'language', subtag: 'kai', prefix: [], scope: null }, - { type: 'language', subtag: 'kaj', prefix: [], scope: null }, - { type: 'language', subtag: 'kak', prefix: [], scope: null }, - { type: 'language', subtag: 'kam', prefix: [], scope: null }, - { type: 'language', subtag: 'kao', prefix: [], scope: null }, - { type: 'language', subtag: 'kap', prefix: [], scope: null }, - { type: 'language', subtag: 'kaq', prefix: [], scope: null }, - { type: 'language', subtag: 'kar', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'kav', prefix: [], scope: null }, - { type: 'language', subtag: 'kaw', prefix: [], scope: null }, - { type: 'language', subtag: 'kax', prefix: [], scope: null }, - { type: 'language', subtag: 'kay', prefix: [], scope: null }, - { type: 'language', subtag: 'kba', prefix: [], scope: null }, - { type: 'language', subtag: 'kbb', prefix: [], scope: null }, - { type: 'language', subtag: 'kbc', prefix: [], scope: null }, - { type: 'language', subtag: 'kbd', prefix: [], scope: null }, - { type: 'language', subtag: 'kbe', prefix: [], scope: null }, - { type: 'language', subtag: 'kbf', prefix: [], scope: null }, - { type: 'language', subtag: 'kbg', prefix: [], scope: null }, - { type: 'language', subtag: 'kbh', prefix: [], scope: null }, - { type: 'language', subtag: 'kbi', prefix: [], scope: null }, - { type: 'language', subtag: 'kbj', prefix: [], scope: null }, - { type: 'language', subtag: 'kbk', prefix: [], scope: null }, - { type: 'language', subtag: 'kbl', prefix: [], scope: null }, - { type: 'language', subtag: 'kbm', prefix: [], scope: null }, - { type: 'language', subtag: 'kbn', prefix: [], scope: null }, - { type: 'language', subtag: 'kbo', prefix: [], scope: null }, - { type: 'language', subtag: 'kbp', prefix: [], scope: null }, - { type: 'language', subtag: 'kbq', prefix: [], scope: null }, - { type: 'language', subtag: 'kbr', prefix: [], scope: null }, - { type: 'language', subtag: 'kbs', prefix: [], scope: null }, - { type: 'language', subtag: 'kbt', prefix: [], scope: null }, - { type: 'language', subtag: 'kbu', prefix: [], scope: null }, - { type: 'language', subtag: 'kbv', prefix: [], scope: null }, - { type: 'language', subtag: 'kbw', prefix: [], scope: null }, - { type: 'language', subtag: 'kbx', prefix: [], scope: null }, - { type: 'language', subtag: 'kby', prefix: [], scope: null }, - { type: 'language', subtag: 'kbz', prefix: [], scope: null }, - { type: 'language', subtag: 'kca', prefix: [], scope: null }, - { type: 'language', subtag: 'kcb', prefix: [], scope: null }, - { type: 'language', subtag: 'kcc', prefix: [], scope: null }, - { type: 'language', subtag: 'kcd', prefix: [], scope: null }, - { type: 'language', subtag: 'kce', prefix: [], scope: null }, - { type: 'language', subtag: 'kcf', prefix: [], scope: null }, - { type: 'language', subtag: 'kcg', prefix: [], scope: null }, - { type: 'language', subtag: 'kch', prefix: [], scope: null }, - { type: 'language', subtag: 'kci', prefix: [], scope: null }, - { type: 'language', subtag: 'kcj', prefix: [], scope: null }, - { type: 'language', subtag: 'kck', prefix: [], scope: null }, - { type: 'language', subtag: 'kcl', prefix: [], scope: null }, - { type: 'language', subtag: 'kcm', prefix: [], scope: null }, - { type: 'language', subtag: 'kcn', prefix: [], scope: null }, - { type: 'language', subtag: 'kco', prefix: [], scope: null }, - { type: 'language', subtag: 'kcp', prefix: [], scope: null }, - { type: 'language', subtag: 'kcq', prefix: [], scope: null }, - { type: 'language', subtag: 'kcr', prefix: [], scope: null }, - { type: 'language', subtag: 'kcs', prefix: [], scope: null }, - { type: 'language', subtag: 'kct', prefix: [], scope: null }, - { type: 'language', subtag: 'kcu', prefix: [], scope: null }, - { type: 'language', subtag: 'kcv', prefix: [], scope: null }, - { type: 'language', subtag: 'kcw', prefix: [], scope: null }, - { type: 'language', subtag: 'kcx', prefix: [], scope: null }, - { type: 'language', subtag: 'kcy', prefix: [], scope: null }, - { type: 'language', subtag: 'kcz', prefix: [], scope: null }, - { type: 'language', subtag: 'kda', prefix: [], scope: null }, - { type: 'language', subtag: 'kdc', prefix: [], scope: null }, - { type: 'language', subtag: 'kdd', prefix: [], scope: null }, - { type: 'language', subtag: 'kde', prefix: [], scope: null }, - { type: 'language', subtag: 'kdf', prefix: [], scope: null }, - { type: 'language', subtag: 'kdg', prefix: [], scope: null }, - { type: 'language', subtag: 'kdh', prefix: [], scope: null }, - { type: 'language', subtag: 'kdi', prefix: [], scope: null }, - { type: 'language', subtag: 'kdj', prefix: [], scope: null }, - { type: 'language', subtag: 'kdk', prefix: [], scope: null }, - { type: 'language', subtag: 'kdl', prefix: [], scope: null }, - { type: 'language', subtag: 'kdm', prefix: [], scope: null }, - { type: 'language', subtag: 'kdn', prefix: [], scope: null }, - { type: 'language', subtag: 'kdo', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'kdp', prefix: [], scope: null }, - { type: 'language', subtag: 'kdq', prefix: [], scope: null }, - { type: 'language', subtag: 'kdr', prefix: [], scope: null }, - { type: 'language', subtag: 'kdt', prefix: [], scope: null }, - { type: 'language', subtag: 'kdu', prefix: [], scope: null }, - { type: 'language', subtag: 'kdv', prefix: [], scope: null }, - { type: 'language', subtag: 'kdw', prefix: [], scope: null }, - { type: 'language', subtag: 'kdx', prefix: [], scope: null }, - { type: 'language', subtag: 'kdy', prefix: [], scope: null }, - { type: 'language', subtag: 'kdz', prefix: [], scope: null }, - { type: 'language', subtag: 'kea', prefix: [], scope: null }, - { type: 'language', subtag: 'keb', prefix: [], scope: null }, - { type: 'language', subtag: 'kec', prefix: [], scope: null }, - { type: 'language', subtag: 'ked', prefix: [], scope: null }, - { type: 'language', subtag: 'kee', prefix: [], scope: null }, - { type: 'language', subtag: 'kef', prefix: [], scope: null }, - { type: 'language', subtag: 'keg', prefix: [], scope: null }, - { type: 'language', subtag: 'keh', prefix: [], scope: null }, - { type: 'language', subtag: 'kei', prefix: [], scope: null }, - { type: 'language', subtag: 'kej', prefix: [], scope: null }, - { type: 'language', subtag: 'kek', prefix: [], scope: null }, - { type: 'language', subtag: 'kel', prefix: [], scope: null }, - { type: 'language', subtag: 'kem', prefix: [], scope: null }, - { type: 'language', subtag: 'ken', prefix: [], scope: null }, - { type: 'language', subtag: 'keo', prefix: [], scope: null }, - { type: 'language', subtag: 'kep', prefix: [], scope: null }, - { type: 'language', subtag: 'keq', prefix: [], scope: null }, - { type: 'language', subtag: 'ker', prefix: [], scope: null }, - { type: 'language', subtag: 'kes', prefix: [], scope: null }, - { type: 'language', subtag: 'ket', prefix: [], scope: null }, - { type: 'language', subtag: 'keu', prefix: [], scope: null }, - { type: 'language', subtag: 'kev', prefix: [], scope: null }, - { type: 'language', subtag: 'kew', prefix: [], scope: null }, - { type: 'language', subtag: 'kex', prefix: [], scope: null }, - { type: 'language', subtag: 'key', prefix: [], scope: null }, - { type: 'language', subtag: 'kez', prefix: [], scope: null }, - { type: 'language', subtag: 'kfa', prefix: [], scope: null }, - { type: 'language', subtag: 'kfb', prefix: [], scope: null }, - { type: 'language', subtag: 'kfc', prefix: [], scope: null }, - { type: 'language', subtag: 'kfd', prefix: [], scope: null }, - { type: 'language', subtag: 'kfe', prefix: [], scope: null }, - { type: 'language', subtag: 'kff', prefix: [], scope: null }, - { type: 'language', subtag: 'kfg', prefix: [], scope: null }, - { type: 'language', subtag: 'kfh', prefix: [], scope: null }, - { type: 'language', subtag: 'kfi', prefix: [], scope: null }, - { type: 'language', subtag: 'kfj', prefix: [], scope: null }, - { type: 'language', subtag: 'kfk', prefix: [], scope: null }, - { type: 'language', subtag: 'kfl', prefix: [], scope: null }, - { type: 'language', subtag: 'kfm', prefix: [], scope: null }, - { type: 'language', subtag: 'kfn', prefix: [], scope: null }, - { type: 'language', subtag: 'kfo', prefix: [], scope: null }, - { type: 'language', subtag: 'kfp', prefix: [], scope: null }, - { type: 'language', subtag: 'kfq', prefix: [], scope: null }, - { type: 'language', subtag: 'kfr', prefix: [], scope: null }, - { type: 'language', subtag: 'kfs', prefix: [], scope: null }, - { type: 'language', subtag: 'kft', prefix: [], scope: null }, - { type: 'language', subtag: 'kfu', prefix: [], scope: null }, - { type: 'language', subtag: 'kfv', prefix: [], scope: null }, - { type: 'language', subtag: 'kfw', prefix: [], scope: null }, - { type: 'language', subtag: 'kfx', prefix: [], scope: null }, - { type: 'language', subtag: 'kfy', prefix: [], scope: null }, - { type: 'language', subtag: 'kfz', prefix: [], scope: null }, - { type: 'language', subtag: 'kga', prefix: [], scope: null }, - { type: 'language', subtag: 'kgb', prefix: [], scope: null }, - { type: 'language', subtag: 'kgc', prefix: [], scope: null }, - { type: 'language', subtag: 'kgd', prefix: [], scope: null }, - { type: 'language', subtag: 'kge', prefix: [], scope: null }, - { type: 'language', subtag: 'kgf', prefix: [], scope: null }, - { type: 'language', subtag: 'kgg', prefix: [], scope: null }, - { type: 'language', subtag: 'kgh', prefix: [], scope: null }, - { type: 'language', subtag: 'kgi', prefix: [], scope: null }, - { type: 'language', subtag: 'kgj', prefix: [], scope: null }, - { type: 'language', subtag: 'kgk', prefix: [], scope: null }, - { type: 'language', subtag: 'kgl', prefix: [], scope: null }, - { type: 'language', subtag: 'kgm', prefix: [], scope: null }, - { type: 'language', subtag: 'kgn', prefix: [], scope: null }, - { type: 'language', subtag: 'kgo', prefix: [], scope: null }, - { type: 'language', subtag: 'kgp', prefix: [], scope: null }, - { type: 'language', subtag: 'kgq', prefix: [], scope: null }, - { type: 'language', subtag: 'kgr', prefix: [], scope: null }, - { type: 'language', subtag: 'kgs', prefix: [], scope: null }, - { type: 'language', subtag: 'kgt', prefix: [], scope: null }, - { type: 'language', subtag: 'kgu', prefix: [], scope: null }, - { type: 'language', subtag: 'kgv', prefix: [], scope: null }, - { type: 'language', subtag: 'kgw', prefix: [], scope: null }, - { type: 'language', subtag: 'kgx', prefix: [], scope: null }, - { type: 'language', subtag: 'kgy', prefix: [], scope: null }, - { type: 'language', subtag: 'kha', prefix: [], scope: null }, - { type: 'language', subtag: 'khb', prefix: [], scope: null }, - { type: 'language', subtag: 'khc', prefix: [], scope: null }, - { type: 'language', subtag: 'khd', prefix: [], scope: null }, - { type: 'language', subtag: 'khe', prefix: [], scope: null }, - { type: 'language', subtag: 'khf', prefix: [], scope: null }, - { type: 'language', subtag: 'khg', prefix: [], scope: null }, - { type: 'language', subtag: 'khh', prefix: [], scope: null }, - { type: 'language', subtag: 'khi', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'khj', prefix: [], scope: null }, - { type: 'language', subtag: 'khk', prefix: [], scope: null }, - { type: 'language', subtag: 'khl', prefix: [], scope: null }, - { type: 'language', subtag: 'khn', prefix: [], scope: null }, - { type: 'language', subtag: 'kho', prefix: [], scope: null }, - { type: 'language', subtag: 'khp', prefix: [], scope: null }, - { type: 'language', subtag: 'khq', prefix: [], scope: null }, - { type: 'language', subtag: 'khr', prefix: [], scope: null }, - { type: 'language', subtag: 'khs', prefix: [], scope: null }, - { type: 'language', subtag: 'kht', prefix: [], scope: null }, - { type: 'language', subtag: 'khu', prefix: [], scope: null }, - { type: 'language', subtag: 'khv', prefix: [], scope: null }, - { type: 'language', subtag: 'khw', prefix: [], scope: null }, - { type: 'language', subtag: 'khx', prefix: [], scope: null }, - { type: 'language', subtag: 'khy', prefix: [], scope: null }, - { type: 'language', subtag: 'khz', prefix: [], scope: null }, - { type: 'language', subtag: 'kia', prefix: [], scope: null }, - { type: 'language', subtag: 'kib', prefix: [], scope: null }, - { type: 'language', subtag: 'kic', prefix: [], scope: null }, - { type: 'language', subtag: 'kid', prefix: [], scope: null }, - { type: 'language', subtag: 'kie', prefix: [], scope: null }, - { type: 'language', subtag: 'kif', prefix: [], scope: null }, - { type: 'language', subtag: 'kig', prefix: [], scope: null }, - { type: 'language', subtag: 'kih', prefix: [], scope: null }, - { type: 'language', subtag: 'kii', prefix: [], scope: null }, - { type: 'language', subtag: 'kij', prefix: [], scope: null }, - { type: 'language', subtag: 'kil', prefix: [], scope: null }, - { type: 'language', subtag: 'kim', prefix: [], scope: null }, - { type: 'language', subtag: 'kio', prefix: [], scope: null }, - { type: 'language', subtag: 'kip', prefix: [], scope: null }, - { type: 'language', subtag: 'kiq', prefix: [], scope: null }, - { type: 'language', subtag: 'kis', prefix: [], scope: null }, - { type: 'language', subtag: 'kit', prefix: [], scope: null }, - { type: 'language', subtag: 'kiu', prefix: [], scope: null }, - { type: 'language', subtag: 'kiv', prefix: [], scope: null }, - { type: 'language', subtag: 'kiw', prefix: [], scope: null }, - { type: 'language', subtag: 'kix', prefix: [], scope: null }, - { type: 'language', subtag: 'kiy', prefix: [], scope: null }, - { type: 'language', subtag: 'kiz', prefix: [], scope: null }, - { type: 'language', subtag: 'kja', prefix: [], scope: null }, - { type: 'language', subtag: 'kjb', prefix: [], scope: null }, - { type: 'language', subtag: 'kjc', prefix: [], scope: null }, - { type: 'language', subtag: 'kjd', prefix: [], scope: null }, - { type: 'language', subtag: 'kje', prefix: [], scope: null }, - { type: 'language', subtag: 'kjf', prefix: [], scope: null }, - { type: 'language', subtag: 'kjg', prefix: [], scope: null }, - { type: 'language', subtag: 'kjh', prefix: [], scope: null }, - { type: 'language', subtag: 'kji', prefix: [], scope: null }, - { type: 'language', subtag: 'kjj', prefix: [], scope: null }, - { type: 'language', subtag: 'kjk', prefix: [], scope: null }, - { type: 'language', subtag: 'kjl', prefix: [], scope: null }, - { type: 'language', subtag: 'kjm', prefix: [], scope: null }, - { type: 'language', subtag: 'kjn', prefix: [], scope: null }, - { type: 'language', subtag: 'kjo', prefix: [], scope: null }, - { type: 'language', subtag: 'kjp', prefix: [], scope: null }, - { type: 'language', subtag: 'kjq', prefix: [], scope: null }, - { type: 'language', subtag: 'kjr', prefix: [], scope: null }, - { type: 'language', subtag: 'kjs', prefix: [], scope: null }, - { type: 'language', subtag: 'kjt', prefix: [], scope: null }, - { type: 'language', subtag: 'kju', prefix: [], scope: null }, - { type: 'language', subtag: 'kjv', prefix: [], scope: null }, - { type: 'language', subtag: 'kjx', prefix: [], scope: null }, - { type: 'language', subtag: 'kjy', prefix: [], scope: null }, - { type: 'language', subtag: 'kjz', prefix: [], scope: null }, - { type: 'language', subtag: 'kka', prefix: [], scope: null }, - { type: 'language', subtag: 'kkb', prefix: [], scope: null }, - { type: 'language', subtag: 'kkc', prefix: [], scope: null }, - { type: 'language', subtag: 'kkd', prefix: [], scope: null }, - { type: 'language', subtag: 'kke', prefix: [], scope: null }, - { type: 'language', subtag: 'kkf', prefix: [], scope: null }, - { type: 'language', subtag: 'kkg', prefix: [], scope: null }, - { type: 'language', subtag: 'kkh', prefix: [], scope: null }, - { type: 'language', subtag: 'kki', prefix: [], scope: null }, - { type: 'language', subtag: 'kkj', prefix: [], scope: null }, - { type: 'language', subtag: 'kkk', prefix: [], scope: null }, - { type: 'language', subtag: 'kkl', prefix: [], scope: null }, - { type: 'language', subtag: 'kkm', prefix: [], scope: null }, - { type: 'language', subtag: 'kkn', prefix: [], scope: null }, - { type: 'language', subtag: 'kko', prefix: [], scope: null }, - { type: 'language', subtag: 'kkp', prefix: [], scope: null }, - { type: 'language', subtag: 'kkq', prefix: [], scope: null }, - { type: 'language', subtag: 'kkr', prefix: [], scope: null }, - { type: 'language', subtag: 'kks', prefix: [], scope: null }, - { type: 'language', subtag: 'kkt', prefix: [], scope: null }, - { type: 'language', subtag: 'kku', prefix: [], scope: null }, - { type: 'language', subtag: 'kkv', prefix: [], scope: null }, - { type: 'language', subtag: 'kkw', prefix: [], scope: null }, - { type: 'language', subtag: 'kkx', prefix: [], scope: null }, - { type: 'language', subtag: 'kky', prefix: [], scope: null }, - { type: 'language', subtag: 'kkz', prefix: [], scope: null }, - { type: 'language', subtag: 'kla', prefix: [], scope: null }, - { type: 'language', subtag: 'klb', prefix: [], scope: null }, - { type: 'language', subtag: 'klc', prefix: [], scope: null }, - { type: 'language', subtag: 'kld', prefix: [], scope: null }, - { type: 'language', subtag: 'kle', prefix: [], scope: null }, - { type: 'language', subtag: 'klf', prefix: [], scope: null }, - { type: 'language', subtag: 'klg', prefix: [], scope: null }, - { type: 'language', subtag: 'klh', prefix: [], scope: null }, - { type: 'language', subtag: 'kli', prefix: [], scope: null }, - { type: 'language', subtag: 'klj', prefix: [], scope: null }, - { type: 'language', subtag: 'klk', prefix: [], scope: null }, - { type: 'language', subtag: 'kll', prefix: [], scope: null }, - { type: 'language', subtag: 'klm', prefix: [], scope: null }, - { type: 'language', subtag: 'kln', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'klo', prefix: [], scope: null }, - { type: 'language', subtag: 'klp', prefix: [], scope: null }, - { type: 'language', subtag: 'klq', prefix: [], scope: null }, - { type: 'language', subtag: 'klr', prefix: [], scope: null }, - { type: 'language', subtag: 'kls', prefix: [], scope: null }, - { type: 'language', subtag: 'klt', prefix: [], scope: null }, - { type: 'language', subtag: 'klu', prefix: [], scope: null }, - { type: 'language', subtag: 'klv', prefix: [], scope: null }, - { type: 'language', subtag: 'klw', prefix: [], scope: null }, - { type: 'language', subtag: 'klx', prefix: [], scope: null }, - { type: 'language', subtag: 'kly', prefix: [], scope: null }, - { type: 'language', subtag: 'klz', prefix: [], scope: null }, - { type: 'language', subtag: 'kma', prefix: [], scope: null }, - { type: 'language', subtag: 'kmb', prefix: [], scope: null }, - { type: 'language', subtag: 'kmc', prefix: [], scope: null }, - { type: 'language', subtag: 'kmd', prefix: [], scope: null }, - { type: 'language', subtag: 'kme', prefix: [], scope: null }, - { type: 'language', subtag: 'kmf', prefix: [], scope: null }, - { type: 'language', subtag: 'kmg', prefix: [], scope: null }, - { type: 'language', subtag: 'kmh', prefix: [], scope: null }, - { type: 'language', subtag: 'kmi', prefix: [], scope: null }, - { type: 'language', subtag: 'kmj', prefix: [], scope: null }, - { type: 'language', subtag: 'kmk', prefix: [], scope: null }, - { type: 'language', subtag: 'kml', prefix: [], scope: null }, - { type: 'language', subtag: 'kmm', prefix: [], scope: null }, - { type: 'language', subtag: 'kmn', prefix: [], scope: null }, - { type: 'language', subtag: 'kmo', prefix: [], scope: null }, - { type: 'language', subtag: 'kmp', prefix: [], scope: null }, - { type: 'language', subtag: 'kmq', prefix: [], scope: null }, - { type: 'language', subtag: 'kmr', prefix: [], scope: null }, - { type: 'language', subtag: 'kms', prefix: [], scope: null }, - { type: 'language', subtag: 'kmt', prefix: [], scope: null }, - { type: 'language', subtag: 'kmu', prefix: [], scope: null }, - { type: 'language', subtag: 'kmv', prefix: [], scope: null }, - { type: 'language', subtag: 'kmw', prefix: [], scope: null }, - { type: 'language', subtag: 'kmx', prefix: [], scope: null }, - { type: 'language', subtag: 'kmy', prefix: [], scope: null }, - { type: 'language', subtag: 'kmz', prefix: [], scope: null }, - { type: 'language', subtag: 'kna', prefix: [], scope: null }, - { type: 'language', subtag: 'knb', prefix: [], scope: null }, - { type: 'language', subtag: 'knc', prefix: [], scope: null }, - { type: 'language', subtag: 'knd', prefix: [], scope: null }, - { type: 'language', subtag: 'kne', prefix: [], scope: null }, - { type: 'language', subtag: 'knf', prefix: [], scope: null }, - { type: 'language', subtag: 'kng', prefix: [], scope: null }, - { type: 'language', subtag: 'kni', prefix: [], scope: null }, - { type: 'language', subtag: 'knj', prefix: [], scope: null }, - { type: 'language', subtag: 'knk', prefix: [], scope: null }, - { type: 'language', subtag: 'knl', prefix: [], scope: null }, - { type: 'language', subtag: 'knm', prefix: [], scope: null }, - { type: 'language', subtag: 'knn', prefix: [], scope: null }, - { type: 'language', subtag: 'kno', prefix: [], scope: null }, - { type: 'language', subtag: 'knp', prefix: [], scope: null }, - { type: 'language', subtag: 'knq', prefix: [], scope: null }, - { type: 'language', subtag: 'knr', prefix: [], scope: null }, - { type: 'language', subtag: 'kns', prefix: [], scope: null }, - { type: 'language', subtag: 'knt', prefix: [], scope: null }, - { type: 'language', subtag: 'knu', prefix: [], scope: null }, - { type: 'language', subtag: 'knv', prefix: [], scope: null }, - { type: 'language', subtag: 'knw', prefix: [], scope: null }, - { type: 'language', subtag: 'knx', prefix: [], scope: null }, - { type: 'language', subtag: 'kny', prefix: [], scope: null }, - { type: 'language', subtag: 'knz', prefix: [], scope: null }, - { type: 'language', subtag: 'koa', prefix: [], scope: null }, - { type: 'language', subtag: 'koc', prefix: [], scope: null }, - { type: 'language', subtag: 'kod', prefix: [], scope: null }, - { type: 'language', subtag: 'koe', prefix: [], scope: null }, - { type: 'language', subtag: 'kof', prefix: [], scope: null }, - { type: 'language', subtag: 'kog', prefix: [], scope: null }, - { type: 'language', subtag: 'koh', prefix: [], scope: null }, - { type: 'language', subtag: 'koi', prefix: [], scope: null }, - { type: 'language', subtag: 'koj', prefix: [], scope: null }, - { type: 'language', subtag: 'kok', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'kol', prefix: [], scope: null }, - { type: 'language', subtag: 'koo', prefix: [], scope: null }, - { type: 'language', subtag: 'kop', prefix: [], scope: null }, - { type: 'language', subtag: 'koq', prefix: [], scope: null }, - { type: 'language', subtag: 'kos', prefix: [], scope: null }, - { type: 'language', subtag: 'kot', prefix: [], scope: null }, - { type: 'language', subtag: 'kou', prefix: [], scope: null }, - { type: 'language', subtag: 'kov', prefix: [], scope: null }, - { type: 'language', subtag: 'kow', prefix: [], scope: null }, - { type: 'language', subtag: 'kox', prefix: [], scope: null }, - { type: 'language', subtag: 'koy', prefix: [], scope: null }, - { type: 'language', subtag: 'koz', prefix: [], scope: null }, - { type: 'language', subtag: 'kpa', prefix: [], scope: null }, - { type: 'language', subtag: 'kpb', prefix: [], scope: null }, - { type: 'language', subtag: 'kpc', prefix: [], scope: null }, - { type: 'language', subtag: 'kpd', prefix: [], scope: null }, - { type: 'language', subtag: 'kpe', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'kpf', prefix: [], scope: null }, - { type: 'language', subtag: 'kpg', prefix: [], scope: null }, - { type: 'language', subtag: 'kph', prefix: [], scope: null }, - { type: 'language', subtag: 'kpi', prefix: [], scope: null }, - { type: 'language', subtag: 'kpj', prefix: [], scope: null }, - { type: 'language', subtag: 'kpk', prefix: [], scope: null }, - { type: 'language', subtag: 'kpl', prefix: [], scope: null }, - { type: 'language', subtag: 'kpm', prefix: [], scope: null }, - { type: 'language', subtag: 'kpn', prefix: [], scope: null }, - { type: 'language', subtag: 'kpo', prefix: [], scope: null }, - { type: 'language', subtag: 'kpp', prefix: [], scope: null }, - { type: 'language', subtag: 'kpq', prefix: [], scope: null }, - { type: 'language', subtag: 'kpr', prefix: [], scope: null }, - { type: 'language', subtag: 'kps', prefix: [], scope: null }, - { type: 'language', subtag: 'kpt', prefix: [], scope: null }, - { type: 'language', subtag: 'kpu', prefix: [], scope: null }, - { type: 'language', subtag: 'kpv', prefix: [], scope: null }, - { type: 'language', subtag: 'kpw', prefix: [], scope: null }, - { type: 'language', subtag: 'kpx', prefix: [], scope: null }, - { type: 'language', subtag: 'kpy', prefix: [], scope: null }, - { type: 'language', subtag: 'kpz', prefix: [], scope: null }, - { type: 'language', subtag: 'kqa', prefix: [], scope: null }, - { type: 'language', subtag: 'kqb', prefix: [], scope: null }, - { type: 'language', subtag: 'kqc', prefix: [], scope: null }, - { type: 'language', subtag: 'kqd', prefix: [], scope: null }, - { type: 'language', subtag: 'kqe', prefix: [], scope: null }, - { type: 'language', subtag: 'kqf', prefix: [], scope: null }, - { type: 'language', subtag: 'kqg', prefix: [], scope: null }, - { type: 'language', subtag: 'kqh', prefix: [], scope: null }, - { type: 'language', subtag: 'kqi', prefix: [], scope: null }, - { type: 'language', subtag: 'kqj', prefix: [], scope: null }, - { type: 'language', subtag: 'kqk', prefix: [], scope: null }, - { type: 'language', subtag: 'kql', prefix: [], scope: null }, - { type: 'language', subtag: 'kqm', prefix: [], scope: null }, - { type: 'language', subtag: 'kqn', prefix: [], scope: null }, - { type: 'language', subtag: 'kqo', prefix: [], scope: null }, - { type: 'language', subtag: 'kqp', prefix: [], scope: null }, - { type: 'language', subtag: 'kqq', prefix: [], scope: null }, - { type: 'language', subtag: 'kqr', prefix: [], scope: null }, - { type: 'language', subtag: 'kqs', prefix: [], scope: null }, - { type: 'language', subtag: 'kqt', prefix: [], scope: null }, - { type: 'language', subtag: 'kqu', prefix: [], scope: null }, - { type: 'language', subtag: 'kqv', prefix: [], scope: null }, - { type: 'language', subtag: 'kqw', prefix: [], scope: null }, - { type: 'language', subtag: 'kqx', prefix: [], scope: null }, - { type: 'language', subtag: 'kqy', prefix: [], scope: null }, - { type: 'language', subtag: 'kqz', prefix: [], scope: null }, - { type: 'language', subtag: 'kra', prefix: [], scope: null }, - { type: 'language', subtag: 'krb', prefix: [], scope: null }, - { type: 'language', subtag: 'krc', prefix: [], scope: null }, - { type: 'language', subtag: 'krd', prefix: [], scope: null }, - { type: 'language', subtag: 'kre', prefix: [], scope: null }, - { type: 'language', subtag: 'krf', prefix: [], scope: null }, - { type: 'language', subtag: 'krh', prefix: [], scope: null }, - { type: 'language', subtag: 'kri', prefix: [], scope: null }, - { type: 'language', subtag: 'krj', prefix: [], scope: null }, - { type: 'language', subtag: 'krk', prefix: [], scope: null }, - { type: 'language', subtag: 'krl', prefix: [], scope: null }, - { type: 'language', subtag: 'krm', prefix: [], scope: null }, - { type: 'language', subtag: 'krn', prefix: [], scope: null }, - { type: 'language', subtag: 'kro', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'krp', prefix: [], scope: null }, - { type: 'language', subtag: 'krr', prefix: [], scope: null }, - { type: 'language', subtag: 'krs', prefix: [], scope: null }, - { type: 'language', subtag: 'krt', prefix: [], scope: null }, - { type: 'language', subtag: 'kru', prefix: [], scope: null }, - { type: 'language', subtag: 'krv', prefix: [], scope: null }, - { type: 'language', subtag: 'krw', prefix: [], scope: null }, - { type: 'language', subtag: 'krx', prefix: [], scope: null }, - { type: 'language', subtag: 'kry', prefix: [], scope: null }, - { type: 'language', subtag: 'krz', prefix: [], scope: null }, - { type: 'language', subtag: 'ksa', prefix: [], scope: null }, - { type: 'language', subtag: 'ksb', prefix: [], scope: null }, - { type: 'language', subtag: 'ksc', prefix: [], scope: null }, - { type: 'language', subtag: 'ksd', prefix: [], scope: null }, - { type: 'language', subtag: 'kse', prefix: [], scope: null }, - { type: 'language', subtag: 'ksf', prefix: [], scope: null }, - { type: 'language', subtag: 'ksg', prefix: [], scope: null }, - { type: 'language', subtag: 'ksh', prefix: [], scope: null }, - { type: 'language', subtag: 'ksi', prefix: [], scope: null }, - { type: 'language', subtag: 'ksj', prefix: [], scope: null }, - { type: 'language', subtag: 'ksk', prefix: [], scope: null }, - { type: 'language', subtag: 'ksl', prefix: [], scope: null }, - { type: 'language', subtag: 'ksm', prefix: [], scope: null }, - { type: 'language', subtag: 'ksn', prefix: [], scope: null }, - { type: 'language', subtag: 'kso', prefix: [], scope: null }, - { type: 'language', subtag: 'ksp', prefix: [], scope: null }, - { type: 'language', subtag: 'ksq', prefix: [], scope: null }, - { type: 'language', subtag: 'ksr', prefix: [], scope: null }, - { type: 'language', subtag: 'kss', prefix: [], scope: null }, - { type: 'language', subtag: 'kst', prefix: [], scope: null }, - { type: 'language', subtag: 'ksu', prefix: [], scope: null }, - { type: 'language', subtag: 'ksv', prefix: [], scope: null }, - { type: 'language', subtag: 'ksw', prefix: [], scope: null }, - { type: 'language', subtag: 'ksx', prefix: [], scope: null }, - { type: 'language', subtag: 'ksy', prefix: [], scope: null }, - { type: 'language', subtag: 'ksz', prefix: [], scope: null }, - { type: 'language', subtag: 'kta', prefix: [], scope: null }, - { type: 'language', subtag: 'ktb', prefix: [], scope: null }, - { type: 'language', subtag: 'ktc', prefix: [], scope: null }, - { type: 'language', subtag: 'ktd', prefix: [], scope: null }, - { type: 'language', subtag: 'kte', prefix: [], scope: null }, - { type: 'language', subtag: 'ktf', prefix: [], scope: null }, - { type: 'language', subtag: 'ktg', prefix: [], scope: null }, - { type: 'language', subtag: 'kth', prefix: [], scope: null }, - { type: 'language', subtag: 'kti', prefix: [], scope: null }, - { type: 'language', subtag: 'ktj', prefix: [], scope: null }, - { type: 'language', subtag: 'ktk', prefix: [], scope: null }, - { type: 'language', subtag: 'ktl', prefix: [], scope: null }, - { type: 'language', subtag: 'ktm', prefix: [], scope: null }, - { type: 'language', subtag: 'ktn', prefix: [], scope: null }, - { type: 'language', subtag: 'kto', prefix: [], scope: null }, - { type: 'language', subtag: 'ktp', prefix: [], scope: null }, - { type: 'language', subtag: 'ktq', prefix: [], scope: null }, - { type: 'language', subtag: 'ktr', prefix: [], scope: null }, - { type: 'language', subtag: 'kts', prefix: [], scope: null }, - { type: 'language', subtag: 'ktt', prefix: [], scope: null }, - { type: 'language', subtag: 'ktu', prefix: [], scope: null }, - { type: 'language', subtag: 'ktv', prefix: [], scope: null }, - { type: 'language', subtag: 'ktw', prefix: [], scope: null }, - { type: 'language', subtag: 'ktx', prefix: [], scope: null }, - { type: 'language', subtag: 'kty', prefix: [], scope: null }, - { type: 'language', subtag: 'ktz', prefix: [], scope: null }, - { type: 'language', subtag: 'kub', prefix: [], scope: null }, - { type: 'language', subtag: 'kuc', prefix: [], scope: null }, - { type: 'language', subtag: 'kud', prefix: [], scope: null }, - { type: 'language', subtag: 'kue', prefix: [], scope: null }, - { type: 'language', subtag: 'kuf', prefix: [], scope: null }, - { type: 'language', subtag: 'kug', prefix: [], scope: null }, - { type: 'language', subtag: 'kuh', prefix: [], scope: null }, - { type: 'language', subtag: 'kui', prefix: [], scope: null }, - { type: 'language', subtag: 'kuj', prefix: [], scope: null }, - { type: 'language', subtag: 'kuk', prefix: [], scope: null }, - { type: 'language', subtag: 'kul', prefix: [], scope: null }, - { type: 'language', subtag: 'kum', prefix: [], scope: null }, - { type: 'language', subtag: 'kun', prefix: [], scope: null }, - { type: 'language', subtag: 'kuo', prefix: [], scope: null }, - { type: 'language', subtag: 'kup', prefix: [], scope: null }, - { type: 'language', subtag: 'kuq', prefix: [], scope: null }, - { type: 'language', subtag: 'kus', prefix: [], scope: null }, - { type: 'language', subtag: 'kut', prefix: [], scope: null }, - { type: 'language', subtag: 'kuu', prefix: [], scope: null }, - { type: 'language', subtag: 'kuv', prefix: [], scope: null }, - { type: 'language', subtag: 'kuw', prefix: [], scope: null }, - { type: 'language', subtag: 'kux', prefix: [], scope: null }, - { type: 'language', subtag: 'kuy', prefix: [], scope: null }, - { type: 'language', subtag: 'kuz', prefix: [], scope: null }, - { type: 'language', subtag: 'kva', prefix: [], scope: null }, - { type: 'language', subtag: 'kvb', prefix: [], scope: null }, - { type: 'language', subtag: 'kvc', prefix: [], scope: null }, - { type: 'language', subtag: 'kvd', prefix: [], scope: null }, - { type: 'language', subtag: 'kve', prefix: [], scope: null }, - { type: 'language', subtag: 'kvf', prefix: [], scope: null }, - { type: 'language', subtag: 'kvg', prefix: [], scope: null }, - { type: 'language', subtag: 'kvh', prefix: [], scope: null }, - { type: 'language', subtag: 'kvi', prefix: [], scope: null }, - { type: 'language', subtag: 'kvj', prefix: [], scope: null }, - { type: 'language', subtag: 'kvk', prefix: [], scope: null }, - { type: 'language', subtag: 'kvl', prefix: [], scope: null }, - { type: 'language', subtag: 'kvm', prefix: [], scope: null }, - { type: 'language', subtag: 'kvn', prefix: [], scope: null }, - { type: 'language', subtag: 'kvo', prefix: [], scope: null }, - { type: 'language', subtag: 'kvp', prefix: [], scope: null }, - { type: 'language', subtag: 'kvq', prefix: [], scope: null }, - { type: 'language', subtag: 'kvr', prefix: [], scope: null }, - { type: 'language', subtag: 'kvs', prefix: [], scope: null }, - { type: 'language', subtag: 'kvt', prefix: [], scope: null }, - { type: 'language', subtag: 'kvu', prefix: [], scope: null }, - { type: 'language', subtag: 'kvv', prefix: [], scope: null }, - { type: 'language', subtag: 'kvw', prefix: [], scope: null }, - { type: 'language', subtag: 'kvx', prefix: [], scope: null }, - { type: 'language', subtag: 'kvy', prefix: [], scope: null }, - { type: 'language', subtag: 'kvz', prefix: [], scope: null }, - { type: 'language', subtag: 'kwa', prefix: [], scope: null }, - { type: 'language', subtag: 'kwb', prefix: [], scope: null }, - { type: 'language', subtag: 'kwc', prefix: [], scope: null }, - { type: 'language', subtag: 'kwd', prefix: [], scope: null }, - { type: 'language', subtag: 'kwe', prefix: [], scope: null }, - { type: 'language', subtag: 'kwf', prefix: [], scope: null }, - { type: 'language', subtag: 'kwg', prefix: [], scope: null }, - { type: 'language', subtag: 'kwh', prefix: [], scope: null }, - { type: 'language', subtag: 'kwi', prefix: [], scope: null }, - { type: 'language', subtag: 'kwj', prefix: [], scope: null }, - { type: 'language', subtag: 'kwk', prefix: [], scope: null }, - { type: 'language', subtag: 'kwl', prefix: [], scope: null }, - { type: 'language', subtag: 'kwm', prefix: [], scope: null }, - { type: 'language', subtag: 'kwn', prefix: [], scope: null }, - { type: 'language', subtag: 'kwo', prefix: [], scope: null }, - { type: 'language', subtag: 'kwp', prefix: [], scope: null }, - { type: 'language', subtag: 'kwq', prefix: [], scope: null }, - { type: 'language', subtag: 'kwr', prefix: [], scope: null }, - { type: 'language', subtag: 'kws', prefix: [], scope: null }, - { type: 'language', subtag: 'kwt', prefix: [], scope: null }, - { type: 'language', subtag: 'kwu', prefix: [], scope: null }, - { type: 'language', subtag: 'kwv', prefix: [], scope: null }, - { type: 'language', subtag: 'kww', prefix: [], scope: null }, - { type: 'language', subtag: 'kwx', prefix: [], scope: null }, - { type: 'language', subtag: 'kwy', prefix: [], scope: null }, - { type: 'language', subtag: 'kwz', prefix: [], scope: null }, - { type: 'language', subtag: 'kxa', prefix: [], scope: null }, - { type: 'language', subtag: 'kxb', prefix: [], scope: null }, - { type: 'language', subtag: 'kxc', prefix: [], scope: null }, - { type: 'language', subtag: 'kxd', prefix: [], scope: null }, - { type: 'language', subtag: 'kxe', prefix: [], scope: null }, - { type: 'language', subtag: 'kxf', prefix: [], scope: null }, - { type: 'language', subtag: 'kxh', prefix: [], scope: null }, - { type: 'language', subtag: 'kxi', prefix: [], scope: null }, - { type: 'language', subtag: 'kxj', prefix: [], scope: null }, - { type: 'language', subtag: 'kxk', prefix: [], scope: null }, - { type: 'language', subtag: 'kxl', prefix: [], scope: null }, - { type: 'language', subtag: 'kxm', prefix: [], scope: null }, - { type: 'language', subtag: 'kxn', prefix: [], scope: null }, - { type: 'language', subtag: 'kxo', prefix: [], scope: null }, - { type: 'language', subtag: 'kxp', prefix: [], scope: null }, - { type: 'language', subtag: 'kxq', prefix: [], scope: null }, - { type: 'language', subtag: 'kxr', prefix: [], scope: null }, - { type: 'language', subtag: 'kxs', prefix: [], scope: null }, - { type: 'language', subtag: 'kxt', prefix: [], scope: null }, - { type: 'language', subtag: 'kxu', prefix: [], scope: null }, - { type: 'language', subtag: 'kxv', prefix: [], scope: null }, - { type: 'language', subtag: 'kxw', prefix: [], scope: null }, - { type: 'language', subtag: 'kxx', prefix: [], scope: null }, - { type: 'language', subtag: 'kxy', prefix: [], scope: null }, - { type: 'language', subtag: 'kxz', prefix: [], scope: null }, - { type: 'language', subtag: 'kya', prefix: [], scope: null }, - { type: 'language', subtag: 'kyb', prefix: [], scope: null }, - { type: 'language', subtag: 'kyc', prefix: [], scope: null }, - { type: 'language', subtag: 'kyd', prefix: [], scope: null }, - { type: 'language', subtag: 'kye', prefix: [], scope: null }, - { type: 'language', subtag: 'kyf', prefix: [], scope: null }, - { type: 'language', subtag: 'kyg', prefix: [], scope: null }, - { type: 'language', subtag: 'kyh', prefix: [], scope: null }, - { type: 'language', subtag: 'kyi', prefix: [], scope: null }, - { type: 'language', subtag: 'kyj', prefix: [], scope: null }, - { type: 'language', subtag: 'kyk', prefix: [], scope: null }, - { type: 'language', subtag: 'kyl', prefix: [], scope: null }, - { type: 'language', subtag: 'kym', prefix: [], scope: null }, - { type: 'language', subtag: 'kyn', prefix: [], scope: null }, - { type: 'language', subtag: 'kyo', prefix: [], scope: null }, - { type: 'language', subtag: 'kyp', prefix: [], scope: null }, - { type: 'language', subtag: 'kyq', prefix: [], scope: null }, - { type: 'language', subtag: 'kyr', prefix: [], scope: null }, - { type: 'language', subtag: 'kys', prefix: [], scope: null }, - { type: 'language', subtag: 'kyt', prefix: [], scope: null }, - { type: 'language', subtag: 'kyu', prefix: [], scope: null }, - { type: 'language', subtag: 'kyv', prefix: [], scope: null }, - { type: 'language', subtag: 'kyw', prefix: [], scope: null }, - { type: 'language', subtag: 'kyx', prefix: [], scope: null }, - { type: 'language', subtag: 'kyy', prefix: [], scope: null }, - { type: 'language', subtag: 'kyz', prefix: [], scope: null }, - { type: 'language', subtag: 'kza', prefix: [], scope: null }, - { type: 'language', subtag: 'kzb', prefix: [], scope: null }, - { type: 'language', subtag: 'kzc', prefix: [], scope: null }, - { type: 'language', subtag: 'kzd', prefix: [], scope: null }, - { type: 'language', subtag: 'kze', prefix: [], scope: null }, - { type: 'language', subtag: 'kzf', prefix: [], scope: null }, - { type: 'language', subtag: 'kzg', prefix: [], scope: null }, - { type: 'language', subtag: 'kzh', prefix: [], scope: null }, - { type: 'language', subtag: 'kzi', prefix: [], scope: null }, - { type: 'language', subtag: 'kzj', prefix: [], scope: null }, - { type: 'language', subtag: 'kzk', prefix: [], scope: null }, - { type: 'language', subtag: 'kzl', prefix: [], scope: null }, - { type: 'language', subtag: 'kzm', prefix: [], scope: null }, - { type: 'language', subtag: 'kzn', prefix: [], scope: null }, - { type: 'language', subtag: 'kzo', prefix: [], scope: null }, - { type: 'language', subtag: 'kzp', prefix: [], scope: null }, - { type: 'language', subtag: 'kzq', prefix: [], scope: null }, - { type: 'language', subtag: 'kzr', prefix: [], scope: null }, - { type: 'language', subtag: 'kzs', prefix: [], scope: null }, - { type: 'language', subtag: 'kzt', prefix: [], scope: null }, - { type: 'language', subtag: 'kzu', prefix: [], scope: null }, - { type: 'language', subtag: 'kzv', prefix: [], scope: null }, - { type: 'language', subtag: 'kzw', prefix: [], scope: null }, - { type: 'language', subtag: 'kzx', prefix: [], scope: null }, - { type: 'language', subtag: 'kzy', prefix: [], scope: null }, - { type: 'language', subtag: 'kzz', prefix: [], scope: null }, - { type: 'language', subtag: 'laa', prefix: [], scope: null }, - { type: 'language', subtag: 'lab', prefix: [], scope: null }, - { type: 'language', subtag: 'lac', prefix: [], scope: null }, - { type: 'language', subtag: 'lad', prefix: [], scope: null }, - { type: 'language', subtag: 'lae', prefix: [], scope: null }, - { type: 'language', subtag: 'laf', prefix: [], scope: null }, - { type: 'language', subtag: 'lag', prefix: [], scope: null }, - { type: 'language', subtag: 'lah', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'lai', prefix: [], scope: null }, - { type: 'language', subtag: 'laj', prefix: [], scope: null }, - { type: 'language', subtag: 'lak', prefix: [], scope: null }, - { type: 'language', subtag: 'lal', prefix: [], scope: null }, - { type: 'language', subtag: 'lam', prefix: [], scope: null }, - { type: 'language', subtag: 'lan', prefix: [], scope: null }, - { type: 'language', subtag: 'lap', prefix: [], scope: null }, - { type: 'language', subtag: 'laq', prefix: [], scope: null }, - { type: 'language', subtag: 'lar', prefix: [], scope: null }, - { type: 'language', subtag: 'las', prefix: [], scope: null }, - { type: 'language', subtag: 'lau', prefix: [], scope: null }, - { type: 'language', subtag: 'law', prefix: [], scope: null }, - { type: 'language', subtag: 'lax', prefix: [], scope: null }, - { type: 'language', subtag: 'lay', prefix: [], scope: null }, - { type: 'language', subtag: 'laz', prefix: [], scope: null }, - { type: 'language', subtag: 'lba', prefix: [], scope: null }, - { type: 'language', subtag: 'lbb', prefix: [], scope: null }, - { type: 'language', subtag: 'lbc', prefix: [], scope: null }, - { type: 'language', subtag: 'lbe', prefix: [], scope: null }, - { type: 'language', subtag: 'lbf', prefix: [], scope: null }, - { type: 'language', subtag: 'lbg', prefix: [], scope: null }, - { type: 'language', subtag: 'lbi', prefix: [], scope: null }, - { type: 'language', subtag: 'lbj', prefix: [], scope: null }, - { type: 'language', subtag: 'lbk', prefix: [], scope: null }, - { type: 'language', subtag: 'lbl', prefix: [], scope: null }, - { type: 'language', subtag: 'lbm', prefix: [], scope: null }, - { type: 'language', subtag: 'lbn', prefix: [], scope: null }, - { type: 'language', subtag: 'lbo', prefix: [], scope: null }, - { type: 'language', subtag: 'lbq', prefix: [], scope: null }, - { type: 'language', subtag: 'lbr', prefix: [], scope: null }, - { type: 'language', subtag: 'lbs', prefix: [], scope: null }, - { type: 'language', subtag: 'lbt', prefix: [], scope: null }, - { type: 'language', subtag: 'lbu', prefix: [], scope: null }, - { type: 'language', subtag: 'lbv', prefix: [], scope: null }, - { type: 'language', subtag: 'lbw', prefix: [], scope: null }, - { type: 'language', subtag: 'lbx', prefix: [], scope: null }, - { type: 'language', subtag: 'lby', prefix: [], scope: null }, - { type: 'language', subtag: 'lbz', prefix: [], scope: null }, - { type: 'language', subtag: 'lcc', prefix: [], scope: null }, - { type: 'language', subtag: 'lcd', prefix: [], scope: null }, - { type: 'language', subtag: 'lce', prefix: [], scope: null }, - { type: 'language', subtag: 'lcf', prefix: [], scope: null }, - { type: 'language', subtag: 'lch', prefix: [], scope: null }, - { type: 'language', subtag: 'lcl', prefix: [], scope: null }, - { type: 'language', subtag: 'lcm', prefix: [], scope: null }, - { type: 'language', subtag: 'lcp', prefix: [], scope: null }, - { type: 'language', subtag: 'lcq', prefix: [], scope: null }, - { type: 'language', subtag: 'lcs', prefix: [], scope: null }, - { type: 'language', subtag: 'lda', prefix: [], scope: null }, - { type: 'language', subtag: 'ldb', prefix: [], scope: null }, - { type: 'language', subtag: 'ldd', prefix: [], scope: null }, - { type: 'language', subtag: 'ldg', prefix: [], scope: null }, - { type: 'language', subtag: 'ldh', prefix: [], scope: null }, - { type: 'language', subtag: 'ldi', prefix: [], scope: null }, - { type: 'language', subtag: 'ldj', prefix: [], scope: null }, - { type: 'language', subtag: 'ldk', prefix: [], scope: null }, - { type: 'language', subtag: 'ldl', prefix: [], scope: null }, - { type: 'language', subtag: 'ldm', prefix: [], scope: null }, - { type: 'language', subtag: 'ldn', prefix: [], scope: null }, - { type: 'language', subtag: 'ldo', prefix: [], scope: null }, - { type: 'language', subtag: 'ldp', prefix: [], scope: null }, - { type: 'language', subtag: 'ldq', prefix: [], scope: null }, - { type: 'language', subtag: 'lea', prefix: [], scope: null }, - { type: 'language', subtag: 'leb', prefix: [], scope: null }, - { type: 'language', subtag: 'lec', prefix: [], scope: null }, - { type: 'language', subtag: 'led', prefix: [], scope: null }, - { type: 'language', subtag: 'lee', prefix: [], scope: null }, - { type: 'language', subtag: 'lef', prefix: [], scope: null }, - { type: 'language', subtag: 'leg', prefix: [], scope: null }, - { type: 'language', subtag: 'leh', prefix: [], scope: null }, - { type: 'language', subtag: 'lei', prefix: [], scope: null }, - { type: 'language', subtag: 'lej', prefix: [], scope: null }, - { type: 'language', subtag: 'lek', prefix: [], scope: null }, - { type: 'language', subtag: 'lel', prefix: [], scope: null }, - { type: 'language', subtag: 'lem', prefix: [], scope: null }, - { type: 'language', subtag: 'len', prefix: [], scope: null }, - { type: 'language', subtag: 'leo', prefix: [], scope: null }, - { type: 'language', subtag: 'lep', prefix: [], scope: null }, - { type: 'language', subtag: 'leq', prefix: [], scope: null }, - { type: 'language', subtag: 'ler', prefix: [], scope: null }, - { type: 'language', subtag: 'les', prefix: [], scope: null }, - { type: 'language', subtag: 'let', prefix: [], scope: null }, - { type: 'language', subtag: 'leu', prefix: [], scope: null }, - { type: 'language', subtag: 'lev', prefix: [], scope: null }, - { type: 'language', subtag: 'lew', prefix: [], scope: null }, - { type: 'language', subtag: 'lex', prefix: [], scope: null }, - { type: 'language', subtag: 'ley', prefix: [], scope: null }, - { type: 'language', subtag: 'lez', prefix: [], scope: null }, - { type: 'language', subtag: 'lfa', prefix: [], scope: null }, - { type: 'language', subtag: 'lfn', prefix: [], scope: null }, - { type: 'language', subtag: 'lga', prefix: [], scope: null }, - { type: 'language', subtag: 'lgb', prefix: [], scope: null }, - { type: 'language', subtag: 'lgg', prefix: [], scope: null }, - { type: 'language', subtag: 'lgh', prefix: [], scope: null }, - { type: 'language', subtag: 'lgi', prefix: [], scope: null }, - { type: 'language', subtag: 'lgk', prefix: [], scope: null }, - { type: 'language', subtag: 'lgl', prefix: [], scope: null }, - { type: 'language', subtag: 'lgm', prefix: [], scope: null }, - { type: 'language', subtag: 'lgn', prefix: [], scope: null }, - { type: 'language', subtag: 'lgo', prefix: [], scope: null }, - { type: 'language', subtag: 'lgq', prefix: [], scope: null }, - { type: 'language', subtag: 'lgr', prefix: [], scope: null }, - { type: 'language', subtag: 'lgt', prefix: [], scope: null }, - { type: 'language', subtag: 'lgu', prefix: [], scope: null }, - { type: 'language', subtag: 'lgz', prefix: [], scope: null }, - { type: 'language', subtag: 'lha', prefix: [], scope: null }, - { type: 'language', subtag: 'lhh', prefix: [], scope: null }, - { type: 'language', subtag: 'lhi', prefix: [], scope: null }, - { type: 'language', subtag: 'lhl', prefix: [], scope: null }, - { type: 'language', subtag: 'lhm', prefix: [], scope: null }, - { type: 'language', subtag: 'lhn', prefix: [], scope: null }, - { type: 'language', subtag: 'lhp', prefix: [], scope: null }, - { type: 'language', subtag: 'lhs', prefix: [], scope: null }, - { type: 'language', subtag: 'lht', prefix: [], scope: null }, - { type: 'language', subtag: 'lhu', prefix: [], scope: null }, - { type: 'language', subtag: 'lia', prefix: [], scope: null }, - { type: 'language', subtag: 'lib', prefix: [], scope: null }, - { type: 'language', subtag: 'lic', prefix: [], scope: null }, - { type: 'language', subtag: 'lid', prefix: [], scope: null }, - { type: 'language', subtag: 'lie', prefix: [], scope: null }, - { type: 'language', subtag: 'lif', prefix: [], scope: null }, - { type: 'language', subtag: 'lig', prefix: [], scope: null }, - { type: 'language', subtag: 'lih', prefix: [], scope: null }, - { type: 'language', subtag: 'lii', prefix: [], scope: null }, - { type: 'language', subtag: 'lij', prefix: [], scope: null }, - { type: 'language', subtag: 'lik', prefix: [], scope: null }, - { type: 'language', subtag: 'lil', prefix: [], scope: null }, - { type: 'language', subtag: 'lio', prefix: [], scope: null }, - { type: 'language', subtag: 'lip', prefix: [], scope: null }, - { type: 'language', subtag: 'liq', prefix: [], scope: null }, - { type: 'language', subtag: 'lir', prefix: [], scope: null }, - { type: 'language', subtag: 'lis', prefix: [], scope: null }, - { type: 'language', subtag: 'liu', prefix: [], scope: null }, - { type: 'language', subtag: 'liv', prefix: [], scope: null }, - { type: 'language', subtag: 'liw', prefix: [], scope: null }, - { type: 'language', subtag: 'lix', prefix: [], scope: null }, - { type: 'language', subtag: 'liy', prefix: [], scope: null }, - { type: 'language', subtag: 'liz', prefix: [], scope: null }, - { type: 'language', subtag: 'lja', prefix: [], scope: null }, - { type: 'language', subtag: 'lje', prefix: [], scope: null }, - { type: 'language', subtag: 'lji', prefix: [], scope: null }, - { type: 'language', subtag: 'ljl', prefix: [], scope: null }, - { type: 'language', subtag: 'ljp', prefix: [], scope: null }, - { type: 'language', subtag: 'ljw', prefix: [], scope: null }, - { type: 'language', subtag: 'ljx', prefix: [], scope: null }, - { type: 'language', subtag: 'lka', prefix: [], scope: null }, - { type: 'language', subtag: 'lkb', prefix: [], scope: null }, - { type: 'language', subtag: 'lkc', prefix: [], scope: null }, - { type: 'language', subtag: 'lkd', prefix: [], scope: null }, - { type: 'language', subtag: 'lke', prefix: [], scope: null }, - { type: 'language', subtag: 'lkh', prefix: [], scope: null }, - { type: 'language', subtag: 'lki', prefix: [], scope: null }, - { type: 'language', subtag: 'lkj', prefix: [], scope: null }, - { type: 'language', subtag: 'lkl', prefix: [], scope: null }, - { type: 'language', subtag: 'lkm', prefix: [], scope: null }, - { type: 'language', subtag: 'lkn', prefix: [], scope: null }, - { type: 'language', subtag: 'lko', prefix: [], scope: null }, - { type: 'language', subtag: 'lkr', prefix: [], scope: null }, - { type: 'language', subtag: 'lks', prefix: [], scope: null }, - { type: 'language', subtag: 'lkt', prefix: [], scope: null }, - { type: 'language', subtag: 'lku', prefix: [], scope: null }, - { type: 'language', subtag: 'lky', prefix: [], scope: null }, - { type: 'language', subtag: 'lla', prefix: [], scope: null }, - { type: 'language', subtag: 'llb', prefix: [], scope: null }, - { type: 'language', subtag: 'llc', prefix: [], scope: null }, - { type: 'language', subtag: 'lld', prefix: [], scope: null }, - { type: 'language', subtag: 'lle', prefix: [], scope: null }, - { type: 'language', subtag: 'llf', prefix: [], scope: null }, - { type: 'language', subtag: 'llg', prefix: [], scope: null }, - { type: 'language', subtag: 'llh', prefix: [], scope: null }, - { type: 'language', subtag: 'lli', prefix: [], scope: null }, - { type: 'language', subtag: 'llj', prefix: [], scope: null }, - { type: 'language', subtag: 'llk', prefix: [], scope: null }, - { type: 'language', subtag: 'lll', prefix: [], scope: null }, - { type: 'language', subtag: 'llm', prefix: [], scope: null }, - { type: 'language', subtag: 'lln', prefix: [], scope: null }, - { type: 'language', subtag: 'llo', prefix: [], scope: null }, - { type: 'language', subtag: 'llp', prefix: [], scope: null }, - { type: 'language', subtag: 'llq', prefix: [], scope: null }, - { type: 'language', subtag: 'lls', prefix: [], scope: null }, - { type: 'language', subtag: 'llu', prefix: [], scope: null }, - { type: 'language', subtag: 'llx', prefix: [], scope: null }, - { type: 'language', subtag: 'lma', prefix: [], scope: null }, - { type: 'language', subtag: 'lmb', prefix: [], scope: null }, - { type: 'language', subtag: 'lmc', prefix: [], scope: null }, - { type: 'language', subtag: 'lmd', prefix: [], scope: null }, - { type: 'language', subtag: 'lme', prefix: [], scope: null }, - { type: 'language', subtag: 'lmf', prefix: [], scope: null }, - { type: 'language', subtag: 'lmg', prefix: [], scope: null }, - { type: 'language', subtag: 'lmh', prefix: [], scope: null }, - { type: 'language', subtag: 'lmi', prefix: [], scope: null }, - { type: 'language', subtag: 'lmj', prefix: [], scope: null }, - { type: 'language', subtag: 'lmk', prefix: [], scope: null }, - { type: 'language', subtag: 'lml', prefix: [], scope: null }, - { type: 'language', subtag: 'lmm', prefix: [], scope: null }, - { type: 'language', subtag: 'lmn', prefix: [], scope: null }, - { type: 'language', subtag: 'lmo', prefix: [], scope: null }, - { type: 'language', subtag: 'lmp', prefix: [], scope: null }, - { type: 'language', subtag: 'lmq', prefix: [], scope: null }, - { type: 'language', subtag: 'lmr', prefix: [], scope: null }, - { type: 'language', subtag: 'lmu', prefix: [], scope: null }, - { type: 'language', subtag: 'lmv', prefix: [], scope: null }, - { type: 'language', subtag: 'lmw', prefix: [], scope: null }, - { type: 'language', subtag: 'lmx', prefix: [], scope: null }, - { type: 'language', subtag: 'lmy', prefix: [], scope: null }, - { type: 'language', subtag: 'lmz', prefix: [], scope: null }, - { type: 'language', subtag: 'lna', prefix: [], scope: null }, - { type: 'language', subtag: 'lnb', prefix: [], scope: null }, - { type: 'language', subtag: 'lnd', prefix: [], scope: null }, - { type: 'language', subtag: 'lng', prefix: [], scope: null }, - { type: 'language', subtag: 'lnh', prefix: [], scope: null }, - { type: 'language', subtag: 'lni', prefix: [], scope: null }, - { type: 'language', subtag: 'lnj', prefix: [], scope: null }, - { type: 'language', subtag: 'lnl', prefix: [], scope: null }, - { type: 'language', subtag: 'lnm', prefix: [], scope: null }, - { type: 'language', subtag: 'lnn', prefix: [], scope: null }, - { type: 'language', subtag: 'lno', prefix: [], scope: null }, - { type: 'language', subtag: 'lns', prefix: [], scope: null }, - { type: 'language', subtag: 'lnu', prefix: [], scope: null }, - { type: 'language', subtag: 'lnw', prefix: [], scope: null }, - { type: 'language', subtag: 'lnz', prefix: [], scope: null }, - { type: 'language', subtag: 'loa', prefix: [], scope: null }, - { type: 'language', subtag: 'lob', prefix: [], scope: null }, - { type: 'language', subtag: 'loc', prefix: [], scope: null }, - { type: 'language', subtag: 'loe', prefix: [], scope: null }, - { type: 'language', subtag: 'lof', prefix: [], scope: null }, - { type: 'language', subtag: 'log', prefix: [], scope: null }, - { type: 'language', subtag: 'loh', prefix: [], scope: null }, - { type: 'language', subtag: 'loi', prefix: [], scope: null }, - { type: 'language', subtag: 'loj', prefix: [], scope: null }, - { type: 'language', subtag: 'lok', prefix: [], scope: null }, - { type: 'language', subtag: 'lol', prefix: [], scope: null }, - { type: 'language', subtag: 'lom', prefix: [], scope: null }, - { type: 'language', subtag: 'lon', prefix: [], scope: null }, - { type: 'language', subtag: 'loo', prefix: [], scope: null }, - { type: 'language', subtag: 'lop', prefix: [], scope: null }, - { type: 'language', subtag: 'loq', prefix: [], scope: null }, - { type: 'language', subtag: 'lor', prefix: [], scope: null }, - { type: 'language', subtag: 'los', prefix: [], scope: null }, - { type: 'language', subtag: 'lot', prefix: [], scope: null }, - { type: 'language', subtag: 'lou', prefix: [], scope: null }, - { type: 'language', subtag: 'lov', prefix: [], scope: null }, - { type: 'language', subtag: 'low', prefix: [], scope: null }, - { type: 'language', subtag: 'lox', prefix: [], scope: null }, - { type: 'language', subtag: 'loy', prefix: [], scope: null }, - { type: 'language', subtag: 'loz', prefix: [], scope: null }, - { type: 'language', subtag: 'lpa', prefix: [], scope: null }, - { type: 'language', subtag: 'lpe', prefix: [], scope: null }, - { type: 'language', subtag: 'lpn', prefix: [], scope: null }, - { type: 'language', subtag: 'lpo', prefix: [], scope: null }, - { type: 'language', subtag: 'lpx', prefix: [], scope: null }, - { type: 'language', subtag: 'lqr', prefix: [], scope: null }, - { type: 'language', subtag: 'lra', prefix: [], scope: null }, - { type: 'language', subtag: 'lrc', prefix: [], scope: null }, - { type: 'language', subtag: 'lre', prefix: [], scope: null }, - { type: 'language', subtag: 'lrg', prefix: [], scope: null }, - { type: 'language', subtag: 'lri', prefix: [], scope: null }, - { type: 'language', subtag: 'lrk', prefix: [], scope: null }, - { type: 'language', subtag: 'lrl', prefix: [], scope: null }, - { type: 'language', subtag: 'lrm', prefix: [], scope: null }, - { type: 'language', subtag: 'lrn', prefix: [], scope: null }, - { type: 'language', subtag: 'lro', prefix: [], scope: null }, - { type: 'language', subtag: 'lrr', prefix: [], scope: null }, - { type: 'language', subtag: 'lrt', prefix: [], scope: null }, - { type: 'language', subtag: 'lrv', prefix: [], scope: null }, - { type: 'language', subtag: 'lrz', prefix: [], scope: null }, - { type: 'language', subtag: 'lsa', prefix: [], scope: null }, - { type: 'language', subtag: 'lsb', prefix: [], scope: null }, - { type: 'language', subtag: 'lsc', prefix: [], scope: null }, - { type: 'language', subtag: 'lsd', prefix: [], scope: null }, - { type: 'language', subtag: 'lse', prefix: [], scope: null }, - { type: 'language', subtag: 'lsg', prefix: [], scope: null }, - { type: 'language', subtag: 'lsh', prefix: [], scope: null }, - { type: 'language', subtag: 'lsi', prefix: [], scope: null }, - { type: 'language', subtag: 'lsl', prefix: [], scope: null }, - { type: 'language', subtag: 'lsm', prefix: [], scope: null }, - { type: 'language', subtag: 'lsn', prefix: [], scope: null }, - { type: 'language', subtag: 'lso', prefix: [], scope: null }, - { type: 'language', subtag: 'lsp', prefix: [], scope: null }, - { type: 'language', subtag: 'lsr', prefix: [], scope: null }, - { type: 'language', subtag: 'lss', prefix: [], scope: null }, - { type: 'language', subtag: 'lst', prefix: [], scope: null }, - { type: 'language', subtag: 'lsv', prefix: [], scope: null }, - { type: 'language', subtag: 'lsw', prefix: [], scope: null }, - { type: 'language', subtag: 'lsy', prefix: [], scope: null }, - { type: 'language', subtag: 'ltc', prefix: [], scope: null }, - { type: 'language', subtag: 'ltg', prefix: [], scope: null }, - { type: 'language', subtag: 'lth', prefix: [], scope: null }, - { type: 'language', subtag: 'lti', prefix: [], scope: null }, - { type: 'language', subtag: 'ltn', prefix: [], scope: null }, - { type: 'language', subtag: 'lto', prefix: [], scope: null }, - { type: 'language', subtag: 'lts', prefix: [], scope: null }, - { type: 'language', subtag: 'ltu', prefix: [], scope: null }, - { type: 'language', subtag: 'lua', prefix: [], scope: null }, - { type: 'language', subtag: 'luc', prefix: [], scope: null }, - { type: 'language', subtag: 'lud', prefix: [], scope: null }, - { type: 'language', subtag: 'lue', prefix: [], scope: null }, - { type: 'language', subtag: 'luf', prefix: [], scope: null }, - { type: 'language', subtag: 'lui', prefix: [], scope: null }, - { type: 'language', subtag: 'luj', prefix: [], scope: null }, - { type: 'language', subtag: 'luk', prefix: [], scope: null }, - { type: 'language', subtag: 'lul', prefix: [], scope: null }, - { type: 'language', subtag: 'lum', prefix: [], scope: null }, - { type: 'language', subtag: 'lun', prefix: [], scope: null }, - { type: 'language', subtag: 'luo', prefix: [], scope: null }, - { type: 'language', subtag: 'lup', prefix: [], scope: null }, - { type: 'language', subtag: 'luq', prefix: [], scope: null }, - { type: 'language', subtag: 'lur', prefix: [], scope: null }, - { type: 'language', subtag: 'lus', prefix: [], scope: null }, - { type: 'language', subtag: 'lut', prefix: [], scope: null }, - { type: 'language', subtag: 'luu', prefix: [], scope: null }, - { type: 'language', subtag: 'luv', prefix: [], scope: null }, - { type: 'language', subtag: 'luw', prefix: [], scope: null }, - { type: 'language', subtag: 'luy', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'luz', prefix: [], scope: null }, - { type: 'language', subtag: 'lva', prefix: [], scope: null }, - { type: 'language', subtag: 'lvi', prefix: [], scope: null }, - { type: 'language', subtag: 'lvk', prefix: [], scope: null }, - { type: 'language', subtag: 'lvs', prefix: [], scope: null }, - { type: 'language', subtag: 'lvu', prefix: [], scope: null }, - { type: 'language', subtag: 'lwa', prefix: [], scope: null }, - { type: 'language', subtag: 'lwe', prefix: [], scope: null }, - { type: 'language', subtag: 'lwg', prefix: [], scope: null }, - { type: 'language', subtag: 'lwh', prefix: [], scope: null }, - { type: 'language', subtag: 'lwl', prefix: [], scope: null }, - { type: 'language', subtag: 'lwm', prefix: [], scope: null }, - { type: 'language', subtag: 'lwo', prefix: [], scope: null }, - { type: 'language', subtag: 'lws', prefix: [], scope: null }, - { type: 'language', subtag: 'lwt', prefix: [], scope: null }, - { type: 'language', subtag: 'lwu', prefix: [], scope: null }, - { type: 'language', subtag: 'lww', prefix: [], scope: null }, - { type: 'language', subtag: 'lxm', prefix: [], scope: null }, - { type: 'language', subtag: 'lya', prefix: [], scope: null }, - { type: 'language', subtag: 'lyg', prefix: [], scope: null }, - { type: 'language', subtag: 'lyn', prefix: [], scope: null }, - { type: 'language', subtag: 'lzh', prefix: [], scope: null }, - { type: 'language', subtag: 'lzl', prefix: [], scope: null }, - { type: 'language', subtag: 'lzn', prefix: [], scope: null }, - { type: 'language', subtag: 'lzz', prefix: [], scope: null }, - { type: 'language', subtag: 'maa', prefix: [], scope: null }, - { type: 'language', subtag: 'mab', prefix: [], scope: null }, - { type: 'language', subtag: 'mad', prefix: [], scope: null }, - { type: 'language', subtag: 'mae', prefix: [], scope: null }, - { type: 'language', subtag: 'maf', prefix: [], scope: null }, - { type: 'language', subtag: 'mag', prefix: [], scope: null }, - { type: 'language', subtag: 'mai', prefix: [], scope: null }, - { type: 'language', subtag: 'maj', prefix: [], scope: null }, - { type: 'language', subtag: 'mak', prefix: [], scope: null }, - { type: 'language', subtag: 'mam', prefix: [], scope: null }, - { type: 'language', subtag: 'man', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'map', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'maq', prefix: [], scope: null }, - { type: 'language', subtag: 'mas', prefix: [], scope: null }, - { type: 'language', subtag: 'mat', prefix: [], scope: null }, - { type: 'language', subtag: 'mau', prefix: [], scope: null }, - { type: 'language', subtag: 'mav', prefix: [], scope: null }, - { type: 'language', subtag: 'maw', prefix: [], scope: null }, - { type: 'language', subtag: 'max', prefix: [], scope: null }, - { type: 'language', subtag: 'maz', prefix: [], scope: null }, - { type: 'language', subtag: 'mba', prefix: [], scope: null }, - { type: 'language', subtag: 'mbb', prefix: [], scope: null }, - { type: 'language', subtag: 'mbc', prefix: [], scope: null }, - { type: 'language', subtag: 'mbd', prefix: [], scope: null }, - { type: 'language', subtag: 'mbe', prefix: [], scope: null }, - { type: 'language', subtag: 'mbf', prefix: [], scope: null }, - { type: 'language', subtag: 'mbh', prefix: [], scope: null }, - { type: 'language', subtag: 'mbi', prefix: [], scope: null }, - { type: 'language', subtag: 'mbj', prefix: [], scope: null }, - { type: 'language', subtag: 'mbk', prefix: [], scope: null }, - { type: 'language', subtag: 'mbl', prefix: [], scope: null }, - { type: 'language', subtag: 'mbm', prefix: [], scope: null }, - { type: 'language', subtag: 'mbn', prefix: [], scope: null }, - { type: 'language', subtag: 'mbo', prefix: [], scope: null }, - { type: 'language', subtag: 'mbp', prefix: [], scope: null }, - { type: 'language', subtag: 'mbq', prefix: [], scope: null }, - { type: 'language', subtag: 'mbr', prefix: [], scope: null }, - { type: 'language', subtag: 'mbs', prefix: [], scope: null }, - { type: 'language', subtag: 'mbt', prefix: [], scope: null }, - { type: 'language', subtag: 'mbu', prefix: [], scope: null }, - { type: 'language', subtag: 'mbv', prefix: [], scope: null }, - { type: 'language', subtag: 'mbw', prefix: [], scope: null }, - { type: 'language', subtag: 'mbx', prefix: [], scope: null }, - { type: 'language', subtag: 'mby', prefix: [], scope: null }, - { type: 'language', subtag: 'mbz', prefix: [], scope: null }, - { type: 'language', subtag: 'mca', prefix: [], scope: null }, - { type: 'language', subtag: 'mcb', prefix: [], scope: null }, - { type: 'language', subtag: 'mcc', prefix: [], scope: null }, - { type: 'language', subtag: 'mcd', prefix: [], scope: null }, - { type: 'language', subtag: 'mce', prefix: [], scope: null }, - { type: 'language', subtag: 'mcf', prefix: [], scope: null }, - { type: 'language', subtag: 'mcg', prefix: [], scope: null }, - { type: 'language', subtag: 'mch', prefix: [], scope: null }, - { type: 'language', subtag: 'mci', prefix: [], scope: null }, - { type: 'language', subtag: 'mcj', prefix: [], scope: null }, - { type: 'language', subtag: 'mck', prefix: [], scope: null }, - { type: 'language', subtag: 'mcl', prefix: [], scope: null }, - { type: 'language', subtag: 'mcm', prefix: [], scope: null }, - { type: 'language', subtag: 'mcn', prefix: [], scope: null }, - { type: 'language', subtag: 'mco', prefix: [], scope: null }, - { type: 'language', subtag: 'mcp', prefix: [], scope: null }, - { type: 'language', subtag: 'mcq', prefix: [], scope: null }, - { type: 'language', subtag: 'mcr', prefix: [], scope: null }, - { type: 'language', subtag: 'mcs', prefix: [], scope: null }, - { type: 'language', subtag: 'mct', prefix: [], scope: null }, - { type: 'language', subtag: 'mcu', prefix: [], scope: null }, - { type: 'language', subtag: 'mcv', prefix: [], scope: null }, - { type: 'language', subtag: 'mcw', prefix: [], scope: null }, - { type: 'language', subtag: 'mcx', prefix: [], scope: null }, - { type: 'language', subtag: 'mcy', prefix: [], scope: null }, - { type: 'language', subtag: 'mcz', prefix: [], scope: null }, - { type: 'language', subtag: 'mda', prefix: [], scope: null }, - { type: 'language', subtag: 'mdb', prefix: [], scope: null }, - { type: 'language', subtag: 'mdc', prefix: [], scope: null }, - { type: 'language', subtag: 'mdd', prefix: [], scope: null }, - { type: 'language', subtag: 'mde', prefix: [], scope: null }, - { type: 'language', subtag: 'mdf', prefix: [], scope: null }, - { type: 'language', subtag: 'mdg', prefix: [], scope: null }, - { type: 'language', subtag: 'mdh', prefix: [], scope: null }, - { type: 'language', subtag: 'mdi', prefix: [], scope: null }, - { type: 'language', subtag: 'mdj', prefix: [], scope: null }, - { type: 'language', subtag: 'mdk', prefix: [], scope: null }, - { type: 'language', subtag: 'mdl', prefix: [], scope: null }, - { type: 'language', subtag: 'mdm', prefix: [], scope: null }, - { type: 'language', subtag: 'mdn', prefix: [], scope: null }, - { type: 'language', subtag: 'mdp', prefix: [], scope: null }, - { type: 'language', subtag: 'mdq', prefix: [], scope: null }, - { type: 'language', subtag: 'mdr', prefix: [], scope: null }, - { type: 'language', subtag: 'mds', prefix: [], scope: null }, - { type: 'language', subtag: 'mdt', prefix: [], scope: null }, - { type: 'language', subtag: 'mdu', prefix: [], scope: null }, - { type: 'language', subtag: 'mdv', prefix: [], scope: null }, - { type: 'language', subtag: 'mdw', prefix: [], scope: null }, - { type: 'language', subtag: 'mdx', prefix: [], scope: null }, - { type: 'language', subtag: 'mdy', prefix: [], scope: null }, - { type: 'language', subtag: 'mdz', prefix: [], scope: null }, - { type: 'language', subtag: 'mea', prefix: [], scope: null }, - { type: 'language', subtag: 'meb', prefix: [], scope: null }, - { type: 'language', subtag: 'mec', prefix: [], scope: null }, - { type: 'language', subtag: 'med', prefix: [], scope: null }, - { type: 'language', subtag: 'mee', prefix: [], scope: null }, - { type: 'language', subtag: 'mef', prefix: [], scope: null }, - { type: 'language', subtag: 'meg', prefix: [], scope: null }, - { type: 'language', subtag: 'meh', prefix: [], scope: null }, - { type: 'language', subtag: 'mei', prefix: [], scope: null }, - { type: 'language', subtag: 'mej', prefix: [], scope: null }, - { type: 'language', subtag: 'mek', prefix: [], scope: null }, - { type: 'language', subtag: 'mel', prefix: [], scope: null }, - { type: 'language', subtag: 'mem', prefix: [], scope: null }, - { type: 'language', subtag: 'men', prefix: [], scope: null }, - { type: 'language', subtag: 'meo', prefix: [], scope: null }, - { type: 'language', subtag: 'mep', prefix: [], scope: null }, - { type: 'language', subtag: 'meq', prefix: [], scope: null }, - { type: 'language', subtag: 'mer', prefix: [], scope: null }, - { type: 'language', subtag: 'mes', prefix: [], scope: null }, - { type: 'language', subtag: 'met', prefix: [], scope: null }, - { type: 'language', subtag: 'meu', prefix: [], scope: null }, - { type: 'language', subtag: 'mev', prefix: [], scope: null }, - { type: 'language', subtag: 'mew', prefix: [], scope: null }, - { type: 'language', subtag: 'mey', prefix: [], scope: null }, - { type: 'language', subtag: 'mez', prefix: [], scope: null }, - { type: 'language', subtag: 'mfa', prefix: [], scope: null }, - { type: 'language', subtag: 'mfb', prefix: [], scope: null }, - { type: 'language', subtag: 'mfc', prefix: [], scope: null }, - { type: 'language', subtag: 'mfd', prefix: [], scope: null }, - { type: 'language', subtag: 'mfe', prefix: [], scope: null }, - { type: 'language', subtag: 'mff', prefix: [], scope: null }, - { type: 'language', subtag: 'mfg', prefix: [], scope: null }, - { type: 'language', subtag: 'mfh', prefix: [], scope: null }, - { type: 'language', subtag: 'mfi', prefix: [], scope: null }, - { type: 'language', subtag: 'mfj', prefix: [], scope: null }, - { type: 'language', subtag: 'mfk', prefix: [], scope: null }, - { type: 'language', subtag: 'mfl', prefix: [], scope: null }, - { type: 'language', subtag: 'mfm', prefix: [], scope: null }, - { type: 'language', subtag: 'mfn', prefix: [], scope: null }, - { type: 'language', subtag: 'mfo', prefix: [], scope: null }, - { type: 'language', subtag: 'mfp', prefix: [], scope: null }, - { type: 'language', subtag: 'mfq', prefix: [], scope: null }, - { type: 'language', subtag: 'mfr', prefix: [], scope: null }, - { type: 'language', subtag: 'mfs', prefix: [], scope: null }, - { type: 'language', subtag: 'mft', prefix: [], scope: null }, - { type: 'language', subtag: 'mfu', prefix: [], scope: null }, - { type: 'language', subtag: 'mfv', prefix: [], scope: null }, - { type: 'language', subtag: 'mfw', prefix: [], scope: null }, - { type: 'language', subtag: 'mfx', prefix: [], scope: null }, - { type: 'language', subtag: 'mfy', prefix: [], scope: null }, - { type: 'language', subtag: 'mfz', prefix: [], scope: null }, - { type: 'language', subtag: 'mga', prefix: [], scope: null }, - { type: 'language', subtag: 'mgb', prefix: [], scope: null }, - { type: 'language', subtag: 'mgc', prefix: [], scope: null }, - { type: 'language', subtag: 'mgd', prefix: [], scope: null }, - { type: 'language', subtag: 'mge', prefix: [], scope: null }, - { type: 'language', subtag: 'mgf', prefix: [], scope: null }, - { type: 'language', subtag: 'mgg', prefix: [], scope: null }, - { type: 'language', subtag: 'mgh', prefix: [], scope: null }, - { type: 'language', subtag: 'mgi', prefix: [], scope: null }, - { type: 'language', subtag: 'mgj', prefix: [], scope: null }, - { type: 'language', subtag: 'mgk', prefix: [], scope: null }, - { type: 'language', subtag: 'mgl', prefix: [], scope: null }, - { type: 'language', subtag: 'mgm', prefix: [], scope: null }, - { type: 'language', subtag: 'mgn', prefix: [], scope: null }, - { type: 'language', subtag: 'mgo', prefix: [], scope: null }, - { type: 'language', subtag: 'mgp', prefix: [], scope: null }, - { type: 'language', subtag: 'mgq', prefix: [], scope: null }, - { type: 'language', subtag: 'mgr', prefix: [], scope: null }, - { type: 'language', subtag: 'mgs', prefix: [], scope: null }, - { type: 'language', subtag: 'mgt', prefix: [], scope: null }, - { type: 'language', subtag: 'mgu', prefix: [], scope: null }, - { type: 'language', subtag: 'mgv', prefix: [], scope: null }, - { type: 'language', subtag: 'mgw', prefix: [], scope: null }, - { type: 'language', subtag: 'mgx', prefix: [], scope: null }, - { type: 'language', subtag: 'mgy', prefix: [], scope: null }, - { type: 'language', subtag: 'mgz', prefix: [], scope: null }, - { type: 'language', subtag: 'mha', prefix: [], scope: null }, - { type: 'language', subtag: 'mhb', prefix: [], scope: null }, - { type: 'language', subtag: 'mhc', prefix: [], scope: null }, - { type: 'language', subtag: 'mhd', prefix: [], scope: null }, - { type: 'language', subtag: 'mhe', prefix: [], scope: null }, - { type: 'language', subtag: 'mhf', prefix: [], scope: null }, - { type: 'language', subtag: 'mhg', prefix: [], scope: null }, - { type: 'language', subtag: 'mhh', prefix: [], scope: null }, - { type: 'language', subtag: 'mhi', prefix: [], scope: null }, - { type: 'language', subtag: 'mhj', prefix: [], scope: null }, - { type: 'language', subtag: 'mhk', prefix: [], scope: null }, - { type: 'language', subtag: 'mhl', prefix: [], scope: null }, - { type: 'language', subtag: 'mhm', prefix: [], scope: null }, - { type: 'language', subtag: 'mhn', prefix: [], scope: null }, - { type: 'language', subtag: 'mho', prefix: [], scope: null }, - { type: 'language', subtag: 'mhp', prefix: [], scope: null }, - { type: 'language', subtag: 'mhq', prefix: [], scope: null }, - { type: 'language', subtag: 'mhr', prefix: [], scope: null }, - { type: 'language', subtag: 'mhs', prefix: [], scope: null }, - { type: 'language', subtag: 'mht', prefix: [], scope: null }, - { type: 'language', subtag: 'mhu', prefix: [], scope: null }, - { type: 'language', subtag: 'mhw', prefix: [], scope: null }, - { type: 'language', subtag: 'mhx', prefix: [], scope: null }, - { type: 'language', subtag: 'mhy', prefix: [], scope: null }, - { type: 'language', subtag: 'mhz', prefix: [], scope: null }, - { type: 'language', subtag: 'mia', prefix: [], scope: null }, - { type: 'language', subtag: 'mib', prefix: [], scope: null }, - { type: 'language', subtag: 'mic', prefix: [], scope: null }, - { type: 'language', subtag: 'mid', prefix: [], scope: null }, - { type: 'language', subtag: 'mie', prefix: [], scope: null }, - { type: 'language', subtag: 'mif', prefix: [], scope: null }, - { type: 'language', subtag: 'mig', prefix: [], scope: null }, - { type: 'language', subtag: 'mih', prefix: [], scope: null }, - { type: 'language', subtag: 'mii', prefix: [], scope: null }, - { type: 'language', subtag: 'mij', prefix: [], scope: null }, - { type: 'language', subtag: 'mik', prefix: [], scope: null }, - { type: 'language', subtag: 'mil', prefix: [], scope: null }, - { type: 'language', subtag: 'mim', prefix: [], scope: null }, - { type: 'language', subtag: 'min', prefix: [], scope: null }, - { type: 'language', subtag: 'mio', prefix: [], scope: null }, - { type: 'language', subtag: 'mip', prefix: [], scope: null }, - { type: 'language', subtag: 'miq', prefix: [], scope: null }, - { type: 'language', subtag: 'mir', prefix: [], scope: null }, - { type: 'language', subtag: 'mis', prefix: [], scope: 'special' }, - { type: 'language', subtag: 'mit', prefix: [], scope: null }, - { type: 'language', subtag: 'miu', prefix: [], scope: null }, - { type: 'language', subtag: 'miw', prefix: [], scope: null }, - { type: 'language', subtag: 'mix', prefix: [], scope: null }, - { type: 'language', subtag: 'miy', prefix: [], scope: null }, - { type: 'language', subtag: 'miz', prefix: [], scope: null }, - { type: 'language', subtag: 'mja', prefix: [], scope: null }, - { type: 'language', subtag: 'mjb', prefix: [], scope: null }, - { type: 'language', subtag: 'mjc', prefix: [], scope: null }, - { type: 'language', subtag: 'mjd', prefix: [], scope: null }, - { type: 'language', subtag: 'mje', prefix: [], scope: null }, - { type: 'language', subtag: 'mjg', prefix: [], scope: null }, - { type: 'language', subtag: 'mjh', prefix: [], scope: null }, - { type: 'language', subtag: 'mji', prefix: [], scope: null }, - { type: 'language', subtag: 'mjj', prefix: [], scope: null }, - { type: 'language', subtag: 'mjk', prefix: [], scope: null }, - { type: 'language', subtag: 'mjl', prefix: [], scope: null }, - { type: 'language', subtag: 'mjm', prefix: [], scope: null }, - { type: 'language', subtag: 'mjn', prefix: [], scope: null }, - { type: 'language', subtag: 'mjo', prefix: [], scope: null }, - { type: 'language', subtag: 'mjp', prefix: [], scope: null }, - { type: 'language', subtag: 'mjq', prefix: [], scope: null }, - { type: 'language', subtag: 'mjr', prefix: [], scope: null }, - { type: 'language', subtag: 'mjs', prefix: [], scope: null }, - { type: 'language', subtag: 'mjt', prefix: [], scope: null }, - { type: 'language', subtag: 'mju', prefix: [], scope: null }, - { type: 'language', subtag: 'mjv', prefix: [], scope: null }, - { type: 'language', subtag: 'mjw', prefix: [], scope: null }, - { type: 'language', subtag: 'mjx', prefix: [], scope: null }, - { type: 'language', subtag: 'mjy', prefix: [], scope: null }, - { type: 'language', subtag: 'mjz', prefix: [], scope: null }, - { type: 'language', subtag: 'mka', prefix: [], scope: null }, - { type: 'language', subtag: 'mkb', prefix: [], scope: null }, - { type: 'language', subtag: 'mkc', prefix: [], scope: null }, - { type: 'language', subtag: 'mke', prefix: [], scope: null }, - { type: 'language', subtag: 'mkf', prefix: [], scope: null }, - { type: 'language', subtag: 'mkg', prefix: [], scope: null }, - { type: 'language', subtag: 'mkh', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'mki', prefix: [], scope: null }, - { type: 'language', subtag: 'mkj', prefix: [], scope: null }, - { type: 'language', subtag: 'mkk', prefix: [], scope: null }, - { type: 'language', subtag: 'mkl', prefix: [], scope: null }, - { type: 'language', subtag: 'mkm', prefix: [], scope: null }, - { type: 'language', subtag: 'mkn', prefix: [], scope: null }, - { type: 'language', subtag: 'mko', prefix: [], scope: null }, - { type: 'language', subtag: 'mkp', prefix: [], scope: null }, - { type: 'language', subtag: 'mkq', prefix: [], scope: null }, - { type: 'language', subtag: 'mkr', prefix: [], scope: null }, - { type: 'language', subtag: 'mks', prefix: [], scope: null }, - { type: 'language', subtag: 'mkt', prefix: [], scope: null }, - { type: 'language', subtag: 'mku', prefix: [], scope: null }, - { type: 'language', subtag: 'mkv', prefix: [], scope: null }, - { type: 'language', subtag: 'mkw', prefix: [], scope: null }, - { type: 'language', subtag: 'mkx', prefix: [], scope: null }, - { type: 'language', subtag: 'mky', prefix: [], scope: null }, - { type: 'language', subtag: 'mkz', prefix: [], scope: null }, - { type: 'language', subtag: 'mla', prefix: [], scope: null }, - { type: 'language', subtag: 'mlb', prefix: [], scope: null }, - { type: 'language', subtag: 'mlc', prefix: [], scope: null }, - { type: 'language', subtag: 'mld', prefix: [], scope: null }, - { type: 'language', subtag: 'mle', prefix: [], scope: null }, - { type: 'language', subtag: 'mlf', prefix: [], scope: null }, - { type: 'language', subtag: 'mlh', prefix: [], scope: null }, - { type: 'language', subtag: 'mli', prefix: [], scope: null }, - { type: 'language', subtag: 'mlj', prefix: [], scope: null }, - { type: 'language', subtag: 'mlk', prefix: [], scope: null }, - { type: 'language', subtag: 'mll', prefix: [], scope: null }, - { type: 'language', subtag: 'mlm', prefix: [], scope: null }, - { type: 'language', subtag: 'mln', prefix: [], scope: null }, - { type: 'language', subtag: 'mlo', prefix: [], scope: null }, - { type: 'language', subtag: 'mlp', prefix: [], scope: null }, - { type: 'language', subtag: 'mlq', prefix: [], scope: null }, - { type: 'language', subtag: 'mlr', prefix: [], scope: null }, - { type: 'language', subtag: 'mls', prefix: [], scope: null }, - { type: 'language', subtag: 'mlu', prefix: [], scope: null }, - { type: 'language', subtag: 'mlv', prefix: [], scope: null }, - { type: 'language', subtag: 'mlw', prefix: [], scope: null }, - { type: 'language', subtag: 'mlx', prefix: [], scope: null }, - { type: 'language', subtag: 'mlz', prefix: [], scope: null }, - { type: 'language', subtag: 'mma', prefix: [], scope: null }, - { type: 'language', subtag: 'mmb', prefix: [], scope: null }, - { type: 'language', subtag: 'mmc', prefix: [], scope: null }, - { type: 'language', subtag: 'mmd', prefix: [], scope: null }, - { type: 'language', subtag: 'mme', prefix: [], scope: null }, - { type: 'language', subtag: 'mmf', prefix: [], scope: null }, - { type: 'language', subtag: 'mmg', prefix: [], scope: null }, - { type: 'language', subtag: 'mmh', prefix: [], scope: null }, - { type: 'language', subtag: 'mmi', prefix: [], scope: null }, - { type: 'language', subtag: 'mmj', prefix: [], scope: null }, - { type: 'language', subtag: 'mmk', prefix: [], scope: null }, - { type: 'language', subtag: 'mml', prefix: [], scope: null }, - { type: 'language', subtag: 'mmm', prefix: [], scope: null }, - { type: 'language', subtag: 'mmn', prefix: [], scope: null }, - { type: 'language', subtag: 'mmo', prefix: [], scope: null }, - { type: 'language', subtag: 'mmp', prefix: [], scope: null }, - { type: 'language', subtag: 'mmq', prefix: [], scope: null }, - { type: 'language', subtag: 'mmr', prefix: [], scope: null }, - { type: 'language', subtag: 'mmt', prefix: [], scope: null }, - { type: 'language', subtag: 'mmu', prefix: [], scope: null }, - { type: 'language', subtag: 'mmv', prefix: [], scope: null }, - { type: 'language', subtag: 'mmw', prefix: [], scope: null }, - { type: 'language', subtag: 'mmx', prefix: [], scope: null }, - { type: 'language', subtag: 'mmy', prefix: [], scope: null }, - { type: 'language', subtag: 'mmz', prefix: [], scope: null }, - { type: 'language', subtag: 'mna', prefix: [], scope: null }, - { type: 'language', subtag: 'mnb', prefix: [], scope: null }, - { type: 'language', subtag: 'mnc', prefix: [], scope: null }, - { type: 'language', subtag: 'mnd', prefix: [], scope: null }, - { type: 'language', subtag: 'mne', prefix: [], scope: null }, - { type: 'language', subtag: 'mnf', prefix: [], scope: null }, - { type: 'language', subtag: 'mng', prefix: [], scope: null }, - { type: 'language', subtag: 'mnh', prefix: [], scope: null }, - { type: 'language', subtag: 'mni', prefix: [], scope: null }, - { type: 'language', subtag: 'mnj', prefix: [], scope: null }, - { type: 'language', subtag: 'mnk', prefix: [], scope: null }, - { type: 'language', subtag: 'mnl', prefix: [], scope: null }, - { type: 'language', subtag: 'mnm', prefix: [], scope: null }, - { type: 'language', subtag: 'mnn', prefix: [], scope: null }, - { type: 'language', subtag: 'mno', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'mnp', prefix: [], scope: null }, - { type: 'language', subtag: 'mnq', prefix: [], scope: null }, - { type: 'language', subtag: 'mnr', prefix: [], scope: null }, - { type: 'language', subtag: 'mns', prefix: [], scope: null }, - { type: 'language', subtag: 'mnt', prefix: [], scope: null }, - { type: 'language', subtag: 'mnu', prefix: [], scope: null }, - { type: 'language', subtag: 'mnv', prefix: [], scope: null }, - { type: 'language', subtag: 'mnw', prefix: [], scope: null }, - { type: 'language', subtag: 'mnx', prefix: [], scope: null }, - { type: 'language', subtag: 'mny', prefix: [], scope: null }, - { type: 'language', subtag: 'mnz', prefix: [], scope: null }, - { type: 'language', subtag: 'moa', prefix: [], scope: null }, - { type: 'language', subtag: 'moc', prefix: [], scope: null }, - { type: 'language', subtag: 'mod', prefix: [], scope: null }, - { type: 'language', subtag: 'moe', prefix: [], scope: null }, - { type: 'language', subtag: 'mof', prefix: [], scope: null }, - { type: 'language', subtag: 'mog', prefix: [], scope: null }, - { type: 'language', subtag: 'moh', prefix: [], scope: null }, - { type: 'language', subtag: 'moi', prefix: [], scope: null }, - { type: 'language', subtag: 'moj', prefix: [], scope: null }, - { type: 'language', subtag: 'mok', prefix: [], scope: null }, - { type: 'language', subtag: 'mom', prefix: [], scope: null }, - { type: 'language', subtag: 'moo', prefix: [], scope: null }, - { type: 'language', subtag: 'mop', prefix: [], scope: null }, - { type: 'language', subtag: 'moq', prefix: [], scope: null }, - { type: 'language', subtag: 'mor', prefix: [], scope: null }, - { type: 'language', subtag: 'mos', prefix: [], scope: null }, - { type: 'language', subtag: 'mot', prefix: [], scope: null }, - { type: 'language', subtag: 'mou', prefix: [], scope: null }, - { type: 'language', subtag: 'mov', prefix: [], scope: null }, - { type: 'language', subtag: 'mow', prefix: [], scope: null }, - { type: 'language', subtag: 'mox', prefix: [], scope: null }, - { type: 'language', subtag: 'moy', prefix: [], scope: null }, - { type: 'language', subtag: 'moz', prefix: [], scope: null }, - { type: 'language', subtag: 'mpa', prefix: [], scope: null }, - { type: 'language', subtag: 'mpb', prefix: [], scope: null }, - { type: 'language', subtag: 'mpc', prefix: [], scope: null }, - { type: 'language', subtag: 'mpd', prefix: [], scope: null }, - { type: 'language', subtag: 'mpe', prefix: [], scope: null }, - { type: 'language', subtag: 'mpg', prefix: [], scope: null }, - { type: 'language', subtag: 'mph', prefix: [], scope: null }, - { type: 'language', subtag: 'mpi', prefix: [], scope: null }, - { type: 'language', subtag: 'mpj', prefix: [], scope: null }, - { type: 'language', subtag: 'mpk', prefix: [], scope: null }, - { type: 'language', subtag: 'mpl', prefix: [], scope: null }, - { type: 'language', subtag: 'mpm', prefix: [], scope: null }, - { type: 'language', subtag: 'mpn', prefix: [], scope: null }, - { type: 'language', subtag: 'mpo', prefix: [], scope: null }, - { type: 'language', subtag: 'mpp', prefix: [], scope: null }, - { type: 'language', subtag: 'mpq', prefix: [], scope: null }, - { type: 'language', subtag: 'mpr', prefix: [], scope: null }, - { type: 'language', subtag: 'mps', prefix: [], scope: null }, - { type: 'language', subtag: 'mpt', prefix: [], scope: null }, - { type: 'language', subtag: 'mpu', prefix: [], scope: null }, - { type: 'language', subtag: 'mpv', prefix: [], scope: null }, - { type: 'language', subtag: 'mpw', prefix: [], scope: null }, - { type: 'language', subtag: 'mpx', prefix: [], scope: null }, - { type: 'language', subtag: 'mpy', prefix: [], scope: null }, - { type: 'language', subtag: 'mpz', prefix: [], scope: null }, - { type: 'language', subtag: 'mqa', prefix: [], scope: null }, - { type: 'language', subtag: 'mqb', prefix: [], scope: null }, - { type: 'language', subtag: 'mqc', prefix: [], scope: null }, - { type: 'language', subtag: 'mqe', prefix: [], scope: null }, - { type: 'language', subtag: 'mqf', prefix: [], scope: null }, - { type: 'language', subtag: 'mqg', prefix: [], scope: null }, - { type: 'language', subtag: 'mqh', prefix: [], scope: null }, - { type: 'language', subtag: 'mqi', prefix: [], scope: null }, - { type: 'language', subtag: 'mqj', prefix: [], scope: null }, - { type: 'language', subtag: 'mqk', prefix: [], scope: null }, - { type: 'language', subtag: 'mql', prefix: [], scope: null }, - { type: 'language', subtag: 'mqm', prefix: [], scope: null }, - { type: 'language', subtag: 'mqn', prefix: [], scope: null }, - { type: 'language', subtag: 'mqo', prefix: [], scope: null }, - { type: 'language', subtag: 'mqp', prefix: [], scope: null }, - { type: 'language', subtag: 'mqq', prefix: [], scope: null }, - { type: 'language', subtag: 'mqr', prefix: [], scope: null }, - { type: 'language', subtag: 'mqs', prefix: [], scope: null }, - { type: 'language', subtag: 'mqt', prefix: [], scope: null }, - { type: 'language', subtag: 'mqu', prefix: [], scope: null }, - { type: 'language', subtag: 'mqv', prefix: [], scope: null }, - { type: 'language', subtag: 'mqw', prefix: [], scope: null }, - { type: 'language', subtag: 'mqx', prefix: [], scope: null }, - { type: 'language', subtag: 'mqy', prefix: [], scope: null }, - { type: 'language', subtag: 'mqz', prefix: [], scope: null }, - { type: 'language', subtag: 'mra', prefix: [], scope: null }, - { type: 'language', subtag: 'mrb', prefix: [], scope: null }, - { type: 'language', subtag: 'mrc', prefix: [], scope: null }, - { type: 'language', subtag: 'mrd', prefix: [], scope: null }, - { type: 'language', subtag: 'mre', prefix: [], scope: null }, - { type: 'language', subtag: 'mrf', prefix: [], scope: null }, - { type: 'language', subtag: 'mrg', prefix: [], scope: null }, - { type: 'language', subtag: 'mrh', prefix: [], scope: null }, - { type: 'language', subtag: 'mrj', prefix: [], scope: null }, - { type: 'language', subtag: 'mrk', prefix: [], scope: null }, - { type: 'language', subtag: 'mrl', prefix: [], scope: null }, - { type: 'language', subtag: 'mrm', prefix: [], scope: null }, - { type: 'language', subtag: 'mrn', prefix: [], scope: null }, - { type: 'language', subtag: 'mro', prefix: [], scope: null }, - { type: 'language', subtag: 'mrp', prefix: [], scope: null }, - { type: 'language', subtag: 'mrq', prefix: [], scope: null }, - { type: 'language', subtag: 'mrr', prefix: [], scope: null }, - { type: 'language', subtag: 'mrs', prefix: [], scope: null }, - { type: 'language', subtag: 'mrt', prefix: [], scope: null }, - { type: 'language', subtag: 'mru', prefix: [], scope: null }, - { type: 'language', subtag: 'mrv', prefix: [], scope: null }, - { type: 'language', subtag: 'mrw', prefix: [], scope: null }, - { type: 'language', subtag: 'mrx', prefix: [], scope: null }, - { type: 'language', subtag: 'mry', prefix: [], scope: null }, - { type: 'language', subtag: 'mrz', prefix: [], scope: null }, - { type: 'language', subtag: 'msb', prefix: [], scope: null }, - { type: 'language', subtag: 'msc', prefix: [], scope: null }, - { type: 'language', subtag: 'msd', prefix: [], scope: null }, - { type: 'language', subtag: 'mse', prefix: [], scope: null }, - { type: 'language', subtag: 'msf', prefix: [], scope: null }, - { type: 'language', subtag: 'msg', prefix: [], scope: null }, - { type: 'language', subtag: 'msh', prefix: [], scope: null }, - { type: 'language', subtag: 'msi', prefix: [], scope: null }, - { type: 'language', subtag: 'msj', prefix: [], scope: null }, - { type: 'language', subtag: 'msk', prefix: [], scope: null }, - { type: 'language', subtag: 'msl', prefix: [], scope: null }, - { type: 'language', subtag: 'msm', prefix: [], scope: null }, - { type: 'language', subtag: 'msn', prefix: [], scope: null }, - { type: 'language', subtag: 'mso', prefix: [], scope: null }, - { type: 'language', subtag: 'msp', prefix: [], scope: null }, - { type: 'language', subtag: 'msq', prefix: [], scope: null }, - { type: 'language', subtag: 'msr', prefix: [], scope: null }, - { type: 'language', subtag: 'mss', prefix: [], scope: null }, - { type: 'language', subtag: 'mst', prefix: [], scope: null }, - { type: 'language', subtag: 'msu', prefix: [], scope: null }, - { type: 'language', subtag: 'msv', prefix: [], scope: null }, - { type: 'language', subtag: 'msw', prefix: [], scope: null }, - { type: 'language', subtag: 'msx', prefix: [], scope: null }, - { type: 'language', subtag: 'msy', prefix: [], scope: null }, - { type: 'language', subtag: 'msz', prefix: [], scope: null }, - { type: 'language', subtag: 'mta', prefix: [], scope: null }, - { type: 'language', subtag: 'mtb', prefix: [], scope: null }, - { type: 'language', subtag: 'mtc', prefix: [], scope: null }, - { type: 'language', subtag: 'mtd', prefix: [], scope: null }, - { type: 'language', subtag: 'mte', prefix: [], scope: null }, - { type: 'language', subtag: 'mtf', prefix: [], scope: null }, - { type: 'language', subtag: 'mtg', prefix: [], scope: null }, - { type: 'language', subtag: 'mth', prefix: [], scope: null }, - { type: 'language', subtag: 'mti', prefix: [], scope: null }, - { type: 'language', subtag: 'mtj', prefix: [], scope: null }, - { type: 'language', subtag: 'mtk', prefix: [], scope: null }, - { type: 'language', subtag: 'mtl', prefix: [], scope: null }, - { type: 'language', subtag: 'mtm', prefix: [], scope: null }, - { type: 'language', subtag: 'mtn', prefix: [], scope: null }, - { type: 'language', subtag: 'mto', prefix: [], scope: null }, - { type: 'language', subtag: 'mtp', prefix: [], scope: null }, - { type: 'language', subtag: 'mtq', prefix: [], scope: null }, - { type: 'language', subtag: 'mtr', prefix: [], scope: null }, - { type: 'language', subtag: 'mts', prefix: [], scope: null }, - { type: 'language', subtag: 'mtt', prefix: [], scope: null }, - { type: 'language', subtag: 'mtu', prefix: [], scope: null }, - { type: 'language', subtag: 'mtv', prefix: [], scope: null }, - { type: 'language', subtag: 'mtw', prefix: [], scope: null }, - { type: 'language', subtag: 'mtx', prefix: [], scope: null }, - { type: 'language', subtag: 'mty', prefix: [], scope: null }, - { type: 'language', subtag: 'mua', prefix: [], scope: null }, - { type: 'language', subtag: 'mub', prefix: [], scope: null }, - { type: 'language', subtag: 'muc', prefix: [], scope: null }, - { type: 'language', subtag: 'mud', prefix: [], scope: null }, - { type: 'language', subtag: 'mue', prefix: [], scope: null }, - { type: 'language', subtag: 'mug', prefix: [], scope: null }, - { type: 'language', subtag: 'muh', prefix: [], scope: null }, - { type: 'language', subtag: 'mui', prefix: [], scope: null }, - { type: 'language', subtag: 'muj', prefix: [], scope: null }, - { type: 'language', subtag: 'muk', prefix: [], scope: null }, - { type: 'language', subtag: 'mul', prefix: [], scope: 'special' }, - { type: 'language', subtag: 'mum', prefix: [], scope: null }, - { type: 'language', subtag: 'mun', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'muo', prefix: [], scope: null }, - { type: 'language', subtag: 'mup', prefix: [], scope: null }, - { type: 'language', subtag: 'muq', prefix: [], scope: null }, - { type: 'language', subtag: 'mur', prefix: [], scope: null }, - { type: 'language', subtag: 'mus', prefix: [], scope: null }, - { type: 'language', subtag: 'mut', prefix: [], scope: null }, - { type: 'language', subtag: 'muu', prefix: [], scope: null }, - { type: 'language', subtag: 'muv', prefix: [], scope: null }, - { type: 'language', subtag: 'mux', prefix: [], scope: null }, - { type: 'language', subtag: 'muy', prefix: [], scope: null }, - { type: 'language', subtag: 'muz', prefix: [], scope: null }, - { type: 'language', subtag: 'mva', prefix: [], scope: null }, - { type: 'language', subtag: 'mvb', prefix: [], scope: null }, - { type: 'language', subtag: 'mvd', prefix: [], scope: null }, - { type: 'language', subtag: 'mve', prefix: [], scope: null }, - { type: 'language', subtag: 'mvf', prefix: [], scope: null }, - { type: 'language', subtag: 'mvg', prefix: [], scope: null }, - { type: 'language', subtag: 'mvh', prefix: [], scope: null }, - { type: 'language', subtag: 'mvi', prefix: [], scope: null }, - { type: 'language', subtag: 'mvk', prefix: [], scope: null }, - { type: 'language', subtag: 'mvl', prefix: [], scope: null }, - { type: 'language', subtag: 'mvm', prefix: [], scope: null }, - { type: 'language', subtag: 'mvn', prefix: [], scope: null }, - { type: 'language', subtag: 'mvo', prefix: [], scope: null }, - { type: 'language', subtag: 'mvp', prefix: [], scope: null }, - { type: 'language', subtag: 'mvq', prefix: [], scope: null }, - { type: 'language', subtag: 'mvr', prefix: [], scope: null }, - { type: 'language', subtag: 'mvs', prefix: [], scope: null }, - { type: 'language', subtag: 'mvt', prefix: [], scope: null }, - { type: 'language', subtag: 'mvu', prefix: [], scope: null }, - { type: 'language', subtag: 'mvv', prefix: [], scope: null }, - { type: 'language', subtag: 'mvw', prefix: [], scope: null }, - { type: 'language', subtag: 'mvx', prefix: [], scope: null }, - { type: 'language', subtag: 'mvy', prefix: [], scope: null }, - { type: 'language', subtag: 'mvz', prefix: [], scope: null }, - { type: 'language', subtag: 'mwa', prefix: [], scope: null }, - { type: 'language', subtag: 'mwb', prefix: [], scope: null }, - { type: 'language', subtag: 'mwc', prefix: [], scope: null }, - { type: 'language', subtag: 'mwd', prefix: [], scope: null }, - { type: 'language', subtag: 'mwe', prefix: [], scope: null }, - { type: 'language', subtag: 'mwf', prefix: [], scope: null }, - { type: 'language', subtag: 'mwg', prefix: [], scope: null }, - { type: 'language', subtag: 'mwh', prefix: [], scope: null }, - { type: 'language', subtag: 'mwi', prefix: [], scope: null }, - { type: 'language', subtag: 'mwj', prefix: [], scope: null }, - { type: 'language', subtag: 'mwk', prefix: [], scope: null }, - { type: 'language', subtag: 'mwl', prefix: [], scope: null }, - { type: 'language', subtag: 'mwm', prefix: [], scope: null }, - { type: 'language', subtag: 'mwn', prefix: [], scope: null }, - { type: 'language', subtag: 'mwo', prefix: [], scope: null }, - { type: 'language', subtag: 'mwp', prefix: [], scope: null }, - { type: 'language', subtag: 'mwq', prefix: [], scope: null }, - { type: 'language', subtag: 'mwr', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'mws', prefix: [], scope: null }, - { type: 'language', subtag: 'mwt', prefix: [], scope: null }, - { type: 'language', subtag: 'mwu', prefix: [], scope: null }, - { type: 'language', subtag: 'mwv', prefix: [], scope: null }, - { type: 'language', subtag: 'mww', prefix: [], scope: null }, - { type: 'language', subtag: 'mwx', prefix: [], scope: null }, - { type: 'language', subtag: 'mwy', prefix: [], scope: null }, - { type: 'language', subtag: 'mwz', prefix: [], scope: null }, - { type: 'language', subtag: 'mxa', prefix: [], scope: null }, - { type: 'language', subtag: 'mxb', prefix: [], scope: null }, - { type: 'language', subtag: 'mxc', prefix: [], scope: null }, - { type: 'language', subtag: 'mxd', prefix: [], scope: null }, - { type: 'language', subtag: 'mxe', prefix: [], scope: null }, - { type: 'language', subtag: 'mxf', prefix: [], scope: null }, - { type: 'language', subtag: 'mxg', prefix: [], scope: null }, - { type: 'language', subtag: 'mxh', prefix: [], scope: null }, - { type: 'language', subtag: 'mxi', prefix: [], scope: null }, - { type: 'language', subtag: 'mxj', prefix: [], scope: null }, - { type: 'language', subtag: 'mxk', prefix: [], scope: null }, - { type: 'language', subtag: 'mxl', prefix: [], scope: null }, - { type: 'language', subtag: 'mxm', prefix: [], scope: null }, - { type: 'language', subtag: 'mxn', prefix: [], scope: null }, - { type: 'language', subtag: 'mxo', prefix: [], scope: null }, - { type: 'language', subtag: 'mxp', prefix: [], scope: null }, - { type: 'language', subtag: 'mxq', prefix: [], scope: null }, - { type: 'language', subtag: 'mxr', prefix: [], scope: null }, - { type: 'language', subtag: 'mxs', prefix: [], scope: null }, - { type: 'language', subtag: 'mxt', prefix: [], scope: null }, - { type: 'language', subtag: 'mxu', prefix: [], scope: null }, - { type: 'language', subtag: 'mxv', prefix: [], scope: null }, - { type: 'language', subtag: 'mxw', prefix: [], scope: null }, - { type: 'language', subtag: 'mxx', prefix: [], scope: null }, - { type: 'language', subtag: 'mxy', prefix: [], scope: null }, - { type: 'language', subtag: 'mxz', prefix: [], scope: null }, - { type: 'language', subtag: 'myb', prefix: [], scope: null }, - { type: 'language', subtag: 'myc', prefix: [], scope: null }, - { type: 'language', subtag: 'myd', prefix: [], scope: null }, - { type: 'language', subtag: 'mye', prefix: [], scope: null }, - { type: 'language', subtag: 'myf', prefix: [], scope: null }, - { type: 'language', subtag: 'myg', prefix: [], scope: null }, - { type: 'language', subtag: 'myh', prefix: [], scope: null }, - { type: 'language', subtag: 'myi', prefix: [], scope: null }, - { type: 'language', subtag: 'myj', prefix: [], scope: null }, - { type: 'language', subtag: 'myk', prefix: [], scope: null }, - { type: 'language', subtag: 'myl', prefix: [], scope: null }, - { type: 'language', subtag: 'mym', prefix: [], scope: null }, - { type: 'language', subtag: 'myn', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'myo', prefix: [], scope: null }, - { type: 'language', subtag: 'myp', prefix: [], scope: null }, - { type: 'language', subtag: 'myq', prefix: [], scope: null }, - { type: 'language', subtag: 'myr', prefix: [], scope: null }, - { type: 'language', subtag: 'mys', prefix: [], scope: null }, - { type: 'language', subtag: 'myt', prefix: [], scope: null }, - { type: 'language', subtag: 'myu', prefix: [], scope: null }, - { type: 'language', subtag: 'myv', prefix: [], scope: null }, - { type: 'language', subtag: 'myw', prefix: [], scope: null }, - { type: 'language', subtag: 'myx', prefix: [], scope: null }, - { type: 'language', subtag: 'myy', prefix: [], scope: null }, - { type: 'language', subtag: 'myz', prefix: [], scope: null }, - { type: 'language', subtag: 'mza', prefix: [], scope: null }, - { type: 'language', subtag: 'mzb', prefix: [], scope: null }, - { type: 'language', subtag: 'mzc', prefix: [], scope: null }, - { type: 'language', subtag: 'mzd', prefix: [], scope: null }, - { type: 'language', subtag: 'mze', prefix: [], scope: null }, - { type: 'language', subtag: 'mzg', prefix: [], scope: null }, - { type: 'language', subtag: 'mzh', prefix: [], scope: null }, - { type: 'language', subtag: 'mzi', prefix: [], scope: null }, - { type: 'language', subtag: 'mzj', prefix: [], scope: null }, - { type: 'language', subtag: 'mzk', prefix: [], scope: null }, - { type: 'language', subtag: 'mzl', prefix: [], scope: null }, - { type: 'language', subtag: 'mzm', prefix: [], scope: null }, - { type: 'language', subtag: 'mzn', prefix: [], scope: null }, - { type: 'language', subtag: 'mzo', prefix: [], scope: null }, - { type: 'language', subtag: 'mzp', prefix: [], scope: null }, - { type: 'language', subtag: 'mzq', prefix: [], scope: null }, - { type: 'language', subtag: 'mzr', prefix: [], scope: null }, - { type: 'language', subtag: 'mzs', prefix: [], scope: null }, - { type: 'language', subtag: 'mzt', prefix: [], scope: null }, - { type: 'language', subtag: 'mzu', prefix: [], scope: null }, - { type: 'language', subtag: 'mzv', prefix: [], scope: null }, - { type: 'language', subtag: 'mzw', prefix: [], scope: null }, - { type: 'language', subtag: 'mzx', prefix: [], scope: null }, - { type: 'language', subtag: 'mzy', prefix: [], scope: null }, - { type: 'language', subtag: 'mzz', prefix: [], scope: null }, - { type: 'language', subtag: 'naa', prefix: [], scope: null }, - { type: 'language', subtag: 'nab', prefix: [], scope: null }, - { type: 'language', subtag: 'nac', prefix: [], scope: null }, - { type: 'language', subtag: 'nad', prefix: [], scope: null }, - { type: 'language', subtag: 'nae', prefix: [], scope: null }, - { type: 'language', subtag: 'naf', prefix: [], scope: null }, - { type: 'language', subtag: 'nag', prefix: [], scope: null }, - { type: 'language', subtag: 'nah', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'nai', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'naj', prefix: [], scope: null }, - { type: 'language', subtag: 'nak', prefix: [], scope: null }, - { type: 'language', subtag: 'nal', prefix: [], scope: null }, - { type: 'language', subtag: 'nam', prefix: [], scope: null }, - { type: 'language', subtag: 'nan', prefix: [], scope: null }, - { type: 'language', subtag: 'nao', prefix: [], scope: null }, - { type: 'language', subtag: 'nap', prefix: [], scope: null }, - { type: 'language', subtag: 'naq', prefix: [], scope: null }, - { type: 'language', subtag: 'nar', prefix: [], scope: null }, - { type: 'language', subtag: 'nas', prefix: [], scope: null }, - { type: 'language', subtag: 'nat', prefix: [], scope: null }, - { type: 'language', subtag: 'naw', prefix: [], scope: null }, - { type: 'language', subtag: 'nax', prefix: [], scope: null }, - { type: 'language', subtag: 'nay', prefix: [], scope: null }, - { type: 'language', subtag: 'naz', prefix: [], scope: null }, - { type: 'language', subtag: 'nba', prefix: [], scope: null }, - { type: 'language', subtag: 'nbb', prefix: [], scope: null }, - { type: 'language', subtag: 'nbc', prefix: [], scope: null }, - { type: 'language', subtag: 'nbd', prefix: [], scope: null }, - { type: 'language', subtag: 'nbe', prefix: [], scope: null }, - { type: 'language', subtag: 'nbf', prefix: [], scope: null }, - { type: 'language', subtag: 'nbg', prefix: [], scope: null }, - { type: 'language', subtag: 'nbh', prefix: [], scope: null }, - { type: 'language', subtag: 'nbi', prefix: [], scope: null }, - { type: 'language', subtag: 'nbj', prefix: [], scope: null }, - { type: 'language', subtag: 'nbk', prefix: [], scope: null }, - { type: 'language', subtag: 'nbm', prefix: [], scope: null }, - { type: 'language', subtag: 'nbn', prefix: [], scope: null }, - { type: 'language', subtag: 'nbo', prefix: [], scope: null }, - { type: 'language', subtag: 'nbp', prefix: [], scope: null }, - { type: 'language', subtag: 'nbq', prefix: [], scope: null }, - { type: 'language', subtag: 'nbr', prefix: [], scope: null }, - { type: 'language', subtag: 'nbs', prefix: [], scope: null }, - { type: 'language', subtag: 'nbt', prefix: [], scope: null }, - { type: 'language', subtag: 'nbu', prefix: [], scope: null }, - { type: 'language', subtag: 'nbv', prefix: [], scope: null }, - { type: 'language', subtag: 'nbw', prefix: [], scope: null }, - { type: 'language', subtag: 'nbx', prefix: [], scope: null }, - { type: 'language', subtag: 'nby', prefix: [], scope: null }, - { type: 'language', subtag: 'nca', prefix: [], scope: null }, - { type: 'language', subtag: 'ncb', prefix: [], scope: null }, - { type: 'language', subtag: 'ncc', prefix: [], scope: null }, - { type: 'language', subtag: 'ncd', prefix: [], scope: null }, - { type: 'language', subtag: 'nce', prefix: [], scope: null }, - { type: 'language', subtag: 'ncf', prefix: [], scope: null }, - { type: 'language', subtag: 'ncg', prefix: [], scope: null }, - { type: 'language', subtag: 'nch', prefix: [], scope: null }, - { type: 'language', subtag: 'nci', prefix: [], scope: null }, - { type: 'language', subtag: 'ncj', prefix: [], scope: null }, - { type: 'language', subtag: 'nck', prefix: [], scope: null }, - { type: 'language', subtag: 'ncl', prefix: [], scope: null }, - { type: 'language', subtag: 'ncm', prefix: [], scope: null }, - { type: 'language', subtag: 'ncn', prefix: [], scope: null }, - { type: 'language', subtag: 'nco', prefix: [], scope: null }, - { type: 'language', subtag: 'ncp', prefix: [], scope: null }, - { type: 'language', subtag: 'ncq', prefix: [], scope: null }, - { type: 'language', subtag: 'ncr', prefix: [], scope: null }, - { type: 'language', subtag: 'ncs', prefix: [], scope: null }, - { type: 'language', subtag: 'nct', prefix: [], scope: null }, - { type: 'language', subtag: 'ncu', prefix: [], scope: null }, - { type: 'language', subtag: 'ncx', prefix: [], scope: null }, - { type: 'language', subtag: 'ncz', prefix: [], scope: null }, - { type: 'language', subtag: 'nda', prefix: [], scope: null }, - { type: 'language', subtag: 'ndb', prefix: [], scope: null }, - { type: 'language', subtag: 'ndc', prefix: [], scope: null }, - { type: 'language', subtag: 'ndd', prefix: [], scope: null }, - { type: 'language', subtag: 'ndf', prefix: [], scope: null }, - { type: 'language', subtag: 'ndg', prefix: [], scope: null }, - { type: 'language', subtag: 'ndh', prefix: [], scope: null }, - { type: 'language', subtag: 'ndi', prefix: [], scope: null }, - { type: 'language', subtag: 'ndj', prefix: [], scope: null }, - { type: 'language', subtag: 'ndk', prefix: [], scope: null }, - { type: 'language', subtag: 'ndl', prefix: [], scope: null }, - { type: 'language', subtag: 'ndm', prefix: [], scope: null }, - { type: 'language', subtag: 'ndn', prefix: [], scope: null }, - { type: 'language', subtag: 'ndp', prefix: [], scope: null }, - { type: 'language', subtag: 'ndq', prefix: [], scope: null }, - { type: 'language', subtag: 'ndr', prefix: [], scope: null }, - { type: 'language', subtag: 'nds', prefix: [], scope: null }, - { type: 'language', subtag: 'ndt', prefix: [], scope: null }, - { type: 'language', subtag: 'ndu', prefix: [], scope: null }, - { type: 'language', subtag: 'ndv', prefix: [], scope: null }, - { type: 'language', subtag: 'ndw', prefix: [], scope: null }, - { type: 'language', subtag: 'ndx', prefix: [], scope: null }, - { type: 'language', subtag: 'ndy', prefix: [], scope: null }, - { type: 'language', subtag: 'ndz', prefix: [], scope: null }, - { type: 'language', subtag: 'nea', prefix: [], scope: null }, - { type: 'language', subtag: 'neb', prefix: [], scope: null }, - { type: 'language', subtag: 'nec', prefix: [], scope: null }, - { type: 'language', subtag: 'ned', prefix: [], scope: null }, - { type: 'language', subtag: 'nee', prefix: [], scope: null }, - { type: 'language', subtag: 'nef', prefix: [], scope: null }, - { type: 'language', subtag: 'neg', prefix: [], scope: null }, - { type: 'language', subtag: 'neh', prefix: [], scope: null }, - { type: 'language', subtag: 'nei', prefix: [], scope: null }, - { type: 'language', subtag: 'nej', prefix: [], scope: null }, - { type: 'language', subtag: 'nek', prefix: [], scope: null }, - { type: 'language', subtag: 'nem', prefix: [], scope: null }, - { type: 'language', subtag: 'nen', prefix: [], scope: null }, - { type: 'language', subtag: 'neo', prefix: [], scope: null }, - { type: 'language', subtag: 'neq', prefix: [], scope: null }, - { type: 'language', subtag: 'ner', prefix: [], scope: null }, - { type: 'language', subtag: 'nes', prefix: [], scope: null }, - { type: 'language', subtag: 'net', prefix: [], scope: null }, - { type: 'language', subtag: 'neu', prefix: [], scope: null }, - { type: 'language', subtag: 'nev', prefix: [], scope: null }, - { type: 'language', subtag: 'new', prefix: [], scope: null }, - { type: 'language', subtag: 'nex', prefix: [], scope: null }, - { type: 'language', subtag: 'ney', prefix: [], scope: null }, - { type: 'language', subtag: 'nez', prefix: [], scope: null }, - { type: 'language', subtag: 'nfa', prefix: [], scope: null }, - { type: 'language', subtag: 'nfd', prefix: [], scope: null }, - { type: 'language', subtag: 'nfl', prefix: [], scope: null }, - { type: 'language', subtag: 'nfr', prefix: [], scope: null }, - { type: 'language', subtag: 'nfu', prefix: [], scope: null }, - { type: 'language', subtag: 'nga', prefix: [], scope: null }, - { type: 'language', subtag: 'ngb', prefix: [], scope: null }, - { type: 'language', subtag: 'ngc', prefix: [], scope: null }, - { type: 'language', subtag: 'ngd', prefix: [], scope: null }, - { type: 'language', subtag: 'nge', prefix: [], scope: null }, - { type: 'language', subtag: 'ngf', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'ngg', prefix: [], scope: null }, - { type: 'language', subtag: 'ngh', prefix: [], scope: null }, - { type: 'language', subtag: 'ngi', prefix: [], scope: null }, - { type: 'language', subtag: 'ngj', prefix: [], scope: null }, - { type: 'language', subtag: 'ngk', prefix: [], scope: null }, - { type: 'language', subtag: 'ngl', prefix: [], scope: null }, - { type: 'language', subtag: 'ngm', prefix: [], scope: null }, - { type: 'language', subtag: 'ngn', prefix: [], scope: null }, - { type: 'language', subtag: 'ngo', prefix: [], scope: null }, - { type: 'language', subtag: 'ngp', prefix: [], scope: null }, - { type: 'language', subtag: 'ngq', prefix: [], scope: null }, - { type: 'language', subtag: 'ngr', prefix: [], scope: null }, - { type: 'language', subtag: 'ngs', prefix: [], scope: null }, - { type: 'language', subtag: 'ngt', prefix: [], scope: null }, - { type: 'language', subtag: 'ngu', prefix: [], scope: null }, - { type: 'language', subtag: 'ngv', prefix: [], scope: null }, - { type: 'language', subtag: 'ngw', prefix: [], scope: null }, - { type: 'language', subtag: 'ngx', prefix: [], scope: null }, - { type: 'language', subtag: 'ngy', prefix: [], scope: null }, - { type: 'language', subtag: 'ngz', prefix: [], scope: null }, - { type: 'language', subtag: 'nha', prefix: [], scope: null }, - { type: 'language', subtag: 'nhb', prefix: [], scope: null }, - { type: 'language', subtag: 'nhc', prefix: [], scope: null }, - { type: 'language', subtag: 'nhd', prefix: [], scope: null }, - { type: 'language', subtag: 'nhe', prefix: [], scope: null }, - { type: 'language', subtag: 'nhf', prefix: [], scope: null }, - { type: 'language', subtag: 'nhg', prefix: [], scope: null }, - { type: 'language', subtag: 'nhh', prefix: [], scope: null }, - { type: 'language', subtag: 'nhi', prefix: [], scope: null }, - { type: 'language', subtag: 'nhk', prefix: [], scope: null }, - { type: 'language', subtag: 'nhm', prefix: [], scope: null }, - { type: 'language', subtag: 'nhn', prefix: [], scope: null }, - { type: 'language', subtag: 'nho', prefix: [], scope: null }, - { type: 'language', subtag: 'nhp', prefix: [], scope: null }, - { type: 'language', subtag: 'nhq', prefix: [], scope: null }, - { type: 'language', subtag: 'nhr', prefix: [], scope: null }, - { type: 'language', subtag: 'nht', prefix: [], scope: null }, - { type: 'language', subtag: 'nhu', prefix: [], scope: null }, - { type: 'language', subtag: 'nhv', prefix: [], scope: null }, - { type: 'language', subtag: 'nhw', prefix: [], scope: null }, - { type: 'language', subtag: 'nhx', prefix: [], scope: null }, - { type: 'language', subtag: 'nhy', prefix: [], scope: null }, - { type: 'language', subtag: 'nhz', prefix: [], scope: null }, - { type: 'language', subtag: 'nia', prefix: [], scope: null }, - { type: 'language', subtag: 'nib', prefix: [], scope: null }, - { type: 'language', subtag: 'nic', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'nid', prefix: [], scope: null }, - { type: 'language', subtag: 'nie', prefix: [], scope: null }, - { type: 'language', subtag: 'nif', prefix: [], scope: null }, - { type: 'language', subtag: 'nig', prefix: [], scope: null }, - { type: 'language', subtag: 'nih', prefix: [], scope: null }, - { type: 'language', subtag: 'nii', prefix: [], scope: null }, - { type: 'language', subtag: 'nij', prefix: [], scope: null }, - { type: 'language', subtag: 'nik', prefix: [], scope: null }, - { type: 'language', subtag: 'nil', prefix: [], scope: null }, - { type: 'language', subtag: 'nim', prefix: [], scope: null }, - { type: 'language', subtag: 'nin', prefix: [], scope: null }, - { type: 'language', subtag: 'nio', prefix: [], scope: null }, - { type: 'language', subtag: 'niq', prefix: [], scope: null }, - { type: 'language', subtag: 'nir', prefix: [], scope: null }, - { type: 'language', subtag: 'nis', prefix: [], scope: null }, - { type: 'language', subtag: 'nit', prefix: [], scope: null }, - { type: 'language', subtag: 'niu', prefix: [], scope: null }, - { type: 'language', subtag: 'niv', prefix: [], scope: null }, - { type: 'language', subtag: 'niw', prefix: [], scope: null }, - { type: 'language', subtag: 'nix', prefix: [], scope: null }, - { type: 'language', subtag: 'niy', prefix: [], scope: null }, - { type: 'language', subtag: 'niz', prefix: [], scope: null }, - { type: 'language', subtag: 'nja', prefix: [], scope: null }, - { type: 'language', subtag: 'njb', prefix: [], scope: null }, - { type: 'language', subtag: 'njd', prefix: [], scope: null }, - { type: 'language', subtag: 'njh', prefix: [], scope: null }, - { type: 'language', subtag: 'nji', prefix: [], scope: null }, - { type: 'language', subtag: 'njj', prefix: [], scope: null }, - { type: 'language', subtag: 'njl', prefix: [], scope: null }, - { type: 'language', subtag: 'njm', prefix: [], scope: null }, - { type: 'language', subtag: 'njn', prefix: [], scope: null }, - { type: 'language', subtag: 'njo', prefix: [], scope: null }, - { type: 'language', subtag: 'njr', prefix: [], scope: null }, - { type: 'language', subtag: 'njs', prefix: [], scope: null }, - { type: 'language', subtag: 'njt', prefix: [], scope: null }, - { type: 'language', subtag: 'nju', prefix: [], scope: null }, - { type: 'language', subtag: 'njx', prefix: [], scope: null }, - { type: 'language', subtag: 'njy', prefix: [], scope: null }, - { type: 'language', subtag: 'njz', prefix: [], scope: null }, - { type: 'language', subtag: 'nka', prefix: [], scope: null }, - { type: 'language', subtag: 'nkb', prefix: [], scope: null }, - { type: 'language', subtag: 'nkc', prefix: [], scope: null }, - { type: 'language', subtag: 'nkd', prefix: [], scope: null }, - { type: 'language', subtag: 'nke', prefix: [], scope: null }, - { type: 'language', subtag: 'nkf', prefix: [], scope: null }, - { type: 'language', subtag: 'nkg', prefix: [], scope: null }, - { type: 'language', subtag: 'nkh', prefix: [], scope: null }, - { type: 'language', subtag: 'nki', prefix: [], scope: null }, - { type: 'language', subtag: 'nkj', prefix: [], scope: null }, - { type: 'language', subtag: 'nkk', prefix: [], scope: null }, - { type: 'language', subtag: 'nkm', prefix: [], scope: null }, - { type: 'language', subtag: 'nkn', prefix: [], scope: null }, - { type: 'language', subtag: 'nko', prefix: [], scope: null }, - { type: 'language', subtag: 'nkp', prefix: [], scope: null }, - { type: 'language', subtag: 'nkq', prefix: [], scope: null }, - { type: 'language', subtag: 'nkr', prefix: [], scope: null }, - { type: 'language', subtag: 'nks', prefix: [], scope: null }, - { type: 'language', subtag: 'nkt', prefix: [], scope: null }, - { type: 'language', subtag: 'nku', prefix: [], scope: null }, - { type: 'language', subtag: 'nkv', prefix: [], scope: null }, - { type: 'language', subtag: 'nkw', prefix: [], scope: null }, - { type: 'language', subtag: 'nkx', prefix: [], scope: null }, - { type: 'language', subtag: 'nkz', prefix: [], scope: null }, - { type: 'language', subtag: 'nla', prefix: [], scope: null }, - { type: 'language', subtag: 'nlc', prefix: [], scope: null }, - { type: 'language', subtag: 'nle', prefix: [], scope: null }, - { type: 'language', subtag: 'nlg', prefix: [], scope: null }, - { type: 'language', subtag: 'nli', prefix: [], scope: null }, - { type: 'language', subtag: 'nlj', prefix: [], scope: null }, - { type: 'language', subtag: 'nlk', prefix: [], scope: null }, - { type: 'language', subtag: 'nll', prefix: [], scope: null }, - { type: 'language', subtag: 'nlm', prefix: [], scope: null }, - { type: 'language', subtag: 'nln', prefix: [], scope: null }, - { type: 'language', subtag: 'nlo', prefix: [], scope: null }, - { type: 'language', subtag: 'nlq', prefix: [], scope: null }, - { type: 'language', subtag: 'nlr', prefix: [], scope: null }, - { type: 'language', subtag: 'nlu', prefix: [], scope: null }, - { type: 'language', subtag: 'nlv', prefix: [], scope: null }, - { type: 'language', subtag: 'nlw', prefix: [], scope: null }, - { type: 'language', subtag: 'nlx', prefix: [], scope: null }, - { type: 'language', subtag: 'nly', prefix: [], scope: null }, - { type: 'language', subtag: 'nlz', prefix: [], scope: null }, - { type: 'language', subtag: 'nma', prefix: [], scope: null }, - { type: 'language', subtag: 'nmb', prefix: [], scope: null }, - { type: 'language', subtag: 'nmc', prefix: [], scope: null }, - { type: 'language', subtag: 'nmd', prefix: [], scope: null }, - { type: 'language', subtag: 'nme', prefix: [], scope: null }, - { type: 'language', subtag: 'nmf', prefix: [], scope: null }, - { type: 'language', subtag: 'nmg', prefix: [], scope: null }, - { type: 'language', subtag: 'nmh', prefix: [], scope: null }, - { type: 'language', subtag: 'nmi', prefix: [], scope: null }, - { type: 'language', subtag: 'nmj', prefix: [], scope: null }, - { type: 'language', subtag: 'nmk', prefix: [], scope: null }, - { type: 'language', subtag: 'nml', prefix: [], scope: null }, - { type: 'language', subtag: 'nmm', prefix: [], scope: null }, - { type: 'language', subtag: 'nmn', prefix: [], scope: null }, - { type: 'language', subtag: 'nmo', prefix: [], scope: null }, - { type: 'language', subtag: 'nmp', prefix: [], scope: null }, - { type: 'language', subtag: 'nmq', prefix: [], scope: null }, - { type: 'language', subtag: 'nmr', prefix: [], scope: null }, - { type: 'language', subtag: 'nms', prefix: [], scope: null }, - { type: 'language', subtag: 'nmt', prefix: [], scope: null }, - { type: 'language', subtag: 'nmu', prefix: [], scope: null }, - { type: 'language', subtag: 'nmv', prefix: [], scope: null }, - { type: 'language', subtag: 'nmw', prefix: [], scope: null }, - { type: 'language', subtag: 'nmx', prefix: [], scope: null }, - { type: 'language', subtag: 'nmy', prefix: [], scope: null }, - { type: 'language', subtag: 'nmz', prefix: [], scope: null }, - { type: 'language', subtag: 'nna', prefix: [], scope: null }, - { type: 'language', subtag: 'nnb', prefix: [], scope: null }, - { type: 'language', subtag: 'nnc', prefix: [], scope: null }, - { type: 'language', subtag: 'nnd', prefix: [], scope: null }, - { type: 'language', subtag: 'nne', prefix: [], scope: null }, - { type: 'language', subtag: 'nnf', prefix: [], scope: null }, - { type: 'language', subtag: 'nng', prefix: [], scope: null }, - { type: 'language', subtag: 'nnh', prefix: [], scope: null }, - { type: 'language', subtag: 'nni', prefix: [], scope: null }, - { type: 'language', subtag: 'nnj', prefix: [], scope: null }, - { type: 'language', subtag: 'nnk', prefix: [], scope: null }, - { type: 'language', subtag: 'nnl', prefix: [], scope: null }, - { type: 'language', subtag: 'nnm', prefix: [], scope: null }, - { type: 'language', subtag: 'nnn', prefix: [], scope: null }, - { type: 'language', subtag: 'nnp', prefix: [], scope: null }, - { type: 'language', subtag: 'nnq', prefix: [], scope: null }, - { type: 'language', subtag: 'nnr', prefix: [], scope: null }, - { type: 'language', subtag: 'nns', prefix: [], scope: null }, - { type: 'language', subtag: 'nnt', prefix: [], scope: null }, - { type: 'language', subtag: 'nnu', prefix: [], scope: null }, - { type: 'language', subtag: 'nnv', prefix: [], scope: null }, - { type: 'language', subtag: 'nnw', prefix: [], scope: null }, - { type: 'language', subtag: 'nnx', prefix: [], scope: null }, - { type: 'language', subtag: 'nny', prefix: [], scope: null }, - { type: 'language', subtag: 'nnz', prefix: [], scope: null }, - { type: 'language', subtag: 'noa', prefix: [], scope: null }, - { type: 'language', subtag: 'noc', prefix: [], scope: null }, - { type: 'language', subtag: 'nod', prefix: [], scope: null }, - { type: 'language', subtag: 'noe', prefix: [], scope: null }, - { type: 'language', subtag: 'nof', prefix: [], scope: null }, - { type: 'language', subtag: 'nog', prefix: [], scope: null }, - { type: 'language', subtag: 'noh', prefix: [], scope: null }, - { type: 'language', subtag: 'noi', prefix: [], scope: null }, - { type: 'language', subtag: 'noj', prefix: [], scope: null }, - { type: 'language', subtag: 'nok', prefix: [], scope: null }, - { type: 'language', subtag: 'nol', prefix: [], scope: null }, - { type: 'language', subtag: 'nom', prefix: [], scope: null }, - { type: 'language', subtag: 'non', prefix: [], scope: null }, - { type: 'language', subtag: 'noo', prefix: [], scope: null }, - { type: 'language', subtag: 'nop', prefix: [], scope: null }, - { type: 'language', subtag: 'noq', prefix: [], scope: null }, - { type: 'language', subtag: 'nos', prefix: [], scope: null }, - { type: 'language', subtag: 'not', prefix: [], scope: null }, - { type: 'language', subtag: 'nou', prefix: [], scope: null }, - { type: 'language', subtag: 'nov', prefix: [], scope: null }, - { type: 'language', subtag: 'now', prefix: [], scope: null }, - { type: 'language', subtag: 'noy', prefix: [], scope: null }, - { type: 'language', subtag: 'noz', prefix: [], scope: null }, - { type: 'language', subtag: 'npa', prefix: [], scope: null }, - { type: 'language', subtag: 'npb', prefix: [], scope: null }, - { type: 'language', subtag: 'npg', prefix: [], scope: null }, - { type: 'language', subtag: 'nph', prefix: [], scope: null }, - { type: 'language', subtag: 'npi', prefix: [], scope: null }, - { type: 'language', subtag: 'npl', prefix: [], scope: null }, - { type: 'language', subtag: 'npn', prefix: [], scope: null }, - { type: 'language', subtag: 'npo', prefix: [], scope: null }, - { type: 'language', subtag: 'nps', prefix: [], scope: null }, - { type: 'language', subtag: 'npu', prefix: [], scope: null }, - { type: 'language', subtag: 'npx', prefix: [], scope: null }, - { type: 'language', subtag: 'npy', prefix: [], scope: null }, - { type: 'language', subtag: 'nqg', prefix: [], scope: null }, - { type: 'language', subtag: 'nqk', prefix: [], scope: null }, - { type: 'language', subtag: 'nql', prefix: [], scope: null }, - { type: 'language', subtag: 'nqm', prefix: [], scope: null }, - { type: 'language', subtag: 'nqn', prefix: [], scope: null }, - { type: 'language', subtag: 'nqo', prefix: [], scope: null }, - { type: 'language', subtag: 'nqq', prefix: [], scope: null }, - { type: 'language', subtag: 'nqt', prefix: [], scope: null }, - { type: 'language', subtag: 'nqy', prefix: [], scope: null }, - { type: 'language', subtag: 'nra', prefix: [], scope: null }, - { type: 'language', subtag: 'nrb', prefix: [], scope: null }, - { type: 'language', subtag: 'nrc', prefix: [], scope: null }, - { type: 'language', subtag: 'nre', prefix: [], scope: null }, - { type: 'language', subtag: 'nrf', prefix: [], scope: null }, - { type: 'language', subtag: 'nrg', prefix: [], scope: null }, - { type: 'language', subtag: 'nri', prefix: [], scope: null }, - { type: 'language', subtag: 'nrk', prefix: [], scope: null }, - { type: 'language', subtag: 'nrl', prefix: [], scope: null }, - { type: 'language', subtag: 'nrm', prefix: [], scope: null }, - { type: 'language', subtag: 'nrn', prefix: [], scope: null }, - { type: 'language', subtag: 'nrp', prefix: [], scope: null }, - { type: 'language', subtag: 'nrr', prefix: [], scope: null }, - { type: 'language', subtag: 'nrt', prefix: [], scope: null }, - { type: 'language', subtag: 'nru', prefix: [], scope: null }, - { type: 'language', subtag: 'nrx', prefix: [], scope: null }, - { type: 'language', subtag: 'nrz', prefix: [], scope: null }, - { type: 'language', subtag: 'nsa', prefix: [], scope: null }, - { type: 'language', subtag: 'nsb', prefix: [], scope: null }, - { type: 'language', subtag: 'nsc', prefix: [], scope: null }, - { type: 'language', subtag: 'nsd', prefix: [], scope: null }, - { type: 'language', subtag: 'nse', prefix: [], scope: null }, - { type: 'language', subtag: 'nsf', prefix: [], scope: null }, - { type: 'language', subtag: 'nsg', prefix: [], scope: null }, - { type: 'language', subtag: 'nsh', prefix: [], scope: null }, - { type: 'language', subtag: 'nsi', prefix: [], scope: null }, - { type: 'language', subtag: 'nsk', prefix: [], scope: null }, - { type: 'language', subtag: 'nsl', prefix: [], scope: null }, - { type: 'language', subtag: 'nsm', prefix: [], scope: null }, - { type: 'language', subtag: 'nsn', prefix: [], scope: null }, - { type: 'language', subtag: 'nso', prefix: [], scope: null }, - { type: 'language', subtag: 'nsp', prefix: [], scope: null }, - { type: 'language', subtag: 'nsq', prefix: [], scope: null }, - { type: 'language', subtag: 'nsr', prefix: [], scope: null }, - { type: 'language', subtag: 'nss', prefix: [], scope: null }, - { type: 'language', subtag: 'nst', prefix: [], scope: null }, - { type: 'language', subtag: 'nsu', prefix: [], scope: null }, - { type: 'language', subtag: 'nsv', prefix: [], scope: null }, - { type: 'language', subtag: 'nsw', prefix: [], scope: null }, - { type: 'language', subtag: 'nsx', prefix: [], scope: null }, - { type: 'language', subtag: 'nsy', prefix: [], scope: null }, - { type: 'language', subtag: 'nsz', prefix: [], scope: null }, - { type: 'language', subtag: 'ntd', prefix: [], scope: null }, - { type: 'language', subtag: 'nte', prefix: [], scope: null }, - { type: 'language', subtag: 'ntg', prefix: [], scope: null }, - { type: 'language', subtag: 'nti', prefix: [], scope: null }, - { type: 'language', subtag: 'ntj', prefix: [], scope: null }, - { type: 'language', subtag: 'ntk', prefix: [], scope: null }, - { type: 'language', subtag: 'ntm', prefix: [], scope: null }, - { type: 'language', subtag: 'nto', prefix: [], scope: null }, - { type: 'language', subtag: 'ntp', prefix: [], scope: null }, - { type: 'language', subtag: 'ntr', prefix: [], scope: null }, - { type: 'language', subtag: 'nts', prefix: [], scope: null }, - { type: 'language', subtag: 'ntu', prefix: [], scope: null }, - { type: 'language', subtag: 'ntw', prefix: [], scope: null }, - { type: 'language', subtag: 'ntx', prefix: [], scope: null }, - { type: 'language', subtag: 'nty', prefix: [], scope: null }, - { type: 'language', subtag: 'ntz', prefix: [], scope: null }, - { type: 'language', subtag: 'nua', prefix: [], scope: null }, - { type: 'language', subtag: 'nub', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'nuc', prefix: [], scope: null }, - { type: 'language', subtag: 'nud', prefix: [], scope: null }, - { type: 'language', subtag: 'nue', prefix: [], scope: null }, - { type: 'language', subtag: 'nuf', prefix: [], scope: null }, - { type: 'language', subtag: 'nug', prefix: [], scope: null }, - { type: 'language', subtag: 'nuh', prefix: [], scope: null }, - { type: 'language', subtag: 'nui', prefix: [], scope: null }, - { type: 'language', subtag: 'nuj', prefix: [], scope: null }, - { type: 'language', subtag: 'nuk', prefix: [], scope: null }, - { type: 'language', subtag: 'nul', prefix: [], scope: null }, - { type: 'language', subtag: 'num', prefix: [], scope: null }, - { type: 'language', subtag: 'nun', prefix: [], scope: null }, - { type: 'language', subtag: 'nuo', prefix: [], scope: null }, - { type: 'language', subtag: 'nup', prefix: [], scope: null }, - { type: 'language', subtag: 'nuq', prefix: [], scope: null }, - { type: 'language', subtag: 'nur', prefix: [], scope: null }, - { type: 'language', subtag: 'nus', prefix: [], scope: null }, - { type: 'language', subtag: 'nut', prefix: [], scope: null }, - { type: 'language', subtag: 'nuu', prefix: [], scope: null }, - { type: 'language', subtag: 'nuv', prefix: [], scope: null }, - { type: 'language', subtag: 'nuw', prefix: [], scope: null }, - { type: 'language', subtag: 'nux', prefix: [], scope: null }, - { type: 'language', subtag: 'nuy', prefix: [], scope: null }, - { type: 'language', subtag: 'nuz', prefix: [], scope: null }, - { type: 'language', subtag: 'nvh', prefix: [], scope: null }, - { type: 'language', subtag: 'nvm', prefix: [], scope: null }, - { type: 'language', subtag: 'nvo', prefix: [], scope: null }, - { type: 'language', subtag: 'nwa', prefix: [], scope: null }, - { type: 'language', subtag: 'nwb', prefix: [], scope: null }, - { type: 'language', subtag: 'nwc', prefix: [], scope: null }, - { type: 'language', subtag: 'nwe', prefix: [], scope: null }, - { type: 'language', subtag: 'nwg', prefix: [], scope: null }, - { type: 'language', subtag: 'nwi', prefix: [], scope: null }, - { type: 'language', subtag: 'nwm', prefix: [], scope: null }, - { type: 'language', subtag: 'nwo', prefix: [], scope: null }, - { type: 'language', subtag: 'nwr', prefix: [], scope: null }, - { type: 'language', subtag: 'nww', prefix: [], scope: null }, - { type: 'language', subtag: 'nwx', prefix: [], scope: null }, - { type: 'language', subtag: 'nwy', prefix: [], scope: null }, - { type: 'language', subtag: 'nxa', prefix: [], scope: null }, - { type: 'language', subtag: 'nxd', prefix: [], scope: null }, - { type: 'language', subtag: 'nxe', prefix: [], scope: null }, - { type: 'language', subtag: 'nxg', prefix: [], scope: null }, - { type: 'language', subtag: 'nxi', prefix: [], scope: null }, - { type: 'language', subtag: 'nxk', prefix: [], scope: null }, - { type: 'language', subtag: 'nxl', prefix: [], scope: null }, - { type: 'language', subtag: 'nxm', prefix: [], scope: null }, - { type: 'language', subtag: 'nxn', prefix: [], scope: null }, - { type: 'language', subtag: 'nxo', prefix: [], scope: null }, - { type: 'language', subtag: 'nxq', prefix: [], scope: null }, - { type: 'language', subtag: 'nxr', prefix: [], scope: null }, - { type: 'language', subtag: 'nxu', prefix: [], scope: null }, - { type: 'language', subtag: 'nxx', prefix: [], scope: null }, - { type: 'language', subtag: 'nyb', prefix: [], scope: null }, - { type: 'language', subtag: 'nyc', prefix: [], scope: null }, - { type: 'language', subtag: 'nyd', prefix: [], scope: null }, - { type: 'language', subtag: 'nye', prefix: [], scope: null }, - { type: 'language', subtag: 'nyf', prefix: [], scope: null }, - { type: 'language', subtag: 'nyg', prefix: [], scope: null }, - { type: 'language', subtag: 'nyh', prefix: [], scope: null }, - { type: 'language', subtag: 'nyi', prefix: [], scope: null }, - { type: 'language', subtag: 'nyj', prefix: [], scope: null }, - { type: 'language', subtag: 'nyk', prefix: [], scope: null }, - { type: 'language', subtag: 'nyl', prefix: [], scope: null }, - { type: 'language', subtag: 'nym', prefix: [], scope: null }, - { type: 'language', subtag: 'nyn', prefix: [], scope: null }, - { type: 'language', subtag: 'nyo', prefix: [], scope: null }, - { type: 'language', subtag: 'nyp', prefix: [], scope: null }, - { type: 'language', subtag: 'nyq', prefix: [], scope: null }, - { type: 'language', subtag: 'nyr', prefix: [], scope: null }, - { type: 'language', subtag: 'nys', prefix: [], scope: null }, - { type: 'language', subtag: 'nyt', prefix: [], scope: null }, - { type: 'language', subtag: 'nyu', prefix: [], scope: null }, - { type: 'language', subtag: 'nyv', prefix: [], scope: null }, - { type: 'language', subtag: 'nyw', prefix: [], scope: null }, - { type: 'language', subtag: 'nyx', prefix: [], scope: null }, - { type: 'language', subtag: 'nyy', prefix: [], scope: null }, - { type: 'language', subtag: 'nza', prefix: [], scope: null }, - { type: 'language', subtag: 'nzb', prefix: [], scope: null }, - { type: 'language', subtag: 'nzd', prefix: [], scope: null }, - { type: 'language', subtag: 'nzi', prefix: [], scope: null }, - { type: 'language', subtag: 'nzk', prefix: [], scope: null }, - { type: 'language', subtag: 'nzm', prefix: [], scope: null }, - { type: 'language', subtag: 'nzs', prefix: [], scope: null }, - { type: 'language', subtag: 'nzu', prefix: [], scope: null }, - { type: 'language', subtag: 'nzy', prefix: [], scope: null }, - { type: 'language', subtag: 'nzz', prefix: [], scope: null }, - { type: 'language', subtag: 'oaa', prefix: [], scope: null }, - { type: 'language', subtag: 'oac', prefix: [], scope: null }, - { type: 'language', subtag: 'oar', prefix: [], scope: null }, - { type: 'language', subtag: 'oav', prefix: [], scope: null }, - { type: 'language', subtag: 'obi', prefix: [], scope: null }, - { type: 'language', subtag: 'obk', prefix: [], scope: null }, - { type: 'language', subtag: 'obl', prefix: [], scope: null }, - { type: 'language', subtag: 'obm', prefix: [], scope: null }, - { type: 'language', subtag: 'obo', prefix: [], scope: null }, - { type: 'language', subtag: 'obr', prefix: [], scope: null }, - { type: 'language', subtag: 'obt', prefix: [], scope: null }, - { type: 'language', subtag: 'obu', prefix: [], scope: null }, - { type: 'language', subtag: 'oca', prefix: [], scope: null }, - { type: 'language', subtag: 'och', prefix: [], scope: null }, - { type: 'language', subtag: 'ocm', prefix: [], scope: null }, - { type: 'language', subtag: 'oco', prefix: [], scope: null }, - { type: 'language', subtag: 'ocu', prefix: [], scope: null }, - { type: 'language', subtag: 'oda', prefix: [], scope: null }, - { type: 'language', subtag: 'odk', prefix: [], scope: null }, - { type: 'language', subtag: 'odt', prefix: [], scope: null }, - { type: 'language', subtag: 'odu', prefix: [], scope: null }, - { type: 'language', subtag: 'ofo', prefix: [], scope: null }, - { type: 'language', subtag: 'ofs', prefix: [], scope: null }, - { type: 'language', subtag: 'ofu', prefix: [], scope: null }, - { type: 'language', subtag: 'ogb', prefix: [], scope: null }, - { type: 'language', subtag: 'ogc', prefix: [], scope: null }, - { type: 'language', subtag: 'oge', prefix: [], scope: null }, - { type: 'language', subtag: 'ogg', prefix: [], scope: null }, - { type: 'language', subtag: 'ogo', prefix: [], scope: null }, - { type: 'language', subtag: 'ogu', prefix: [], scope: null }, - { type: 'language', subtag: 'oht', prefix: [], scope: null }, - { type: 'language', subtag: 'ohu', prefix: [], scope: null }, - { type: 'language', subtag: 'oia', prefix: [], scope: null }, - { type: 'language', subtag: 'oie', prefix: [], scope: null }, - { type: 'language', subtag: 'oin', prefix: [], scope: null }, - { type: 'language', subtag: 'ojb', prefix: [], scope: null }, - { type: 'language', subtag: 'ojc', prefix: [], scope: null }, - { type: 'language', subtag: 'ojg', prefix: [], scope: null }, - { type: 'language', subtag: 'ojp', prefix: [], scope: null }, - { type: 'language', subtag: 'ojs', prefix: [], scope: null }, - { type: 'language', subtag: 'ojv', prefix: [], scope: null }, - { type: 'language', subtag: 'ojw', prefix: [], scope: null }, - { type: 'language', subtag: 'oka', prefix: [], scope: null }, - { type: 'language', subtag: 'okb', prefix: [], scope: null }, - { type: 'language', subtag: 'okc', prefix: [], scope: null }, - { type: 'language', subtag: 'okd', prefix: [], scope: null }, - { type: 'language', subtag: 'oke', prefix: [], scope: null }, - { type: 'language', subtag: 'okg', prefix: [], scope: null }, - { type: 'language', subtag: 'okh', prefix: [], scope: null }, - { type: 'language', subtag: 'oki', prefix: [], scope: null }, - { type: 'language', subtag: 'okj', prefix: [], scope: null }, - { type: 'language', subtag: 'okk', prefix: [], scope: null }, - { type: 'language', subtag: 'okl', prefix: [], scope: null }, - { type: 'language', subtag: 'okm', prefix: [], scope: null }, - { type: 'language', subtag: 'okn', prefix: [], scope: null }, - { type: 'language', subtag: 'oko', prefix: [], scope: null }, - { type: 'language', subtag: 'okr', prefix: [], scope: null }, - { type: 'language', subtag: 'oks', prefix: [], scope: null }, - { type: 'language', subtag: 'oku', prefix: [], scope: null }, - { type: 'language', subtag: 'okv', prefix: [], scope: null }, - { type: 'language', subtag: 'okx', prefix: [], scope: null }, - { type: 'language', subtag: 'okz', prefix: [], scope: null }, - { type: 'language', subtag: 'ola', prefix: [], scope: null }, - { type: 'language', subtag: 'old', prefix: [], scope: null }, - { type: 'language', subtag: 'ole', prefix: [], scope: null }, - { type: 'language', subtag: 'olk', prefix: [], scope: null }, - { type: 'language', subtag: 'olm', prefix: [], scope: null }, - { type: 'language', subtag: 'olo', prefix: [], scope: null }, - { type: 'language', subtag: 'olr', prefix: [], scope: null }, - { type: 'language', subtag: 'olt', prefix: [], scope: null }, - { type: 'language', subtag: 'olu', prefix: [], scope: null }, - { type: 'language', subtag: 'oma', prefix: [], scope: null }, - { type: 'language', subtag: 'omb', prefix: [], scope: null }, - { type: 'language', subtag: 'omc', prefix: [], scope: null }, - { type: 'language', subtag: 'ome', prefix: [], scope: null }, - { type: 'language', subtag: 'omg', prefix: [], scope: null }, - { type: 'language', subtag: 'omi', prefix: [], scope: null }, - { type: 'language', subtag: 'omk', prefix: [], scope: null }, - { type: 'language', subtag: 'oml', prefix: [], scope: null }, - { type: 'language', subtag: 'omn', prefix: [], scope: null }, - { type: 'language', subtag: 'omo', prefix: [], scope: null }, - { type: 'language', subtag: 'omp', prefix: [], scope: null }, - { type: 'language', subtag: 'omq', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'omr', prefix: [], scope: null }, - { type: 'language', subtag: 'omt', prefix: [], scope: null }, - { type: 'language', subtag: 'omu', prefix: [], scope: null }, - { type: 'language', subtag: 'omv', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'omw', prefix: [], scope: null }, - { type: 'language', subtag: 'omx', prefix: [], scope: null }, - { type: 'language', subtag: 'omy', prefix: [], scope: null }, - { type: 'language', subtag: 'ona', prefix: [], scope: null }, - { type: 'language', subtag: 'onb', prefix: [], scope: null }, - { type: 'language', subtag: 'one', prefix: [], scope: null }, - { type: 'language', subtag: 'ong', prefix: [], scope: null }, - { type: 'language', subtag: 'oni', prefix: [], scope: null }, - { type: 'language', subtag: 'onj', prefix: [], scope: null }, - { type: 'language', subtag: 'onk', prefix: [], scope: null }, - { type: 'language', subtag: 'onn', prefix: [], scope: null }, - { type: 'language', subtag: 'ono', prefix: [], scope: null }, - { type: 'language', subtag: 'onp', prefix: [], scope: null }, - { type: 'language', subtag: 'onr', prefix: [], scope: null }, - { type: 'language', subtag: 'ons', prefix: [], scope: null }, - { type: 'language', subtag: 'ont', prefix: [], scope: null }, - { type: 'language', subtag: 'onu', prefix: [], scope: null }, - { type: 'language', subtag: 'onw', prefix: [], scope: null }, - { type: 'language', subtag: 'onx', prefix: [], scope: null }, - { type: 'language', subtag: 'ood', prefix: [], scope: null }, - { type: 'language', subtag: 'oog', prefix: [], scope: null }, - { type: 'language', subtag: 'oon', prefix: [], scope: null }, - { type: 'language', subtag: 'oor', prefix: [], scope: null }, - { type: 'language', subtag: 'oos', prefix: [], scope: null }, - { type: 'language', subtag: 'opa', prefix: [], scope: null }, - { type: 'language', subtag: 'opk', prefix: [], scope: null }, - { type: 'language', subtag: 'opm', prefix: [], scope: null }, - { type: 'language', subtag: 'opo', prefix: [], scope: null }, - { type: 'language', subtag: 'opt', prefix: [], scope: null }, - { type: 'language', subtag: 'opy', prefix: [], scope: null }, - { type: 'language', subtag: 'ora', prefix: [], scope: null }, - { type: 'language', subtag: 'orc', prefix: [], scope: null }, - { type: 'language', subtag: 'ore', prefix: [], scope: null }, - { type: 'language', subtag: 'org', prefix: [], scope: null }, - { type: 'language', subtag: 'orh', prefix: [], scope: null }, - { type: 'language', subtag: 'orn', prefix: [], scope: null }, - { type: 'language', subtag: 'oro', prefix: [], scope: null }, - { type: 'language', subtag: 'orr', prefix: [], scope: null }, - { type: 'language', subtag: 'ors', prefix: [], scope: null }, - { type: 'language', subtag: 'ort', prefix: [], scope: null }, - { type: 'language', subtag: 'oru', prefix: [], scope: null }, - { type: 'language', subtag: 'orv', prefix: [], scope: null }, - { type: 'language', subtag: 'orw', prefix: [], scope: null }, - { type: 'language', subtag: 'orx', prefix: [], scope: null }, - { type: 'language', subtag: 'ory', prefix: [], scope: null }, - { type: 'language', subtag: 'orz', prefix: [], scope: null }, - { type: 'language', subtag: 'osa', prefix: [], scope: null }, - { type: 'language', subtag: 'osc', prefix: [], scope: null }, - { type: 'language', subtag: 'osi', prefix: [], scope: null }, - { type: 'language', subtag: 'osn', prefix: [], scope: null }, - { type: 'language', subtag: 'oso', prefix: [], scope: null }, - { type: 'language', subtag: 'osp', prefix: [], scope: null }, - { type: 'language', subtag: 'ost', prefix: [], scope: null }, - { type: 'language', subtag: 'osu', prefix: [], scope: null }, - { type: 'language', subtag: 'osx', prefix: [], scope: null }, - { type: 'language', subtag: 'ota', prefix: [], scope: null }, - { type: 'language', subtag: 'otb', prefix: [], scope: null }, - { type: 'language', subtag: 'otd', prefix: [], scope: null }, - { type: 'language', subtag: 'ote', prefix: [], scope: null }, - { type: 'language', subtag: 'oti', prefix: [], scope: null }, - { type: 'language', subtag: 'otk', prefix: [], scope: null }, - { type: 'language', subtag: 'otl', prefix: [], scope: null }, - { type: 'language', subtag: 'otm', prefix: [], scope: null }, - { type: 'language', subtag: 'otn', prefix: [], scope: null }, - { type: 'language', subtag: 'oto', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'otq', prefix: [], scope: null }, - { type: 'language', subtag: 'otr', prefix: [], scope: null }, - { type: 'language', subtag: 'ots', prefix: [], scope: null }, - { type: 'language', subtag: 'ott', prefix: [], scope: null }, - { type: 'language', subtag: 'otu', prefix: [], scope: null }, - { type: 'language', subtag: 'otw', prefix: [], scope: null }, - { type: 'language', subtag: 'otx', prefix: [], scope: null }, - { type: 'language', subtag: 'oty', prefix: [], scope: null }, - { type: 'language', subtag: 'otz', prefix: [], scope: null }, - { type: 'language', subtag: 'oua', prefix: [], scope: null }, - { type: 'language', subtag: 'oub', prefix: [], scope: null }, - { type: 'language', subtag: 'oue', prefix: [], scope: null }, - { type: 'language', subtag: 'oui', prefix: [], scope: null }, - { type: 'language', subtag: 'oum', prefix: [], scope: null }, - { type: 'language', subtag: 'oun', prefix: [], scope: null }, - { type: 'language', subtag: 'ovd', prefix: [], scope: null }, - { type: 'language', subtag: 'owi', prefix: [], scope: null }, - { type: 'language', subtag: 'owl', prefix: [], scope: null }, - { type: 'language', subtag: 'oyb', prefix: [], scope: null }, - { type: 'language', subtag: 'oyd', prefix: [], scope: null }, - { type: 'language', subtag: 'oym', prefix: [], scope: null }, - { type: 'language', subtag: 'oyy', prefix: [], scope: null }, - { type: 'language', subtag: 'ozm', prefix: [], scope: null }, - { type: 'language', subtag: 'paa', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'pab', prefix: [], scope: null }, - { type: 'language', subtag: 'pac', prefix: [], scope: null }, - { type: 'language', subtag: 'pad', prefix: [], scope: null }, - { type: 'language', subtag: 'pae', prefix: [], scope: null }, - { type: 'language', subtag: 'paf', prefix: [], scope: null }, - { type: 'language', subtag: 'pag', prefix: [], scope: null }, - { type: 'language', subtag: 'pah', prefix: [], scope: null }, - { type: 'language', subtag: 'pai', prefix: [], scope: null }, - { type: 'language', subtag: 'pak', prefix: [], scope: null }, - { type: 'language', subtag: 'pal', prefix: [], scope: null }, - { type: 'language', subtag: 'pam', prefix: [], scope: null }, - { type: 'language', subtag: 'pao', prefix: [], scope: null }, - { type: 'language', subtag: 'pap', prefix: [], scope: null }, - { type: 'language', subtag: 'paq', prefix: [], scope: null }, - { type: 'language', subtag: 'par', prefix: [], scope: null }, - { type: 'language', subtag: 'pas', prefix: [], scope: null }, - { type: 'language', subtag: 'pat', prefix: [], scope: null }, - { type: 'language', subtag: 'pau', prefix: [], scope: null }, - { type: 'language', subtag: 'pav', prefix: [], scope: null }, - { type: 'language', subtag: 'paw', prefix: [], scope: null }, - { type: 'language', subtag: 'pax', prefix: [], scope: null }, - { type: 'language', subtag: 'pay', prefix: [], scope: null }, - { type: 'language', subtag: 'paz', prefix: [], scope: null }, - { type: 'language', subtag: 'pbb', prefix: [], scope: null }, - { type: 'language', subtag: 'pbc', prefix: [], scope: null }, - { type: 'language', subtag: 'pbe', prefix: [], scope: null }, - { type: 'language', subtag: 'pbf', prefix: [], scope: null }, - { type: 'language', subtag: 'pbg', prefix: [], scope: null }, - { type: 'language', subtag: 'pbh', prefix: [], scope: null }, - { type: 'language', subtag: 'pbi', prefix: [], scope: null }, - { type: 'language', subtag: 'pbl', prefix: [], scope: null }, - { type: 'language', subtag: 'pbm', prefix: [], scope: null }, - { type: 'language', subtag: 'pbn', prefix: [], scope: null }, - { type: 'language', subtag: 'pbo', prefix: [], scope: null }, - { type: 'language', subtag: 'pbp', prefix: [], scope: null }, - { type: 'language', subtag: 'pbr', prefix: [], scope: null }, - { type: 'language', subtag: 'pbs', prefix: [], scope: null }, - { type: 'language', subtag: 'pbt', prefix: [], scope: null }, - { type: 'language', subtag: 'pbu', prefix: [], scope: null }, - { type: 'language', subtag: 'pbv', prefix: [], scope: null }, - { type: 'language', subtag: 'pby', prefix: [], scope: null }, - { type: 'language', subtag: 'pbz', prefix: [], scope: null }, - { type: 'language', subtag: 'pca', prefix: [], scope: null }, - { type: 'language', subtag: 'pcb', prefix: [], scope: null }, - { type: 'language', subtag: 'pcc', prefix: [], scope: null }, - { type: 'language', subtag: 'pcd', prefix: [], scope: null }, - { type: 'language', subtag: 'pce', prefix: [], scope: null }, - { type: 'language', subtag: 'pcf', prefix: [], scope: null }, - { type: 'language', subtag: 'pcg', prefix: [], scope: null }, - { type: 'language', subtag: 'pch', prefix: [], scope: null }, - { type: 'language', subtag: 'pci', prefix: [], scope: null }, - { type: 'language', subtag: 'pcj', prefix: [], scope: null }, - { type: 'language', subtag: 'pck', prefix: [], scope: null }, - { type: 'language', subtag: 'pcl', prefix: [], scope: null }, - { type: 'language', subtag: 'pcm', prefix: [], scope: null }, - { type: 'language', subtag: 'pcn', prefix: [], scope: null }, - { type: 'language', subtag: 'pcp', prefix: [], scope: null }, - { type: 'language', subtag: 'pcr', prefix: [], scope: null }, - { type: 'language', subtag: 'pcw', prefix: [], scope: null }, - { type: 'language', subtag: 'pda', prefix: [], scope: null }, - { type: 'language', subtag: 'pdc', prefix: [], scope: null }, - { type: 'language', subtag: 'pdi', prefix: [], scope: null }, - { type: 'language', subtag: 'pdn', prefix: [], scope: null }, - { type: 'language', subtag: 'pdo', prefix: [], scope: null }, - { type: 'language', subtag: 'pdt', prefix: [], scope: null }, - { type: 'language', subtag: 'pdu', prefix: [], scope: null }, - { type: 'language', subtag: 'pea', prefix: [], scope: null }, - { type: 'language', subtag: 'peb', prefix: [], scope: null }, - { type: 'language', subtag: 'ped', prefix: [], scope: null }, - { type: 'language', subtag: 'pee', prefix: [], scope: null }, - { type: 'language', subtag: 'pef', prefix: [], scope: null }, - { type: 'language', subtag: 'peg', prefix: [], scope: null }, - { type: 'language', subtag: 'peh', prefix: [], scope: null }, - { type: 'language', subtag: 'pei', prefix: [], scope: null }, - { type: 'language', subtag: 'pej', prefix: [], scope: null }, - { type: 'language', subtag: 'pek', prefix: [], scope: null }, - { type: 'language', subtag: 'pel', prefix: [], scope: null }, - { type: 'language', subtag: 'pem', prefix: [], scope: null }, - { type: 'language', subtag: 'peo', prefix: [], scope: null }, - { type: 'language', subtag: 'pep', prefix: [], scope: null }, - { type: 'language', subtag: 'peq', prefix: [], scope: null }, - { type: 'language', subtag: 'pes', prefix: [], scope: null }, - { type: 'language', subtag: 'pev', prefix: [], scope: null }, - { type: 'language', subtag: 'pex', prefix: [], scope: null }, - { type: 'language', subtag: 'pey', prefix: [], scope: null }, - { type: 'language', subtag: 'pez', prefix: [], scope: null }, - { type: 'language', subtag: 'pfa', prefix: [], scope: null }, - { type: 'language', subtag: 'pfe', prefix: [], scope: null }, - { type: 'language', subtag: 'pfl', prefix: [], scope: null }, - { type: 'language', subtag: 'pga', prefix: [], scope: null }, - { type: 'language', subtag: 'pgd', prefix: [], scope: null }, - { type: 'language', subtag: 'pgg', prefix: [], scope: null }, - { type: 'language', subtag: 'pgi', prefix: [], scope: null }, - { type: 'language', subtag: 'pgk', prefix: [], scope: null }, - { type: 'language', subtag: 'pgl', prefix: [], scope: null }, - { type: 'language', subtag: 'pgn', prefix: [], scope: null }, - { type: 'language', subtag: 'pgs', prefix: [], scope: null }, - { type: 'language', subtag: 'pgu', prefix: [], scope: null }, - { type: 'language', subtag: 'pgy', prefix: [], scope: null }, - { type: 'language', subtag: 'pgz', prefix: [], scope: null }, - { type: 'language', subtag: 'pha', prefix: [], scope: null }, - { type: 'language', subtag: 'phd', prefix: [], scope: null }, - { type: 'language', subtag: 'phg', prefix: [], scope: null }, - { type: 'language', subtag: 'phh', prefix: [], scope: null }, - { type: 'language', subtag: 'phi', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'phj', prefix: [], scope: null }, - { type: 'language', subtag: 'phk', prefix: [], scope: null }, - { type: 'language', subtag: 'phl', prefix: [], scope: null }, - { type: 'language', subtag: 'phm', prefix: [], scope: null }, - { type: 'language', subtag: 'phn', prefix: [], scope: null }, - { type: 'language', subtag: 'pho', prefix: [], scope: null }, - { type: 'language', subtag: 'phq', prefix: [], scope: null }, - { type: 'language', subtag: 'phr', prefix: [], scope: null }, - { type: 'language', subtag: 'pht', prefix: [], scope: null }, - { type: 'language', subtag: 'phu', prefix: [], scope: null }, - { type: 'language', subtag: 'phv', prefix: [], scope: null }, - { type: 'language', subtag: 'phw', prefix: [], scope: null }, - { type: 'language', subtag: 'pia', prefix: [], scope: null }, - { type: 'language', subtag: 'pib', prefix: [], scope: null }, - { type: 'language', subtag: 'pic', prefix: [], scope: null }, - { type: 'language', subtag: 'pid', prefix: [], scope: null }, - { type: 'language', subtag: 'pie', prefix: [], scope: null }, - { type: 'language', subtag: 'pif', prefix: [], scope: null }, - { type: 'language', subtag: 'pig', prefix: [], scope: null }, - { type: 'language', subtag: 'pih', prefix: [], scope: null }, - { type: 'language', subtag: 'pii', prefix: [], scope: null }, - { type: 'language', subtag: 'pij', prefix: [], scope: null }, - { type: 'language', subtag: 'pil', prefix: [], scope: null }, - { type: 'language', subtag: 'pim', prefix: [], scope: null }, - { type: 'language', subtag: 'pin', prefix: [], scope: null }, - { type: 'language', subtag: 'pio', prefix: [], scope: null }, - { type: 'language', subtag: 'pip', prefix: [], scope: null }, - { type: 'language', subtag: 'pir', prefix: [], scope: null }, - { type: 'language', subtag: 'pis', prefix: [], scope: null }, - { type: 'language', subtag: 'pit', prefix: [], scope: null }, - { type: 'language', subtag: 'piu', prefix: [], scope: null }, - { type: 'language', subtag: 'piv', prefix: [], scope: null }, - { type: 'language', subtag: 'piw', prefix: [], scope: null }, - { type: 'language', subtag: 'pix', prefix: [], scope: null }, - { type: 'language', subtag: 'piy', prefix: [], scope: null }, - { type: 'language', subtag: 'piz', prefix: [], scope: null }, - { type: 'language', subtag: 'pjt', prefix: [], scope: null }, - { type: 'language', subtag: 'pka', prefix: [], scope: null }, - { type: 'language', subtag: 'pkb', prefix: [], scope: null }, - { type: 'language', subtag: 'pkc', prefix: [], scope: null }, - { type: 'language', subtag: 'pkg', prefix: [], scope: null }, - { type: 'language', subtag: 'pkh', prefix: [], scope: null }, - { type: 'language', subtag: 'pkn', prefix: [], scope: null }, - { type: 'language', subtag: 'pko', prefix: [], scope: null }, - { type: 'language', subtag: 'pkp', prefix: [], scope: null }, - { type: 'language', subtag: 'pkr', prefix: [], scope: null }, - { type: 'language', subtag: 'pks', prefix: [], scope: null }, - { type: 'language', subtag: 'pkt', prefix: [], scope: null }, - { type: 'language', subtag: 'pku', prefix: [], scope: null }, - { type: 'language', subtag: 'pla', prefix: [], scope: null }, - { type: 'language', subtag: 'plb', prefix: [], scope: null }, - { type: 'language', subtag: 'plc', prefix: [], scope: null }, - { type: 'language', subtag: 'pld', prefix: [], scope: null }, - { type: 'language', subtag: 'ple', prefix: [], scope: null }, - { type: 'language', subtag: 'plf', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'plg', prefix: [], scope: null }, - { type: 'language', subtag: 'plh', prefix: [], scope: null }, - { type: 'language', subtag: 'plj', prefix: [], scope: null }, - { type: 'language', subtag: 'plk', prefix: [], scope: null }, - { type: 'language', subtag: 'pll', prefix: [], scope: null }, - { type: 'language', subtag: 'pln', prefix: [], scope: null }, - { type: 'language', subtag: 'plo', prefix: [], scope: null }, - { type: 'language', subtag: 'plp', prefix: [], scope: null }, - { type: 'language', subtag: 'plq', prefix: [], scope: null }, - { type: 'language', subtag: 'plr', prefix: [], scope: null }, - { type: 'language', subtag: 'pls', prefix: [], scope: null }, - { type: 'language', subtag: 'plt', prefix: [], scope: null }, - { type: 'language', subtag: 'plu', prefix: [], scope: null }, - { type: 'language', subtag: 'plv', prefix: [], scope: null }, - { type: 'language', subtag: 'plw', prefix: [], scope: null }, - { type: 'language', subtag: 'ply', prefix: [], scope: null }, - { type: 'language', subtag: 'plz', prefix: [], scope: null }, - { type: 'language', subtag: 'pma', prefix: [], scope: null }, - { type: 'language', subtag: 'pmb', prefix: [], scope: null }, - { type: 'language', subtag: 'pmc', prefix: [], scope: null }, - { type: 'language', subtag: 'pmd', prefix: [], scope: null }, - { type: 'language', subtag: 'pme', prefix: [], scope: null }, - { type: 'language', subtag: 'pmf', prefix: [], scope: null }, - { type: 'language', subtag: 'pmh', prefix: [], scope: null }, - { type: 'language', subtag: 'pmi', prefix: [], scope: null }, - { type: 'language', subtag: 'pmj', prefix: [], scope: null }, - { type: 'language', subtag: 'pmk', prefix: [], scope: null }, - { type: 'language', subtag: 'pml', prefix: [], scope: null }, - { type: 'language', subtag: 'pmm', prefix: [], scope: null }, - { type: 'language', subtag: 'pmn', prefix: [], scope: null }, - { type: 'language', subtag: 'pmo', prefix: [], scope: null }, - { type: 'language', subtag: 'pmq', prefix: [], scope: null }, - { type: 'language', subtag: 'pmr', prefix: [], scope: null }, - { type: 'language', subtag: 'pms', prefix: [], scope: null }, - { type: 'language', subtag: 'pmt', prefix: [], scope: null }, - { type: 'language', subtag: 'pmu', prefix: [], scope: null }, - { type: 'language', subtag: 'pmw', prefix: [], scope: null }, - { type: 'language', subtag: 'pmx', prefix: [], scope: null }, - { type: 'language', subtag: 'pmy', prefix: [], scope: null }, - { type: 'language', subtag: 'pmz', prefix: [], scope: null }, - { type: 'language', subtag: 'pna', prefix: [], scope: null }, - { type: 'language', subtag: 'pnb', prefix: [], scope: null }, - { type: 'language', subtag: 'pnc', prefix: [], scope: null }, - { type: 'language', subtag: 'pnd', prefix: [], scope: null }, - { type: 'language', subtag: 'pne', prefix: [], scope: null }, - { type: 'language', subtag: 'png', prefix: [], scope: null }, - { type: 'language', subtag: 'pnh', prefix: [], scope: null }, - { type: 'language', subtag: 'pni', prefix: [], scope: null }, - { type: 'language', subtag: 'pnj', prefix: [], scope: null }, - { type: 'language', subtag: 'pnk', prefix: [], scope: null }, - { type: 'language', subtag: 'pnl', prefix: [], scope: null }, - { type: 'language', subtag: 'pnm', prefix: [], scope: null }, - { type: 'language', subtag: 'pnn', prefix: [], scope: null }, - { type: 'language', subtag: 'pno', prefix: [], scope: null }, - { type: 'language', subtag: 'pnp', prefix: [], scope: null }, - { type: 'language', subtag: 'pnq', prefix: [], scope: null }, - { type: 'language', subtag: 'pnr', prefix: [], scope: null }, - { type: 'language', subtag: 'pns', prefix: [], scope: null }, - { type: 'language', subtag: 'pnt', prefix: [], scope: null }, - { type: 'language', subtag: 'pnu', prefix: [], scope: null }, - { type: 'language', subtag: 'pnv', prefix: [], scope: null }, - { type: 'language', subtag: 'pnw', prefix: [], scope: null }, - { type: 'language', subtag: 'pnx', prefix: [], scope: null }, - { type: 'language', subtag: 'pny', prefix: [], scope: null }, - { type: 'language', subtag: 'pnz', prefix: [], scope: null }, - { type: 'language', subtag: 'poc', prefix: [], scope: null }, - { type: 'language', subtag: 'pod', prefix: [], scope: null }, - { type: 'language', subtag: 'poe', prefix: [], scope: null }, - { type: 'language', subtag: 'pof', prefix: [], scope: null }, - { type: 'language', subtag: 'pog', prefix: [], scope: null }, - { type: 'language', subtag: 'poh', prefix: [], scope: null }, - { type: 'language', subtag: 'poi', prefix: [], scope: null }, - { type: 'language', subtag: 'pok', prefix: [], scope: null }, - { type: 'language', subtag: 'pom', prefix: [], scope: null }, - { type: 'language', subtag: 'pon', prefix: [], scope: null }, - { type: 'language', subtag: 'poo', prefix: [], scope: null }, - { type: 'language', subtag: 'pop', prefix: [], scope: null }, - { type: 'language', subtag: 'poq', prefix: [], scope: null }, - { type: 'language', subtag: 'pos', prefix: [], scope: null }, - { type: 'language', subtag: 'pot', prefix: [], scope: null }, - { type: 'language', subtag: 'pov', prefix: [], scope: null }, - { type: 'language', subtag: 'pow', prefix: [], scope: null }, - { type: 'language', subtag: 'pox', prefix: [], scope: null }, - { type: 'language', subtag: 'poy', prefix: [], scope: null }, - { type: 'language', subtag: 'poz', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'ppa', prefix: [], scope: null }, - { type: 'language', subtag: 'ppe', prefix: [], scope: null }, - { type: 'language', subtag: 'ppi', prefix: [], scope: null }, - { type: 'language', subtag: 'ppk', prefix: [], scope: null }, - { type: 'language', subtag: 'ppl', prefix: [], scope: null }, - { type: 'language', subtag: 'ppm', prefix: [], scope: null }, - { type: 'language', subtag: 'ppn', prefix: [], scope: null }, - { type: 'language', subtag: 'ppo', prefix: [], scope: null }, - { type: 'language', subtag: 'ppp', prefix: [], scope: null }, - { type: 'language', subtag: 'ppq', prefix: [], scope: null }, - { type: 'language', subtag: 'ppr', prefix: [], scope: null }, - { type: 'language', subtag: 'pps', prefix: [], scope: null }, - { type: 'language', subtag: 'ppt', prefix: [], scope: null }, - { type: 'language', subtag: 'ppu', prefix: [], scope: null }, - { type: 'language', subtag: 'pqa', prefix: [], scope: null }, - { type: 'language', subtag: 'pqe', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'pqm', prefix: [], scope: null }, - { type: 'language', subtag: 'pqw', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'pra', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'prb', prefix: [], scope: null }, - { type: 'language', subtag: 'prc', prefix: [], scope: null }, - { type: 'language', subtag: 'prd', prefix: [], scope: null }, - { type: 'language', subtag: 'pre', prefix: [], scope: null }, - { type: 'language', subtag: 'prf', prefix: [], scope: null }, - { type: 'language', subtag: 'prg', prefix: [], scope: null }, - { type: 'language', subtag: 'prh', prefix: [], scope: null }, - { type: 'language', subtag: 'pri', prefix: [], scope: null }, - { type: 'language', subtag: 'prk', prefix: [], scope: null }, - { type: 'language', subtag: 'prl', prefix: [], scope: null }, - { type: 'language', subtag: 'prm', prefix: [], scope: null }, - { type: 'language', subtag: 'prn', prefix: [], scope: null }, - { type: 'language', subtag: 'pro', prefix: [], scope: null }, - { type: 'language', subtag: 'prp', prefix: [], scope: null }, - { type: 'language', subtag: 'prq', prefix: [], scope: null }, - { type: 'language', subtag: 'prr', prefix: [], scope: null }, - { type: 'language', subtag: 'prs', prefix: [], scope: null }, - { type: 'language', subtag: 'prt', prefix: [], scope: null }, - { type: 'language', subtag: 'pru', prefix: [], scope: null }, - { type: 'language', subtag: 'prw', prefix: [], scope: null }, - { type: 'language', subtag: 'prx', prefix: [], scope: null }, - { type: 'language', subtag: 'pry', prefix: [], scope: null }, - { type: 'language', subtag: 'prz', prefix: [], scope: null }, - { type: 'language', subtag: 'psa', prefix: [], scope: null }, - { type: 'language', subtag: 'psc', prefix: [], scope: null }, - { type: 'language', subtag: 'psd', prefix: [], scope: null }, - { type: 'language', subtag: 'pse', prefix: [], scope: null }, - { type: 'language', subtag: 'psg', prefix: [], scope: null }, - { type: 'language', subtag: 'psh', prefix: [], scope: null }, - { type: 'language', subtag: 'psi', prefix: [], scope: null }, - { type: 'language', subtag: 'psl', prefix: [], scope: null }, - { type: 'language', subtag: 'psm', prefix: [], scope: null }, - { type: 'language', subtag: 'psn', prefix: [], scope: null }, - { type: 'language', subtag: 'pso', prefix: [], scope: null }, - { type: 'language', subtag: 'psp', prefix: [], scope: null }, - { type: 'language', subtag: 'psq', prefix: [], scope: null }, - { type: 'language', subtag: 'psr', prefix: [], scope: null }, - { type: 'language', subtag: 'pss', prefix: [], scope: null }, - { type: 'language', subtag: 'pst', prefix: [], scope: null }, - { type: 'language', subtag: 'psu', prefix: [], scope: null }, - { type: 'language', subtag: 'psw', prefix: [], scope: null }, - { type: 'language', subtag: 'psy', prefix: [], scope: null }, - { type: 'language', subtag: 'pta', prefix: [], scope: null }, - { type: 'language', subtag: 'pth', prefix: [], scope: null }, - { type: 'language', subtag: 'pti', prefix: [], scope: null }, - { type: 'language', subtag: 'ptn', prefix: [], scope: null }, - { type: 'language', subtag: 'pto', prefix: [], scope: null }, - { type: 'language', subtag: 'ptp', prefix: [], scope: null }, - { type: 'language', subtag: 'ptq', prefix: [], scope: null }, - { type: 'language', subtag: 'ptr', prefix: [], scope: null }, - { type: 'language', subtag: 'ptt', prefix: [], scope: null }, - { type: 'language', subtag: 'ptu', prefix: [], scope: null }, - { type: 'language', subtag: 'ptv', prefix: [], scope: null }, - { type: 'language', subtag: 'ptw', prefix: [], scope: null }, - { type: 'language', subtag: 'pty', prefix: [], scope: null }, - { type: 'language', subtag: 'pua', prefix: [], scope: null }, - { type: 'language', subtag: 'pub', prefix: [], scope: null }, - { type: 'language', subtag: 'puc', prefix: [], scope: null }, - { type: 'language', subtag: 'pud', prefix: [], scope: null }, - { type: 'language', subtag: 'pue', prefix: [], scope: null }, - { type: 'language', subtag: 'puf', prefix: [], scope: null }, - { type: 'language', subtag: 'pug', prefix: [], scope: null }, - { type: 'language', subtag: 'pui', prefix: [], scope: null }, - { type: 'language', subtag: 'puj', prefix: [], scope: null }, - { type: 'language', subtag: 'puk', prefix: [], scope: null }, - { type: 'language', subtag: 'pum', prefix: [], scope: null }, - { type: 'language', subtag: 'puo', prefix: [], scope: null }, - { type: 'language', subtag: 'pup', prefix: [], scope: null }, - { type: 'language', subtag: 'puq', prefix: [], scope: null }, - { type: 'language', subtag: 'pur', prefix: [], scope: null }, - { type: 'language', subtag: 'put', prefix: [], scope: null }, - { type: 'language', subtag: 'puu', prefix: [], scope: null }, - { type: 'language', subtag: 'puw', prefix: [], scope: null }, - { type: 'language', subtag: 'pux', prefix: [], scope: null }, - { type: 'language', subtag: 'puy', prefix: [], scope: null }, - { type: 'language', subtag: 'puz', prefix: [], scope: null }, - { type: 'language', subtag: 'pwa', prefix: [], scope: null }, - { type: 'language', subtag: 'pwb', prefix: [], scope: null }, - { type: 'language', subtag: 'pwg', prefix: [], scope: null }, - { type: 'language', subtag: 'pwi', prefix: [], scope: null }, - { type: 'language', subtag: 'pwm', prefix: [], scope: null }, - { type: 'language', subtag: 'pwn', prefix: [], scope: null }, - { type: 'language', subtag: 'pwo', prefix: [], scope: null }, - { type: 'language', subtag: 'pwr', prefix: [], scope: null }, - { type: 'language', subtag: 'pww', prefix: [], scope: null }, - { type: 'language', subtag: 'pxm', prefix: [], scope: null }, - { type: 'language', subtag: 'pye', prefix: [], scope: null }, - { type: 'language', subtag: 'pym', prefix: [], scope: null }, - { type: 'language', subtag: 'pyn', prefix: [], scope: null }, - { type: 'language', subtag: 'pys', prefix: [], scope: null }, - { type: 'language', subtag: 'pyu', prefix: [], scope: null }, - { type: 'language', subtag: 'pyx', prefix: [], scope: null }, - { type: 'language', subtag: 'pyy', prefix: [], scope: null }, - { type: 'language', subtag: 'pzh', prefix: [], scope: null }, - { type: 'language', subtag: 'pzn', prefix: [], scope: null }, - { type: 'language', subtag: 'qaa..qtz', prefix: [], scope: 'private-use' }, - { type: 'language', subtag: 'qua', prefix: [], scope: null }, - { type: 'language', subtag: 'qub', prefix: [], scope: null }, - { type: 'language', subtag: 'quc', prefix: [], scope: null }, - { type: 'language', subtag: 'qud', prefix: [], scope: null }, - { type: 'language', subtag: 'quf', prefix: [], scope: null }, - { type: 'language', subtag: 'qug', prefix: [], scope: null }, - { type: 'language', subtag: 'quh', prefix: [], scope: null }, - { type: 'language', subtag: 'qui', prefix: [], scope: null }, - { type: 'language', subtag: 'quk', prefix: [], scope: null }, - { type: 'language', subtag: 'qul', prefix: [], scope: null }, - { type: 'language', subtag: 'qum', prefix: [], scope: null }, - { type: 'language', subtag: 'qun', prefix: [], scope: null }, - { type: 'language', subtag: 'qup', prefix: [], scope: null }, - { type: 'language', subtag: 'quq', prefix: [], scope: null }, - { type: 'language', subtag: 'qur', prefix: [], scope: null }, - { type: 'language', subtag: 'qus', prefix: [], scope: null }, - { type: 'language', subtag: 'quv', prefix: [], scope: null }, - { type: 'language', subtag: 'quw', prefix: [], scope: null }, - { type: 'language', subtag: 'qux', prefix: [], scope: null }, - { type: 'language', subtag: 'quy', prefix: [], scope: null }, - { type: 'language', subtag: 'quz', prefix: [], scope: null }, - { type: 'language', subtag: 'qva', prefix: [], scope: null }, - { type: 'language', subtag: 'qvc', prefix: [], scope: null }, - { type: 'language', subtag: 'qve', prefix: [], scope: null }, - { type: 'language', subtag: 'qvh', prefix: [], scope: null }, - { type: 'language', subtag: 'qvi', prefix: [], scope: null }, - { type: 'language', subtag: 'qvj', prefix: [], scope: null }, - { type: 'language', subtag: 'qvl', prefix: [], scope: null }, - { type: 'language', subtag: 'qvm', prefix: [], scope: null }, - { type: 'language', subtag: 'qvn', prefix: [], scope: null }, - { type: 'language', subtag: 'qvo', prefix: [], scope: null }, - { type: 'language', subtag: 'qvp', prefix: [], scope: null }, - { type: 'language', subtag: 'qvs', prefix: [], scope: null }, - { type: 'language', subtag: 'qvw', prefix: [], scope: null }, - { type: 'language', subtag: 'qvy', prefix: [], scope: null }, - { type: 'language', subtag: 'qvz', prefix: [], scope: null }, - { type: 'language', subtag: 'qwa', prefix: [], scope: null }, - { type: 'language', subtag: 'qwc', prefix: [], scope: null }, - { type: 'language', subtag: 'qwe', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'qwh', prefix: [], scope: null }, - { type: 'language', subtag: 'qwm', prefix: [], scope: null }, - { type: 'language', subtag: 'qws', prefix: [], scope: null }, - { type: 'language', subtag: 'qwt', prefix: [], scope: null }, - { type: 'language', subtag: 'qxa', prefix: [], scope: null }, - { type: 'language', subtag: 'qxc', prefix: [], scope: null }, - { type: 'language', subtag: 'qxh', prefix: [], scope: null }, - { type: 'language', subtag: 'qxl', prefix: [], scope: null }, - { type: 'language', subtag: 'qxn', prefix: [], scope: null }, - { type: 'language', subtag: 'qxo', prefix: [], scope: null }, - { type: 'language', subtag: 'qxp', prefix: [], scope: null }, - { type: 'language', subtag: 'qxq', prefix: [], scope: null }, - { type: 'language', subtag: 'qxr', prefix: [], scope: null }, - { type: 'language', subtag: 'qxs', prefix: [], scope: null }, - { type: 'language', subtag: 'qxt', prefix: [], scope: null }, - { type: 'language', subtag: 'qxu', prefix: [], scope: null }, - { type: 'language', subtag: 'qxw', prefix: [], scope: null }, - { type: 'language', subtag: 'qya', prefix: [], scope: null }, - { type: 'language', subtag: 'qyp', prefix: [], scope: null }, - { type: 'language', subtag: 'raa', prefix: [], scope: null }, - { type: 'language', subtag: 'rab', prefix: [], scope: null }, - { type: 'language', subtag: 'rac', prefix: [], scope: null }, - { type: 'language', subtag: 'rad', prefix: [], scope: null }, - { type: 'language', subtag: 'raf', prefix: [], scope: null }, - { type: 'language', subtag: 'rag', prefix: [], scope: null }, - { type: 'language', subtag: 'rah', prefix: [], scope: null }, - { type: 'language', subtag: 'rai', prefix: [], scope: null }, - { type: 'language', subtag: 'raj', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'rak', prefix: [], scope: null }, - { type: 'language', subtag: 'ral', prefix: [], scope: null }, - { type: 'language', subtag: 'ram', prefix: [], scope: null }, - { type: 'language', subtag: 'ran', prefix: [], scope: null }, - { type: 'language', subtag: 'rao', prefix: [], scope: null }, - { type: 'language', subtag: 'rap', prefix: [], scope: null }, - { type: 'language', subtag: 'raq', prefix: [], scope: null }, - { type: 'language', subtag: 'rar', prefix: [], scope: null }, - { type: 'language', subtag: 'ras', prefix: [], scope: null }, - { type: 'language', subtag: 'rat', prefix: [], scope: null }, - { type: 'language', subtag: 'rau', prefix: [], scope: null }, - { type: 'language', subtag: 'rav', prefix: [], scope: null }, - { type: 'language', subtag: 'raw', prefix: [], scope: null }, - { type: 'language', subtag: 'rax', prefix: [], scope: null }, - { type: 'language', subtag: 'ray', prefix: [], scope: null }, - { type: 'language', subtag: 'raz', prefix: [], scope: null }, - { type: 'language', subtag: 'rbb', prefix: [], scope: null }, - { type: 'language', subtag: 'rbk', prefix: [], scope: null }, - { type: 'language', subtag: 'rbl', prefix: [], scope: null }, - { type: 'language', subtag: 'rbp', prefix: [], scope: null }, - { type: 'language', subtag: 'rcf', prefix: [], scope: null }, - { type: 'language', subtag: 'rdb', prefix: [], scope: null }, - { type: 'language', subtag: 'rea', prefix: [], scope: null }, - { type: 'language', subtag: 'reb', prefix: [], scope: null }, - { type: 'language', subtag: 'ree', prefix: [], scope: null }, - { type: 'language', subtag: 'reg', prefix: [], scope: null }, - { type: 'language', subtag: 'rei', prefix: [], scope: null }, - { type: 'language', subtag: 'rej', prefix: [], scope: null }, - { type: 'language', subtag: 'rel', prefix: [], scope: null }, - { type: 'language', subtag: 'rem', prefix: [], scope: null }, - { type: 'language', subtag: 'ren', prefix: [], scope: null }, - { type: 'language', subtag: 'rer', prefix: [], scope: null }, - { type: 'language', subtag: 'res', prefix: [], scope: null }, - { type: 'language', subtag: 'ret', prefix: [], scope: null }, - { type: 'language', subtag: 'rey', prefix: [], scope: null }, - { type: 'language', subtag: 'rga', prefix: [], scope: null }, - { type: 'language', subtag: 'rge', prefix: [], scope: null }, - { type: 'language', subtag: 'rgk', prefix: [], scope: null }, - { type: 'language', subtag: 'rgn', prefix: [], scope: null }, - { type: 'language', subtag: 'rgr', prefix: [], scope: null }, - { type: 'language', subtag: 'rgs', prefix: [], scope: null }, - { type: 'language', subtag: 'rgu', prefix: [], scope: null }, - { type: 'language', subtag: 'rhg', prefix: [], scope: null }, - { type: 'language', subtag: 'rhp', prefix: [], scope: null }, - { type: 'language', subtag: 'ria', prefix: [], scope: null }, - { type: 'language', subtag: 'rib', prefix: [], scope: null }, - { type: 'language', subtag: 'rie', prefix: [], scope: null }, - { type: 'language', subtag: 'rif', prefix: [], scope: null }, - { type: 'language', subtag: 'ril', prefix: [], scope: null }, - { type: 'language', subtag: 'rim', prefix: [], scope: null }, - { type: 'language', subtag: 'rin', prefix: [], scope: null }, - { type: 'language', subtag: 'rir', prefix: [], scope: null }, - { type: 'language', subtag: 'rit', prefix: [], scope: null }, - { type: 'language', subtag: 'riu', prefix: [], scope: null }, - { type: 'language', subtag: 'rjg', prefix: [], scope: null }, - { type: 'language', subtag: 'rji', prefix: [], scope: null }, - { type: 'language', subtag: 'rjs', prefix: [], scope: null }, - { type: 'language', subtag: 'rka', prefix: [], scope: null }, - { type: 'language', subtag: 'rkb', prefix: [], scope: null }, - { type: 'language', subtag: 'rkh', prefix: [], scope: null }, - { type: 'language', subtag: 'rki', prefix: [], scope: null }, - { type: 'language', subtag: 'rkm', prefix: [], scope: null }, - { type: 'language', subtag: 'rkt', prefix: [], scope: null }, - { type: 'language', subtag: 'rkw', prefix: [], scope: null }, - { type: 'language', subtag: 'rma', prefix: [], scope: null }, - { type: 'language', subtag: 'rmb', prefix: [], scope: null }, - { type: 'language', subtag: 'rmc', prefix: [], scope: null }, - { type: 'language', subtag: 'rmd', prefix: [], scope: null }, - { type: 'language', subtag: 'rme', prefix: [], scope: null }, - { type: 'language', subtag: 'rmf', prefix: [], scope: null }, - { type: 'language', subtag: 'rmg', prefix: [], scope: null }, - { type: 'language', subtag: 'rmh', prefix: [], scope: null }, - { type: 'language', subtag: 'rmi', prefix: [], scope: null }, - { type: 'language', subtag: 'rmk', prefix: [], scope: null }, - { type: 'language', subtag: 'rml', prefix: [], scope: null }, - { type: 'language', subtag: 'rmm', prefix: [], scope: null }, - { type: 'language', subtag: 'rmn', prefix: [], scope: null }, - { type: 'language', subtag: 'rmo', prefix: [], scope: null }, - { type: 'language', subtag: 'rmp', prefix: [], scope: null }, - { type: 'language', subtag: 'rmq', prefix: [], scope: null }, - { type: 'language', subtag: 'rmr', prefix: [], scope: null }, - { type: 'language', subtag: 'rms', prefix: [], scope: null }, - { type: 'language', subtag: 'rmt', prefix: [], scope: null }, - { type: 'language', subtag: 'rmu', prefix: [], scope: null }, - { type: 'language', subtag: 'rmv', prefix: [], scope: null }, - { type: 'language', subtag: 'rmw', prefix: [], scope: null }, - { type: 'language', subtag: 'rmx', prefix: [], scope: null }, - { type: 'language', subtag: 'rmy', prefix: [], scope: null }, - { type: 'language', subtag: 'rmz', prefix: [], scope: null }, - { type: 'language', subtag: 'rna', prefix: [], scope: null }, - { type: 'language', subtag: 'rnb', prefix: [], scope: null }, - { type: 'language', subtag: 'rnd', prefix: [], scope: null }, - { type: 'language', subtag: 'rng', prefix: [], scope: null }, - { type: 'language', subtag: 'rnl', prefix: [], scope: null }, - { type: 'language', subtag: 'rnn', prefix: [], scope: null }, - { type: 'language', subtag: 'rnp', prefix: [], scope: null }, - { type: 'language', subtag: 'rnr', prefix: [], scope: null }, - { type: 'language', subtag: 'rnw', prefix: [], scope: null }, - { type: 'language', subtag: 'roa', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'rob', prefix: [], scope: null }, - { type: 'language', subtag: 'roc', prefix: [], scope: null }, - { type: 'language', subtag: 'rod', prefix: [], scope: null }, - { type: 'language', subtag: 'roe', prefix: [], scope: null }, - { type: 'language', subtag: 'rof', prefix: [], scope: null }, - { type: 'language', subtag: 'rog', prefix: [], scope: null }, - { type: 'language', subtag: 'rol', prefix: [], scope: null }, - { type: 'language', subtag: 'rom', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'roo', prefix: [], scope: null }, - { type: 'language', subtag: 'rop', prefix: [], scope: null }, - { type: 'language', subtag: 'ror', prefix: [], scope: null }, - { type: 'language', subtag: 'rou', prefix: [], scope: null }, - { type: 'language', subtag: 'row', prefix: [], scope: null }, - { type: 'language', subtag: 'rpn', prefix: [], scope: null }, - { type: 'language', subtag: 'rpt', prefix: [], scope: null }, - { type: 'language', subtag: 'rri', prefix: [], scope: null }, - { type: 'language', subtag: 'rro', prefix: [], scope: null }, - { type: 'language', subtag: 'rrt', prefix: [], scope: null }, - { type: 'language', subtag: 'rsb', prefix: [], scope: null }, - { type: 'language', subtag: 'rsi', prefix: [], scope: null }, - { type: 'language', subtag: 'rsk', prefix: [], scope: null }, - { type: 'language', subtag: 'rsl', prefix: [], scope: null }, - { type: 'language', subtag: 'rsm', prefix: [], scope: null }, - { type: 'language', subtag: 'rsn', prefix: [], scope: null }, - { type: 'language', subtag: 'rtc', prefix: [], scope: null }, - { type: 'language', subtag: 'rth', prefix: [], scope: null }, - { type: 'language', subtag: 'rtm', prefix: [], scope: null }, - { type: 'language', subtag: 'rts', prefix: [], scope: null }, - { type: 'language', subtag: 'rtw', prefix: [], scope: null }, - { type: 'language', subtag: 'rub', prefix: [], scope: null }, - { type: 'language', subtag: 'ruc', prefix: [], scope: null }, - { type: 'language', subtag: 'rue', prefix: [], scope: null }, - { type: 'language', subtag: 'ruf', prefix: [], scope: null }, - { type: 'language', subtag: 'rug', prefix: [], scope: null }, - { type: 'language', subtag: 'ruh', prefix: [], scope: null }, - { type: 'language', subtag: 'rui', prefix: [], scope: null }, - { type: 'language', subtag: 'ruk', prefix: [], scope: null }, - { type: 'language', subtag: 'ruo', prefix: [], scope: null }, - { type: 'language', subtag: 'rup', prefix: [], scope: null }, - { type: 'language', subtag: 'ruq', prefix: [], scope: null }, - { type: 'language', subtag: 'rut', prefix: [], scope: null }, - { type: 'language', subtag: 'ruu', prefix: [], scope: null }, - { type: 'language', subtag: 'ruy', prefix: [], scope: null }, - { type: 'language', subtag: 'ruz', prefix: [], scope: null }, - { type: 'language', subtag: 'rwa', prefix: [], scope: null }, - { type: 'language', subtag: 'rwk', prefix: [], scope: null }, - { type: 'language', subtag: 'rwl', prefix: [], scope: null }, - { type: 'language', subtag: 'rwm', prefix: [], scope: null }, - { type: 'language', subtag: 'rwo', prefix: [], scope: null }, - { type: 'language', subtag: 'rwr', prefix: [], scope: null }, - { type: 'language', subtag: 'rxd', prefix: [], scope: null }, - { type: 'language', subtag: 'rxw', prefix: [], scope: null }, - { type: 'language', subtag: 'ryn', prefix: [], scope: null }, - { type: 'language', subtag: 'rys', prefix: [], scope: null }, - { type: 'language', subtag: 'ryu', prefix: [], scope: null }, - { type: 'language', subtag: 'rzh', prefix: [], scope: null }, - { type: 'language', subtag: 'saa', prefix: [], scope: null }, - { type: 'language', subtag: 'sab', prefix: [], scope: null }, - { type: 'language', subtag: 'sac', prefix: [], scope: null }, - { type: 'language', subtag: 'sad', prefix: [], scope: null }, - { type: 'language', subtag: 'sae', prefix: [], scope: null }, - { type: 'language', subtag: 'saf', prefix: [], scope: null }, - { type: 'language', subtag: 'sah', prefix: [], scope: null }, - { type: 'language', subtag: 'sai', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'saj', prefix: [], scope: null }, - { type: 'language', subtag: 'sak', prefix: [], scope: null }, - { type: 'language', subtag: 'sal', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'sam', prefix: [], scope: null }, - { type: 'language', subtag: 'sao', prefix: [], scope: null }, - { type: 'language', subtag: 'sap', prefix: [], scope: null }, - { type: 'language', subtag: 'saq', prefix: [], scope: null }, - { type: 'language', subtag: 'sar', prefix: [], scope: null }, - { type: 'language', subtag: 'sas', prefix: [], scope: null }, - { type: 'language', subtag: 'sat', prefix: [], scope: null }, - { type: 'language', subtag: 'sau', prefix: [], scope: null }, - { type: 'language', subtag: 'sav', prefix: [], scope: null }, - { type: 'language', subtag: 'saw', prefix: [], scope: null }, - { type: 'language', subtag: 'sax', prefix: [], scope: null }, - { type: 'language', subtag: 'say', prefix: [], scope: null }, - { type: 'language', subtag: 'saz', prefix: [], scope: null }, - { type: 'language', subtag: 'sba', prefix: [], scope: null }, - { type: 'language', subtag: 'sbb', prefix: [], scope: null }, - { type: 'language', subtag: 'sbc', prefix: [], scope: null }, - { type: 'language', subtag: 'sbd', prefix: [], scope: null }, - { type: 'language', subtag: 'sbe', prefix: [], scope: null }, - { type: 'language', subtag: 'sbf', prefix: [], scope: null }, - { type: 'language', subtag: 'sbg', prefix: [], scope: null }, - { type: 'language', subtag: 'sbh', prefix: [], scope: null }, - { type: 'language', subtag: 'sbi', prefix: [], scope: null }, - { type: 'language', subtag: 'sbj', prefix: [], scope: null }, - { type: 'language', subtag: 'sbk', prefix: [], scope: null }, - { type: 'language', subtag: 'sbl', prefix: [], scope: null }, - { type: 'language', subtag: 'sbm', prefix: [], scope: null }, - { type: 'language', subtag: 'sbn', prefix: [], scope: null }, - { type: 'language', subtag: 'sbo', prefix: [], scope: null }, - { type: 'language', subtag: 'sbp', prefix: [], scope: null }, - { type: 'language', subtag: 'sbq', prefix: [], scope: null }, - { type: 'language', subtag: 'sbr', prefix: [], scope: null }, - { type: 'language', subtag: 'sbs', prefix: [], scope: null }, - { type: 'language', subtag: 'sbt', prefix: [], scope: null }, - { type: 'language', subtag: 'sbu', prefix: [], scope: null }, - { type: 'language', subtag: 'sbv', prefix: [], scope: null }, - { type: 'language', subtag: 'sbw', prefix: [], scope: null }, - { type: 'language', subtag: 'sbx', prefix: [], scope: null }, - { type: 'language', subtag: 'sby', prefix: [], scope: null }, - { type: 'language', subtag: 'sbz', prefix: [], scope: null }, - { type: 'language', subtag: 'sca', prefix: [], scope: null }, - { type: 'language', subtag: 'scb', prefix: [], scope: null }, - { type: 'language', subtag: 'sce', prefix: [], scope: null }, - { type: 'language', subtag: 'scf', prefix: [], scope: null }, - { type: 'language', subtag: 'scg', prefix: [], scope: null }, - { type: 'language', subtag: 'sch', prefix: [], scope: null }, - { type: 'language', subtag: 'sci', prefix: [], scope: null }, - { type: 'language', subtag: 'sck', prefix: [], scope: null }, - { type: 'language', subtag: 'scl', prefix: [], scope: null }, - { type: 'language', subtag: 'scn', prefix: [], scope: null }, - { type: 'language', subtag: 'sco', prefix: [], scope: null }, - { type: 'language', subtag: 'scp', prefix: [], scope: null }, - { type: 'language', subtag: 'scq', prefix: [], scope: null }, - { type: 'language', subtag: 'scs', prefix: [], scope: null }, - { type: 'language', subtag: 'sct', prefix: [], scope: null }, - { type: 'language', subtag: 'scu', prefix: [], scope: null }, - { type: 'language', subtag: 'scv', prefix: [], scope: null }, - { type: 'language', subtag: 'scw', prefix: [], scope: null }, - { type: 'language', subtag: 'scx', prefix: [], scope: null }, - { type: 'language', subtag: 'sda', prefix: [], scope: null }, - { type: 'language', subtag: 'sdb', prefix: [], scope: null }, - { type: 'language', subtag: 'sdc', prefix: [], scope: null }, - { type: 'language', subtag: 'sde', prefix: [], scope: null }, - { type: 'language', subtag: 'sdf', prefix: [], scope: null }, - { type: 'language', subtag: 'sdg', prefix: [], scope: null }, - { type: 'language', subtag: 'sdh', prefix: [], scope: null }, - { type: 'language', subtag: 'sdj', prefix: [], scope: null }, - { type: 'language', subtag: 'sdk', prefix: [], scope: null }, - { type: 'language', subtag: 'sdl', prefix: [], scope: null }, - { type: 'language', subtag: 'sdm', prefix: [], scope: null }, - { type: 'language', subtag: 'sdn', prefix: [], scope: null }, - { type: 'language', subtag: 'sdo', prefix: [], scope: null }, - { type: 'language', subtag: 'sdp', prefix: [], scope: null }, - { type: 'language', subtag: 'sdq', prefix: [], scope: null }, - { type: 'language', subtag: 'sdr', prefix: [], scope: null }, - { type: 'language', subtag: 'sds', prefix: [], scope: null }, - { type: 'language', subtag: 'sdt', prefix: [], scope: null }, - { type: 'language', subtag: 'sdu', prefix: [], scope: null }, - { type: 'language', subtag: 'sdv', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'sdx', prefix: [], scope: null }, - { type: 'language', subtag: 'sdz', prefix: [], scope: null }, - { type: 'language', subtag: 'sea', prefix: [], scope: null }, - { type: 'language', subtag: 'seb', prefix: [], scope: null }, - { type: 'language', subtag: 'sec', prefix: [], scope: null }, - { type: 'language', subtag: 'sed', prefix: [], scope: null }, - { type: 'language', subtag: 'see', prefix: [], scope: null }, - { type: 'language', subtag: 'sef', prefix: [], scope: null }, - { type: 'language', subtag: 'seg', prefix: [], scope: null }, - { type: 'language', subtag: 'seh', prefix: [], scope: null }, - { type: 'language', subtag: 'sei', prefix: [], scope: null }, - { type: 'language', subtag: 'sej', prefix: [], scope: null }, - { type: 'language', subtag: 'sek', prefix: [], scope: null }, - { type: 'language', subtag: 'sel', prefix: [], scope: null }, - { type: 'language', subtag: 'sem', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'sen', prefix: [], scope: null }, - { type: 'language', subtag: 'seo', prefix: [], scope: null }, - { type: 'language', subtag: 'sep', prefix: [], scope: null }, - { type: 'language', subtag: 'seq', prefix: [], scope: null }, - { type: 'language', subtag: 'ser', prefix: [], scope: null }, - { type: 'language', subtag: 'ses', prefix: [], scope: null }, - { type: 'language', subtag: 'set', prefix: [], scope: null }, - { type: 'language', subtag: 'seu', prefix: [], scope: null }, - { type: 'language', subtag: 'sev', prefix: [], scope: null }, - { type: 'language', subtag: 'sew', prefix: [], scope: null }, - { type: 'language', subtag: 'sey', prefix: [], scope: null }, - { type: 'language', subtag: 'sez', prefix: [], scope: null }, - { type: 'language', subtag: 'sfb', prefix: [], scope: null }, - { type: 'language', subtag: 'sfe', prefix: [], scope: null }, - { type: 'language', subtag: 'sfm', prefix: [], scope: null }, - { type: 'language', subtag: 'sfs', prefix: [], scope: null }, - { type: 'language', subtag: 'sfw', prefix: [], scope: null }, - { type: 'language', subtag: 'sga', prefix: [], scope: null }, - { type: 'language', subtag: 'sgb', prefix: [], scope: null }, - { type: 'language', subtag: 'sgc', prefix: [], scope: null }, - { type: 'language', subtag: 'sgd', prefix: [], scope: null }, - { type: 'language', subtag: 'sge', prefix: [], scope: null }, - { type: 'language', subtag: 'sgg', prefix: [], scope: null }, - { type: 'language', subtag: 'sgh', prefix: [], scope: null }, - { type: 'language', subtag: 'sgi', prefix: [], scope: null }, - { type: 'language', subtag: 'sgj', prefix: [], scope: null }, - { type: 'language', subtag: 'sgk', prefix: [], scope: null }, - { type: 'language', subtag: 'sgl', prefix: [], scope: null }, - { type: 'language', subtag: 'sgm', prefix: [], scope: null }, - { type: 'language', subtag: 'sgn', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'sgo', prefix: [], scope: null }, - { type: 'language', subtag: 'sgp', prefix: [], scope: null }, - { type: 'language', subtag: 'sgr', prefix: [], scope: null }, - { type: 'language', subtag: 'sgs', prefix: [], scope: null }, - { type: 'language', subtag: 'sgt', prefix: [], scope: null }, - { type: 'language', subtag: 'sgu', prefix: [], scope: null }, - { type: 'language', subtag: 'sgw', prefix: [], scope: null }, - { type: 'language', subtag: 'sgx', prefix: [], scope: null }, - { type: 'language', subtag: 'sgy', prefix: [], scope: null }, - { type: 'language', subtag: 'sgz', prefix: [], scope: null }, - { type: 'language', subtag: 'sha', prefix: [], scope: null }, - { type: 'language', subtag: 'shb', prefix: [], scope: null }, - { type: 'language', subtag: 'shc', prefix: [], scope: null }, - { type: 'language', subtag: 'shd', prefix: [], scope: null }, - { type: 'language', subtag: 'she', prefix: [], scope: null }, - { type: 'language', subtag: 'shg', prefix: [], scope: null }, - { type: 'language', subtag: 'shh', prefix: [], scope: null }, - { type: 'language', subtag: 'shi', prefix: [], scope: null }, - { type: 'language', subtag: 'shj', prefix: [], scope: null }, - { type: 'language', subtag: 'shk', prefix: [], scope: null }, - { type: 'language', subtag: 'shl', prefix: [], scope: null }, - { type: 'language', subtag: 'shm', prefix: [], scope: null }, - { type: 'language', subtag: 'shn', prefix: [], scope: null }, - { type: 'language', subtag: 'sho', prefix: [], scope: null }, - { type: 'language', subtag: 'shp', prefix: [], scope: null }, - { type: 'language', subtag: 'shq', prefix: [], scope: null }, - { type: 'language', subtag: 'shr', prefix: [], scope: null }, - { type: 'language', subtag: 'shs', prefix: [], scope: null }, - { type: 'language', subtag: 'sht', prefix: [], scope: null }, - { type: 'language', subtag: 'shu', prefix: [], scope: null }, - { type: 'language', subtag: 'shv', prefix: [], scope: null }, - { type: 'language', subtag: 'shw', prefix: [], scope: null }, - { type: 'language', subtag: 'shx', prefix: [], scope: null }, - { type: 'language', subtag: 'shy', prefix: [], scope: null }, - { type: 'language', subtag: 'shz', prefix: [], scope: null }, - { type: 'language', subtag: 'sia', prefix: [], scope: null }, - { type: 'language', subtag: 'sib', prefix: [], scope: null }, - { type: 'language', subtag: 'sid', prefix: [], scope: null }, - { type: 'language', subtag: 'sie', prefix: [], scope: null }, - { type: 'language', subtag: 'sif', prefix: [], scope: null }, - { type: 'language', subtag: 'sig', prefix: [], scope: null }, - { type: 'language', subtag: 'sih', prefix: [], scope: null }, - { type: 'language', subtag: 'sii', prefix: [], scope: null }, - { type: 'language', subtag: 'sij', prefix: [], scope: null }, - { type: 'language', subtag: 'sik', prefix: [], scope: null }, - { type: 'language', subtag: 'sil', prefix: [], scope: null }, - { type: 'language', subtag: 'sim', prefix: [], scope: null }, - { type: 'language', subtag: 'sio', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'sip', prefix: [], scope: null }, - { type: 'language', subtag: 'siq', prefix: [], scope: null }, - { type: 'language', subtag: 'sir', prefix: [], scope: null }, - { type: 'language', subtag: 'sis', prefix: [], scope: null }, - { type: 'language', subtag: 'sit', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'siu', prefix: [], scope: null }, - { type: 'language', subtag: 'siv', prefix: [], scope: null }, - { type: 'language', subtag: 'siw', prefix: [], scope: null }, - { type: 'language', subtag: 'six', prefix: [], scope: null }, - { type: 'language', subtag: 'siy', prefix: [], scope: null }, - { type: 'language', subtag: 'siz', prefix: [], scope: null }, - { type: 'language', subtag: 'sja', prefix: [], scope: null }, - { type: 'language', subtag: 'sjb', prefix: [], scope: null }, - { type: 'language', subtag: 'sjd', prefix: [], scope: null }, - { type: 'language', subtag: 'sje', prefix: [], scope: null }, - { type: 'language', subtag: 'sjg', prefix: [], scope: null }, - { type: 'language', subtag: 'sjk', prefix: [], scope: null }, - { type: 'language', subtag: 'sjl', prefix: [], scope: null }, - { type: 'language', subtag: 'sjm', prefix: [], scope: null }, - { type: 'language', subtag: 'sjn', prefix: [], scope: null }, - { type: 'language', subtag: 'sjo', prefix: [], scope: null }, - { type: 'language', subtag: 'sjp', prefix: [], scope: null }, - { type: 'language', subtag: 'sjr', prefix: [], scope: null }, - { type: 'language', subtag: 'sjs', prefix: [], scope: null }, - { type: 'language', subtag: 'sjt', prefix: [], scope: null }, - { type: 'language', subtag: 'sju', prefix: [], scope: null }, - { type: 'language', subtag: 'sjw', prefix: [], scope: null }, - { type: 'language', subtag: 'ska', prefix: [], scope: null }, - { type: 'language', subtag: 'skb', prefix: [], scope: null }, - { type: 'language', subtag: 'skc', prefix: [], scope: null }, - { type: 'language', subtag: 'skd', prefix: [], scope: null }, - { type: 'language', subtag: 'ske', prefix: [], scope: null }, - { type: 'language', subtag: 'skf', prefix: [], scope: null }, - { type: 'language', subtag: 'skg', prefix: [], scope: null }, - { type: 'language', subtag: 'skh', prefix: [], scope: null }, - { type: 'language', subtag: 'ski', prefix: [], scope: null }, - { type: 'language', subtag: 'skj', prefix: [], scope: null }, - { type: 'language', subtag: 'skk', prefix: [], scope: null }, - { type: 'language', subtag: 'skm', prefix: [], scope: null }, - { type: 'language', subtag: 'skn', prefix: [], scope: null }, - { type: 'language', subtag: 'sko', prefix: [], scope: null }, - { type: 'language', subtag: 'skp', prefix: [], scope: null }, - { type: 'language', subtag: 'skq', prefix: [], scope: null }, - { type: 'language', subtag: 'skr', prefix: [], scope: null }, - { type: 'language', subtag: 'sks', prefix: [], scope: null }, - { type: 'language', subtag: 'skt', prefix: [], scope: null }, - { type: 'language', subtag: 'sku', prefix: [], scope: null }, - { type: 'language', subtag: 'skv', prefix: [], scope: null }, - { type: 'language', subtag: 'skw', prefix: [], scope: null }, - { type: 'language', subtag: 'skx', prefix: [], scope: null }, - { type: 'language', subtag: 'sky', prefix: [], scope: null }, - { type: 'language', subtag: 'skz', prefix: [], scope: null }, - { type: 'language', subtag: 'sla', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'slc', prefix: [], scope: null }, - { type: 'language', subtag: 'sld', prefix: [], scope: null }, - { type: 'language', subtag: 'sle', prefix: [], scope: null }, - { type: 'language', subtag: 'slf', prefix: [], scope: null }, - { type: 'language', subtag: 'slg', prefix: [], scope: null }, - { type: 'language', subtag: 'slh', prefix: [], scope: null }, - { type: 'language', subtag: 'sli', prefix: [], scope: null }, - { type: 'language', subtag: 'slj', prefix: [], scope: null }, - { type: 'language', subtag: 'sll', prefix: [], scope: null }, - { type: 'language', subtag: 'slm', prefix: [], scope: null }, - { type: 'language', subtag: 'sln', prefix: [], scope: null }, - { type: 'language', subtag: 'slp', prefix: [], scope: null }, - { type: 'language', subtag: 'slq', prefix: [], scope: null }, - { type: 'language', subtag: 'slr', prefix: [], scope: null }, - { type: 'language', subtag: 'sls', prefix: [], scope: null }, - { type: 'language', subtag: 'slt', prefix: [], scope: null }, - { type: 'language', subtag: 'slu', prefix: [], scope: null }, - { type: 'language', subtag: 'slw', prefix: [], scope: null }, - { type: 'language', subtag: 'slx', prefix: [], scope: null }, - { type: 'language', subtag: 'sly', prefix: [], scope: null }, - { type: 'language', subtag: 'slz', prefix: [], scope: null }, - { type: 'language', subtag: 'sma', prefix: [], scope: null }, - { type: 'language', subtag: 'smb', prefix: [], scope: null }, - { type: 'language', subtag: 'smc', prefix: [], scope: null }, - { type: 'language', subtag: 'smd', prefix: [], scope: null }, - { type: 'language', subtag: 'smf', prefix: [], scope: null }, - { type: 'language', subtag: 'smg', prefix: [], scope: null }, - { type: 'language', subtag: 'smh', prefix: [], scope: null }, - { type: 'language', subtag: 'smi', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'smj', prefix: [], scope: null }, - { type: 'language', subtag: 'smk', prefix: [], scope: null }, - { type: 'language', subtag: 'sml', prefix: [], scope: null }, - { type: 'language', subtag: 'smm', prefix: [], scope: null }, - { type: 'language', subtag: 'smn', prefix: [], scope: null }, - { type: 'language', subtag: 'smp', prefix: [], scope: null }, - { type: 'language', subtag: 'smq', prefix: [], scope: null }, - { type: 'language', subtag: 'smr', prefix: [], scope: null }, - { type: 'language', subtag: 'sms', prefix: [], scope: null }, - { type: 'language', subtag: 'smt', prefix: [], scope: null }, - { type: 'language', subtag: 'smu', prefix: [], scope: null }, - { type: 'language', subtag: 'smv', prefix: [], scope: null }, - { type: 'language', subtag: 'smw', prefix: [], scope: null }, - { type: 'language', subtag: 'smx', prefix: [], scope: null }, - { type: 'language', subtag: 'smy', prefix: [], scope: null }, - { type: 'language', subtag: 'smz', prefix: [], scope: null }, - { type: 'language', subtag: 'snb', prefix: [], scope: null }, - { type: 'language', subtag: 'snc', prefix: [], scope: null }, - { type: 'language', subtag: 'sne', prefix: [], scope: null }, - { type: 'language', subtag: 'snf', prefix: [], scope: null }, - { type: 'language', subtag: 'sng', prefix: [], scope: null }, - { type: 'language', subtag: 'snh', prefix: [], scope: null }, - { type: 'language', subtag: 'sni', prefix: [], scope: null }, - { type: 'language', subtag: 'snj', prefix: [], scope: null }, - { type: 'language', subtag: 'snk', prefix: [], scope: null }, - { type: 'language', subtag: 'snl', prefix: [], scope: null }, - { type: 'language', subtag: 'snm', prefix: [], scope: null }, - { type: 'language', subtag: 'snn', prefix: [], scope: null }, - { type: 'language', subtag: 'sno', prefix: [], scope: null }, - { type: 'language', subtag: 'snp', prefix: [], scope: null }, - { type: 'language', subtag: 'snq', prefix: [], scope: null }, - { type: 'language', subtag: 'snr', prefix: [], scope: null }, - { type: 'language', subtag: 'sns', prefix: [], scope: null }, - { type: 'language', subtag: 'snu', prefix: [], scope: null }, - { type: 'language', subtag: 'snv', prefix: [], scope: null }, - { type: 'language', subtag: 'snw', prefix: [], scope: null }, - { type: 'language', subtag: 'snx', prefix: [], scope: null }, - { type: 'language', subtag: 'sny', prefix: [], scope: null }, - { type: 'language', subtag: 'snz', prefix: [], scope: null }, - { type: 'language', subtag: 'soa', prefix: [], scope: null }, - { type: 'language', subtag: 'sob', prefix: [], scope: null }, - { type: 'language', subtag: 'soc', prefix: [], scope: null }, - { type: 'language', subtag: 'sod', prefix: [], scope: null }, - { type: 'language', subtag: 'soe', prefix: [], scope: null }, - { type: 'language', subtag: 'sog', prefix: [], scope: null }, - { type: 'language', subtag: 'soh', prefix: [], scope: null }, - { type: 'language', subtag: 'soi', prefix: [], scope: null }, - { type: 'language', subtag: 'soj', prefix: [], scope: null }, - { type: 'language', subtag: 'sok', prefix: [], scope: null }, - { type: 'language', subtag: 'sol', prefix: [], scope: null }, - { type: 'language', subtag: 'son', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'soo', prefix: [], scope: null }, - { type: 'language', subtag: 'sop', prefix: [], scope: null }, - { type: 'language', subtag: 'soq', prefix: [], scope: null }, - { type: 'language', subtag: 'sor', prefix: [], scope: null }, - { type: 'language', subtag: 'sos', prefix: [], scope: null }, - { type: 'language', subtag: 'sou', prefix: [], scope: null }, - { type: 'language', subtag: 'sov', prefix: [], scope: null }, - { type: 'language', subtag: 'sow', prefix: [], scope: null }, - { type: 'language', subtag: 'sox', prefix: [], scope: null }, - { type: 'language', subtag: 'soy', prefix: [], scope: null }, - { type: 'language', subtag: 'soz', prefix: [], scope: null }, - { type: 'language', subtag: 'spb', prefix: [], scope: null }, - { type: 'language', subtag: 'spc', prefix: [], scope: null }, - { type: 'language', subtag: 'spd', prefix: [], scope: null }, - { type: 'language', subtag: 'spe', prefix: [], scope: null }, - { type: 'language', subtag: 'spg', prefix: [], scope: null }, - { type: 'language', subtag: 'spi', prefix: [], scope: null }, - { type: 'language', subtag: 'spk', prefix: [], scope: null }, - { type: 'language', subtag: 'spl', prefix: [], scope: null }, - { type: 'language', subtag: 'spm', prefix: [], scope: null }, - { type: 'language', subtag: 'spn', prefix: [], scope: null }, - { type: 'language', subtag: 'spo', prefix: [], scope: null }, - { type: 'language', subtag: 'spp', prefix: [], scope: null }, - { type: 'language', subtag: 'spq', prefix: [], scope: null }, - { type: 'language', subtag: 'spr', prefix: [], scope: null }, - { type: 'language', subtag: 'sps', prefix: [], scope: null }, - { type: 'language', subtag: 'spt', prefix: [], scope: null }, - { type: 'language', subtag: 'spu', prefix: [], scope: null }, - { type: 'language', subtag: 'spv', prefix: [], scope: null }, - { type: 'language', subtag: 'spx', prefix: [], scope: null }, - { type: 'language', subtag: 'spy', prefix: [], scope: null }, - { type: 'language', subtag: 'sqa', prefix: [], scope: null }, - { type: 'language', subtag: 'sqh', prefix: [], scope: null }, - { type: 'language', subtag: 'sqj', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'sqk', prefix: [], scope: null }, - { type: 'language', subtag: 'sqm', prefix: [], scope: null }, - { type: 'language', subtag: 'sqn', prefix: [], scope: null }, - { type: 'language', subtag: 'sqo', prefix: [], scope: null }, - { type: 'language', subtag: 'sqq', prefix: [], scope: null }, - { type: 'language', subtag: 'sqr', prefix: [], scope: null }, - { type: 'language', subtag: 'sqs', prefix: [], scope: null }, - { type: 'language', subtag: 'sqt', prefix: [], scope: null }, - { type: 'language', subtag: 'squ', prefix: [], scope: null }, - { type: 'language', subtag: 'sqx', prefix: [], scope: null }, - { type: 'language', subtag: 'sra', prefix: [], scope: null }, - { type: 'language', subtag: 'srb', prefix: [], scope: null }, - { type: 'language', subtag: 'src', prefix: [], scope: null }, - { type: 'language', subtag: 'sre', prefix: [], scope: null }, - { type: 'language', subtag: 'srf', prefix: [], scope: null }, - { type: 'language', subtag: 'srg', prefix: [], scope: null }, - { type: 'language', subtag: 'srh', prefix: [], scope: null }, - { type: 'language', subtag: 'sri', prefix: [], scope: null }, - { type: 'language', subtag: 'srk', prefix: [], scope: null }, - { type: 'language', subtag: 'srl', prefix: [], scope: null }, - { type: 'language', subtag: 'srm', prefix: [], scope: null }, - { type: 'language', subtag: 'srn', prefix: [], scope: null }, - { type: 'language', subtag: 'sro', prefix: [], scope: null }, - { type: 'language', subtag: 'srq', prefix: [], scope: null }, - { type: 'language', subtag: 'srr', prefix: [], scope: null }, - { type: 'language', subtag: 'srs', prefix: [], scope: null }, - { type: 'language', subtag: 'srt', prefix: [], scope: null }, - { type: 'language', subtag: 'sru', prefix: [], scope: null }, - { type: 'language', subtag: 'srv', prefix: [], scope: null }, - { type: 'language', subtag: 'srw', prefix: [], scope: null }, - { type: 'language', subtag: 'srx', prefix: [], scope: null }, - { type: 'language', subtag: 'sry', prefix: [], scope: null }, - { type: 'language', subtag: 'srz', prefix: [], scope: null }, - { type: 'language', subtag: 'ssa', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'ssb', prefix: [], scope: null }, - { type: 'language', subtag: 'ssc', prefix: [], scope: null }, - { type: 'language', subtag: 'ssd', prefix: [], scope: null }, - { type: 'language', subtag: 'sse', prefix: [], scope: null }, - { type: 'language', subtag: 'ssf', prefix: [], scope: null }, - { type: 'language', subtag: 'ssg', prefix: [], scope: null }, - { type: 'language', subtag: 'ssh', prefix: [], scope: null }, - { type: 'language', subtag: 'ssi', prefix: [], scope: null }, - { type: 'language', subtag: 'ssj', prefix: [], scope: null }, - { type: 'language', subtag: 'ssk', prefix: [], scope: null }, - { type: 'language', subtag: 'ssl', prefix: [], scope: null }, - { type: 'language', subtag: 'ssm', prefix: [], scope: null }, - { type: 'language', subtag: 'ssn', prefix: [], scope: null }, - { type: 'language', subtag: 'sso', prefix: [], scope: null }, - { type: 'language', subtag: 'ssp', prefix: [], scope: null }, - { type: 'language', subtag: 'ssq', prefix: [], scope: null }, - { type: 'language', subtag: 'ssr', prefix: [], scope: null }, - { type: 'language', subtag: 'sss', prefix: [], scope: null }, - { type: 'language', subtag: 'sst', prefix: [], scope: null }, - { type: 'language', subtag: 'ssu', prefix: [], scope: null }, - { type: 'language', subtag: 'ssv', prefix: [], scope: null }, - { type: 'language', subtag: 'ssx', prefix: [], scope: null }, - { type: 'language', subtag: 'ssy', prefix: [], scope: null }, - { type: 'language', subtag: 'ssz', prefix: [], scope: null }, - { type: 'language', subtag: 'sta', prefix: [], scope: null }, - { type: 'language', subtag: 'stb', prefix: [], scope: null }, - { type: 'language', subtag: 'std', prefix: [], scope: null }, - { type: 'language', subtag: 'ste', prefix: [], scope: null }, - { type: 'language', subtag: 'stf', prefix: [], scope: null }, - { type: 'language', subtag: 'stg', prefix: [], scope: null }, - { type: 'language', subtag: 'sth', prefix: [], scope: null }, - { type: 'language', subtag: 'sti', prefix: [], scope: null }, - { type: 'language', subtag: 'stj', prefix: [], scope: null }, - { type: 'language', subtag: 'stk', prefix: [], scope: null }, - { type: 'language', subtag: 'stl', prefix: [], scope: null }, - { type: 'language', subtag: 'stm', prefix: [], scope: null }, - { type: 'language', subtag: 'stn', prefix: [], scope: null }, - { type: 'language', subtag: 'sto', prefix: [], scope: null }, - { type: 'language', subtag: 'stp', prefix: [], scope: null }, - { type: 'language', subtag: 'stq', prefix: [], scope: null }, - { type: 'language', subtag: 'str', prefix: [], scope: null }, - { type: 'language', subtag: 'sts', prefix: [], scope: null }, - { type: 'language', subtag: 'stt', prefix: [], scope: null }, - { type: 'language', subtag: 'stu', prefix: [], scope: null }, - { type: 'language', subtag: 'stv', prefix: [], scope: null }, - { type: 'language', subtag: 'stw', prefix: [], scope: null }, - { type: 'language', subtag: 'sty', prefix: [], scope: null }, - { type: 'language', subtag: 'sua', prefix: [], scope: null }, - { type: 'language', subtag: 'sub', prefix: [], scope: null }, - { type: 'language', subtag: 'suc', prefix: [], scope: null }, - { type: 'language', subtag: 'sue', prefix: [], scope: null }, - { type: 'language', subtag: 'sug', prefix: [], scope: null }, - { type: 'language', subtag: 'sui', prefix: [], scope: null }, - { type: 'language', subtag: 'suj', prefix: [], scope: null }, - { type: 'language', subtag: 'suk', prefix: [], scope: null }, - { type: 'language', subtag: 'sul', prefix: [], scope: null }, - { type: 'language', subtag: 'sum', prefix: [], scope: null }, - { type: 'language', subtag: 'suo', prefix: [], scope: null }, - { type: 'language', subtag: 'suq', prefix: [], scope: null }, - { type: 'language', subtag: 'sur', prefix: [], scope: null }, - { type: 'language', subtag: 'sus', prefix: [], scope: null }, - { type: 'language', subtag: 'sut', prefix: [], scope: null }, - { type: 'language', subtag: 'suv', prefix: [], scope: null }, - { type: 'language', subtag: 'suw', prefix: [], scope: null }, - { type: 'language', subtag: 'sux', prefix: [], scope: null }, - { type: 'language', subtag: 'suy', prefix: [], scope: null }, - { type: 'language', subtag: 'suz', prefix: [], scope: null }, - { type: 'language', subtag: 'sva', prefix: [], scope: null }, - { type: 'language', subtag: 'svb', prefix: [], scope: null }, - { type: 'language', subtag: 'svc', prefix: [], scope: null }, - { type: 'language', subtag: 'sve', prefix: [], scope: null }, - { type: 'language', subtag: 'svk', prefix: [], scope: null }, - { type: 'language', subtag: 'svm', prefix: [], scope: null }, - { type: 'language', subtag: 'svr', prefix: [], scope: null }, - { type: 'language', subtag: 'svs', prefix: [], scope: null }, - { type: 'language', subtag: 'svx', prefix: [], scope: null }, - { type: 'language', subtag: 'swb', prefix: [], scope: null }, - { type: 'language', subtag: 'swc', prefix: [], scope: null }, - { type: 'language', subtag: 'swf', prefix: [], scope: null }, - { type: 'language', subtag: 'swg', prefix: [], scope: null }, - { type: 'language', subtag: 'swh', prefix: [], scope: null }, - { type: 'language', subtag: 'swi', prefix: [], scope: null }, - { type: 'language', subtag: 'swj', prefix: [], scope: null }, - { type: 'language', subtag: 'swk', prefix: [], scope: null }, - { type: 'language', subtag: 'swl', prefix: [], scope: null }, - { type: 'language', subtag: 'swm', prefix: [], scope: null }, - { type: 'language', subtag: 'swn', prefix: [], scope: null }, - { type: 'language', subtag: 'swo', prefix: [], scope: null }, - { type: 'language', subtag: 'swp', prefix: [], scope: null }, - { type: 'language', subtag: 'swq', prefix: [], scope: null }, - { type: 'language', subtag: 'swr', prefix: [], scope: null }, - { type: 'language', subtag: 'sws', prefix: [], scope: null }, - { type: 'language', subtag: 'swt', prefix: [], scope: null }, - { type: 'language', subtag: 'swu', prefix: [], scope: null }, - { type: 'language', subtag: 'swv', prefix: [], scope: null }, - { type: 'language', subtag: 'sww', prefix: [], scope: null }, - { type: 'language', subtag: 'swx', prefix: [], scope: null }, - { type: 'language', subtag: 'swy', prefix: [], scope: null }, - { type: 'language', subtag: 'sxb', prefix: [], scope: null }, - { type: 'language', subtag: 'sxc', prefix: [], scope: null }, - { type: 'language', subtag: 'sxe', prefix: [], scope: null }, - { type: 'language', subtag: 'sxg', prefix: [], scope: null }, - { type: 'language', subtag: 'sxk', prefix: [], scope: null }, - { type: 'language', subtag: 'sxl', prefix: [], scope: null }, - { type: 'language', subtag: 'sxm', prefix: [], scope: null }, - { type: 'language', subtag: 'sxn', prefix: [], scope: null }, - { type: 'language', subtag: 'sxo', prefix: [], scope: null }, - { type: 'language', subtag: 'sxr', prefix: [], scope: null }, - { type: 'language', subtag: 'sxs', prefix: [], scope: null }, - { type: 'language', subtag: 'sxu', prefix: [], scope: null }, - { type: 'language', subtag: 'sxw', prefix: [], scope: null }, - { type: 'language', subtag: 'sya', prefix: [], scope: null }, - { type: 'language', subtag: 'syb', prefix: [], scope: null }, - { type: 'language', subtag: 'syc', prefix: [], scope: null }, - { type: 'language', subtag: 'syd', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'syi', prefix: [], scope: null }, - { type: 'language', subtag: 'syk', prefix: [], scope: null }, - { type: 'language', subtag: 'syl', prefix: [], scope: null }, - { type: 'language', subtag: 'sym', prefix: [], scope: null }, - { type: 'language', subtag: 'syn', prefix: [], scope: null }, - { type: 'language', subtag: 'syo', prefix: [], scope: null }, - { type: 'language', subtag: 'syr', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'sys', prefix: [], scope: null }, - { type: 'language', subtag: 'syw', prefix: [], scope: null }, - { type: 'language', subtag: 'syx', prefix: [], scope: null }, - { type: 'language', subtag: 'syy', prefix: [], scope: null }, - { type: 'language', subtag: 'sza', prefix: [], scope: null }, - { type: 'language', subtag: 'szb', prefix: [], scope: null }, - { type: 'language', subtag: 'szc', prefix: [], scope: null }, - { type: 'language', subtag: 'szd', prefix: [], scope: null }, - { type: 'language', subtag: 'sze', prefix: [], scope: null }, - { type: 'language', subtag: 'szg', prefix: [], scope: null }, - { type: 'language', subtag: 'szl', prefix: [], scope: null }, - { type: 'language', subtag: 'szn', prefix: [], scope: null }, - { type: 'language', subtag: 'szp', prefix: [], scope: null }, - { type: 'language', subtag: 'szs', prefix: [], scope: null }, - { type: 'language', subtag: 'szv', prefix: [], scope: null }, - { type: 'language', subtag: 'szw', prefix: [], scope: null }, - { type: 'language', subtag: 'szy', prefix: [], scope: null }, - { type: 'language', subtag: 'taa', prefix: [], scope: null }, - { type: 'language', subtag: 'tab', prefix: [], scope: null }, - { type: 'language', subtag: 'tac', prefix: [], scope: null }, - { type: 'language', subtag: 'tad', prefix: [], scope: null }, - { type: 'language', subtag: 'tae', prefix: [], scope: null }, - { type: 'language', subtag: 'taf', prefix: [], scope: null }, - { type: 'language', subtag: 'tag', prefix: [], scope: null }, - { type: 'language', subtag: 'tai', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'taj', prefix: [], scope: null }, - { type: 'language', subtag: 'tak', prefix: [], scope: null }, - { type: 'language', subtag: 'tal', prefix: [], scope: null }, - { type: 'language', subtag: 'tan', prefix: [], scope: null }, - { type: 'language', subtag: 'tao', prefix: [], scope: null }, - { type: 'language', subtag: 'tap', prefix: [], scope: null }, - { type: 'language', subtag: 'taq', prefix: [], scope: null }, - { type: 'language', subtag: 'tar', prefix: [], scope: null }, - { type: 'language', subtag: 'tas', prefix: [], scope: null }, - { type: 'language', subtag: 'tau', prefix: [], scope: null }, - { type: 'language', subtag: 'tav', prefix: [], scope: null }, - { type: 'language', subtag: 'taw', prefix: [], scope: null }, - { type: 'language', subtag: 'tax', prefix: [], scope: null }, - { type: 'language', subtag: 'tay', prefix: [], scope: null }, - { type: 'language', subtag: 'taz', prefix: [], scope: null }, - { type: 'language', subtag: 'tba', prefix: [], scope: null }, - { type: 'language', subtag: 'tbb', prefix: [], scope: null }, - { type: 'language', subtag: 'tbc', prefix: [], scope: null }, - { type: 'language', subtag: 'tbd', prefix: [], scope: null }, - { type: 'language', subtag: 'tbe', prefix: [], scope: null }, - { type: 'language', subtag: 'tbf', prefix: [], scope: null }, - { type: 'language', subtag: 'tbg', prefix: [], scope: null }, - { type: 'language', subtag: 'tbh', prefix: [], scope: null }, - { type: 'language', subtag: 'tbi', prefix: [], scope: null }, - { type: 'language', subtag: 'tbj', prefix: [], scope: null }, - { type: 'language', subtag: 'tbk', prefix: [], scope: null }, - { type: 'language', subtag: 'tbl', prefix: [], scope: null }, - { type: 'language', subtag: 'tbm', prefix: [], scope: null }, - { type: 'language', subtag: 'tbn', prefix: [], scope: null }, - { type: 'language', subtag: 'tbo', prefix: [], scope: null }, - { type: 'language', subtag: 'tbp', prefix: [], scope: null }, - { type: 'language', subtag: 'tbq', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'tbr', prefix: [], scope: null }, - { type: 'language', subtag: 'tbs', prefix: [], scope: null }, - { type: 'language', subtag: 'tbt', prefix: [], scope: null }, - { type: 'language', subtag: 'tbu', prefix: [], scope: null }, - { type: 'language', subtag: 'tbv', prefix: [], scope: null }, - { type: 'language', subtag: 'tbw', prefix: [], scope: null }, - { type: 'language', subtag: 'tbx', prefix: [], scope: null }, - { type: 'language', subtag: 'tby', prefix: [], scope: null }, - { type: 'language', subtag: 'tbz', prefix: [], scope: null }, - { type: 'language', subtag: 'tca', prefix: [], scope: null }, - { type: 'language', subtag: 'tcb', prefix: [], scope: null }, - { type: 'language', subtag: 'tcc', prefix: [], scope: null }, - { type: 'language', subtag: 'tcd', prefix: [], scope: null }, - { type: 'language', subtag: 'tce', prefix: [], scope: null }, - { type: 'language', subtag: 'tcf', prefix: [], scope: null }, - { type: 'language', subtag: 'tcg', prefix: [], scope: null }, - { type: 'language', subtag: 'tch', prefix: [], scope: null }, - { type: 'language', subtag: 'tci', prefix: [], scope: null }, - { type: 'language', subtag: 'tck', prefix: [], scope: null }, - { type: 'language', subtag: 'tcl', prefix: [], scope: null }, - { type: 'language', subtag: 'tcm', prefix: [], scope: null }, - { type: 'language', subtag: 'tcn', prefix: [], scope: null }, - { type: 'language', subtag: 'tco', prefix: [], scope: null }, - { type: 'language', subtag: 'tcp', prefix: [], scope: null }, - { type: 'language', subtag: 'tcq', prefix: [], scope: null }, - { type: 'language', subtag: 'tcs', prefix: [], scope: null }, - { type: 'language', subtag: 'tct', prefix: [], scope: null }, - { type: 'language', subtag: 'tcu', prefix: [], scope: null }, - { type: 'language', subtag: 'tcw', prefix: [], scope: null }, - { type: 'language', subtag: 'tcx', prefix: [], scope: null }, - { type: 'language', subtag: 'tcy', prefix: [], scope: null }, - { type: 'language', subtag: 'tcz', prefix: [], scope: null }, - { type: 'language', subtag: 'tda', prefix: [], scope: null }, - { type: 'language', subtag: 'tdb', prefix: [], scope: null }, - { type: 'language', subtag: 'tdc', prefix: [], scope: null }, - { type: 'language', subtag: 'tdd', prefix: [], scope: null }, - { type: 'language', subtag: 'tde', prefix: [], scope: null }, - { type: 'language', subtag: 'tdf', prefix: [], scope: null }, - { type: 'language', subtag: 'tdg', prefix: [], scope: null }, - { type: 'language', subtag: 'tdh', prefix: [], scope: null }, - { type: 'language', subtag: 'tdi', prefix: [], scope: null }, - { type: 'language', subtag: 'tdj', prefix: [], scope: null }, - { type: 'language', subtag: 'tdk', prefix: [], scope: null }, - { type: 'language', subtag: 'tdl', prefix: [], scope: null }, - { type: 'language', subtag: 'tdm', prefix: [], scope: null }, - { type: 'language', subtag: 'tdn', prefix: [], scope: null }, - { type: 'language', subtag: 'tdo', prefix: [], scope: null }, - { type: 'language', subtag: 'tdq', prefix: [], scope: null }, - { type: 'language', subtag: 'tdr', prefix: [], scope: null }, - { type: 'language', subtag: 'tds', prefix: [], scope: null }, - { type: 'language', subtag: 'tdt', prefix: [], scope: null }, - { type: 'language', subtag: 'tdu', prefix: [], scope: null }, - { type: 'language', subtag: 'tdv', prefix: [], scope: null }, - { type: 'language', subtag: 'tdx', prefix: [], scope: null }, - { type: 'language', subtag: 'tdy', prefix: [], scope: null }, - { type: 'language', subtag: 'tea', prefix: [], scope: null }, - { type: 'language', subtag: 'teb', prefix: [], scope: null }, - { type: 'language', subtag: 'tec', prefix: [], scope: null }, - { type: 'language', subtag: 'ted', prefix: [], scope: null }, - { type: 'language', subtag: 'tee', prefix: [], scope: null }, - { type: 'language', subtag: 'tef', prefix: [], scope: null }, - { type: 'language', subtag: 'teg', prefix: [], scope: null }, - { type: 'language', subtag: 'teh', prefix: [], scope: null }, - { type: 'language', subtag: 'tei', prefix: [], scope: null }, - { type: 'language', subtag: 'tek', prefix: [], scope: null }, - { type: 'language', subtag: 'tem', prefix: [], scope: null }, - { type: 'language', subtag: 'ten', prefix: [], scope: null }, - { type: 'language', subtag: 'teo', prefix: [], scope: null }, - { type: 'language', subtag: 'tep', prefix: [], scope: null }, - { type: 'language', subtag: 'teq', prefix: [], scope: null }, - { type: 'language', subtag: 'ter', prefix: [], scope: null }, - { type: 'language', subtag: 'tes', prefix: [], scope: null }, - { type: 'language', subtag: 'tet', prefix: [], scope: null }, - { type: 'language', subtag: 'teu', prefix: [], scope: null }, - { type: 'language', subtag: 'tev', prefix: [], scope: null }, - { type: 'language', subtag: 'tew', prefix: [], scope: null }, - { type: 'language', subtag: 'tex', prefix: [], scope: null }, - { type: 'language', subtag: 'tey', prefix: [], scope: null }, - { type: 'language', subtag: 'tez', prefix: [], scope: null }, - { type: 'language', subtag: 'tfi', prefix: [], scope: null }, - { type: 'language', subtag: 'tfn', prefix: [], scope: null }, - { type: 'language', subtag: 'tfo', prefix: [], scope: null }, - { type: 'language', subtag: 'tfr', prefix: [], scope: null }, - { type: 'language', subtag: 'tft', prefix: [], scope: null }, - { type: 'language', subtag: 'tga', prefix: [], scope: null }, - { type: 'language', subtag: 'tgb', prefix: [], scope: null }, - { type: 'language', subtag: 'tgc', prefix: [], scope: null }, - { type: 'language', subtag: 'tgd', prefix: [], scope: null }, - { type: 'language', subtag: 'tge', prefix: [], scope: null }, - { type: 'language', subtag: 'tgf', prefix: [], scope: null }, - { type: 'language', subtag: 'tgg', prefix: [], scope: null }, - { type: 'language', subtag: 'tgh', prefix: [], scope: null }, - { type: 'language', subtag: 'tgi', prefix: [], scope: null }, - { type: 'language', subtag: 'tgj', prefix: [], scope: null }, - { type: 'language', subtag: 'tgn', prefix: [], scope: null }, - { type: 'language', subtag: 'tgo', prefix: [], scope: null }, - { type: 'language', subtag: 'tgp', prefix: [], scope: null }, - { type: 'language', subtag: 'tgq', prefix: [], scope: null }, - { type: 'language', subtag: 'tgr', prefix: [], scope: null }, - { type: 'language', subtag: 'tgs', prefix: [], scope: null }, - { type: 'language', subtag: 'tgt', prefix: [], scope: null }, - { type: 'language', subtag: 'tgu', prefix: [], scope: null }, - { type: 'language', subtag: 'tgv', prefix: [], scope: null }, - { type: 'language', subtag: 'tgw', prefix: [], scope: null }, - { type: 'language', subtag: 'tgx', prefix: [], scope: null }, - { type: 'language', subtag: 'tgy', prefix: [], scope: null }, - { type: 'language', subtag: 'tgz', prefix: [], scope: null }, - { type: 'language', subtag: 'thc', prefix: [], scope: null }, - { type: 'language', subtag: 'thd', prefix: [], scope: null }, - { type: 'language', subtag: 'the', prefix: [], scope: null }, - { type: 'language', subtag: 'thf', prefix: [], scope: null }, - { type: 'language', subtag: 'thh', prefix: [], scope: null }, - { type: 'language', subtag: 'thi', prefix: [], scope: null }, - { type: 'language', subtag: 'thk', prefix: [], scope: null }, - { type: 'language', subtag: 'thl', prefix: [], scope: null }, - { type: 'language', subtag: 'thm', prefix: [], scope: null }, - { type: 'language', subtag: 'thn', prefix: [], scope: null }, - { type: 'language', subtag: 'thp', prefix: [], scope: null }, - { type: 'language', subtag: 'thq', prefix: [], scope: null }, - { type: 'language', subtag: 'thr', prefix: [], scope: null }, - { type: 'language', subtag: 'ths', prefix: [], scope: null }, - { type: 'language', subtag: 'tht', prefix: [], scope: null }, - { type: 'language', subtag: 'thu', prefix: [], scope: null }, - { type: 'language', subtag: 'thv', prefix: [], scope: null }, - { type: 'language', subtag: 'thw', prefix: [], scope: null }, - { type: 'language', subtag: 'thx', prefix: [], scope: null }, - { type: 'language', subtag: 'thy', prefix: [], scope: null }, - { type: 'language', subtag: 'thz', prefix: [], scope: null }, - { type: 'language', subtag: 'tia', prefix: [], scope: null }, - { type: 'language', subtag: 'tic', prefix: [], scope: null }, - { type: 'language', subtag: 'tid', prefix: [], scope: null }, - { type: 'language', subtag: 'tie', prefix: [], scope: null }, - { type: 'language', subtag: 'tif', prefix: [], scope: null }, - { type: 'language', subtag: 'tig', prefix: [], scope: null }, - { type: 'language', subtag: 'tih', prefix: [], scope: null }, - { type: 'language', subtag: 'tii', prefix: [], scope: null }, - { type: 'language', subtag: 'tij', prefix: [], scope: null }, - { type: 'language', subtag: 'tik', prefix: [], scope: null }, - { type: 'language', subtag: 'til', prefix: [], scope: null }, - { type: 'language', subtag: 'tim', prefix: [], scope: null }, - { type: 'language', subtag: 'tin', prefix: [], scope: null }, - { type: 'language', subtag: 'tio', prefix: [], scope: null }, - { type: 'language', subtag: 'tip', prefix: [], scope: null }, - { type: 'language', subtag: 'tiq', prefix: [], scope: null }, - { type: 'language', subtag: 'tis', prefix: [], scope: null }, - { type: 'language', subtag: 'tit', prefix: [], scope: null }, - { type: 'language', subtag: 'tiu', prefix: [], scope: null }, - { type: 'language', subtag: 'tiv', prefix: [], scope: null }, - { type: 'language', subtag: 'tiw', prefix: [], scope: null }, - { type: 'language', subtag: 'tix', prefix: [], scope: null }, - { type: 'language', subtag: 'tiy', prefix: [], scope: null }, - { type: 'language', subtag: 'tiz', prefix: [], scope: null }, - { type: 'language', subtag: 'tja', prefix: [], scope: null }, - { type: 'language', subtag: 'tjg', prefix: [], scope: null }, - { type: 'language', subtag: 'tji', prefix: [], scope: null }, - { type: 'language', subtag: 'tjj', prefix: [], scope: null }, - { type: 'language', subtag: 'tjl', prefix: [], scope: null }, - { type: 'language', subtag: 'tjm', prefix: [], scope: null }, - { type: 'language', subtag: 'tjn', prefix: [], scope: null }, - { type: 'language', subtag: 'tjo', prefix: [], scope: null }, - { type: 'language', subtag: 'tjp', prefix: [], scope: null }, - { type: 'language', subtag: 'tjs', prefix: [], scope: null }, - { type: 'language', subtag: 'tju', prefix: [], scope: null }, - { type: 'language', subtag: 'tjw', prefix: [], scope: null }, - { type: 'language', subtag: 'tka', prefix: [], scope: null }, - { type: 'language', subtag: 'tkb', prefix: [], scope: null }, - { type: 'language', subtag: 'tkd', prefix: [], scope: null }, - { type: 'language', subtag: 'tke', prefix: [], scope: null }, - { type: 'language', subtag: 'tkf', prefix: [], scope: null }, - { type: 'language', subtag: 'tkg', prefix: [], scope: null }, - { type: 'language', subtag: 'tkk', prefix: [], scope: null }, - { type: 'language', subtag: 'tkl', prefix: [], scope: null }, - { type: 'language', subtag: 'tkm', prefix: [], scope: null }, - { type: 'language', subtag: 'tkn', prefix: [], scope: null }, - { type: 'language', subtag: 'tkp', prefix: [], scope: null }, - { type: 'language', subtag: 'tkq', prefix: [], scope: null }, - { type: 'language', subtag: 'tkr', prefix: [], scope: null }, - { type: 'language', subtag: 'tks', prefix: [], scope: null }, - { type: 'language', subtag: 'tkt', prefix: [], scope: null }, - { type: 'language', subtag: 'tku', prefix: [], scope: null }, - { type: 'language', subtag: 'tkv', prefix: [], scope: null }, - { type: 'language', subtag: 'tkw', prefix: [], scope: null }, - { type: 'language', subtag: 'tkx', prefix: [], scope: null }, - { type: 'language', subtag: 'tkz', prefix: [], scope: null }, - { type: 'language', subtag: 'tla', prefix: [], scope: null }, - { type: 'language', subtag: 'tlb', prefix: [], scope: null }, - { type: 'language', subtag: 'tlc', prefix: [], scope: null }, - { type: 'language', subtag: 'tld', prefix: [], scope: null }, - { type: 'language', subtag: 'tlf', prefix: [], scope: null }, - { type: 'language', subtag: 'tlg', prefix: [], scope: null }, - { type: 'language', subtag: 'tlh', prefix: [], scope: null }, - { type: 'language', subtag: 'tli', prefix: [], scope: null }, - { type: 'language', subtag: 'tlj', prefix: [], scope: null }, - { type: 'language', subtag: 'tlk', prefix: [], scope: null }, - { type: 'language', subtag: 'tll', prefix: [], scope: null }, - { type: 'language', subtag: 'tlm', prefix: [], scope: null }, - { type: 'language', subtag: 'tln', prefix: [], scope: null }, - { type: 'language', subtag: 'tlo', prefix: [], scope: null }, - { type: 'language', subtag: 'tlp', prefix: [], scope: null }, - { type: 'language', subtag: 'tlq', prefix: [], scope: null }, - { type: 'language', subtag: 'tlr', prefix: [], scope: null }, - { type: 'language', subtag: 'tls', prefix: [], scope: null }, - { type: 'language', subtag: 'tlt', prefix: [], scope: null }, - { type: 'language', subtag: 'tlu', prefix: [], scope: null }, - { type: 'language', subtag: 'tlv', prefix: [], scope: null }, - { type: 'language', subtag: 'tlw', prefix: [], scope: null }, - { type: 'language', subtag: 'tlx', prefix: [], scope: null }, - { type: 'language', subtag: 'tly', prefix: [], scope: null }, - { type: 'language', subtag: 'tma', prefix: [], scope: null }, - { type: 'language', subtag: 'tmb', prefix: [], scope: null }, - { type: 'language', subtag: 'tmc', prefix: [], scope: null }, - { type: 'language', subtag: 'tmd', prefix: [], scope: null }, - { type: 'language', subtag: 'tme', prefix: [], scope: null }, - { type: 'language', subtag: 'tmf', prefix: [], scope: null }, - { type: 'language', subtag: 'tmg', prefix: [], scope: null }, - { type: 'language', subtag: 'tmh', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'tmi', prefix: [], scope: null }, - { type: 'language', subtag: 'tmj', prefix: [], scope: null }, - { type: 'language', subtag: 'tmk', prefix: [], scope: null }, - { type: 'language', subtag: 'tml', prefix: [], scope: null }, - { type: 'language', subtag: 'tmm', prefix: [], scope: null }, - { type: 'language', subtag: 'tmn', prefix: [], scope: null }, - { type: 'language', subtag: 'tmo', prefix: [], scope: null }, - { type: 'language', subtag: 'tmp', prefix: [], scope: null }, - { type: 'language', subtag: 'tmq', prefix: [], scope: null }, - { type: 'language', subtag: 'tmr', prefix: [], scope: null }, - { type: 'language', subtag: 'tms', prefix: [], scope: null }, - { type: 'language', subtag: 'tmt', prefix: [], scope: null }, - { type: 'language', subtag: 'tmu', prefix: [], scope: null }, - { type: 'language', subtag: 'tmv', prefix: [], scope: null }, - { type: 'language', subtag: 'tmw', prefix: [], scope: null }, - { type: 'language', subtag: 'tmy', prefix: [], scope: null }, - { type: 'language', subtag: 'tmz', prefix: [], scope: null }, - { type: 'language', subtag: 'tna', prefix: [], scope: null }, - { type: 'language', subtag: 'tnb', prefix: [], scope: null }, - { type: 'language', subtag: 'tnc', prefix: [], scope: null }, - { type: 'language', subtag: 'tnd', prefix: [], scope: null }, - { type: 'language', subtag: 'tne', prefix: [], scope: null }, - { type: 'language', subtag: 'tnf', prefix: [], scope: null }, - { type: 'language', subtag: 'tng', prefix: [], scope: null }, - { type: 'language', subtag: 'tnh', prefix: [], scope: null }, - { type: 'language', subtag: 'tni', prefix: [], scope: null }, - { type: 'language', subtag: 'tnk', prefix: [], scope: null }, - { type: 'language', subtag: 'tnl', prefix: [], scope: null }, - { type: 'language', subtag: 'tnm', prefix: [], scope: null }, - { type: 'language', subtag: 'tnn', prefix: [], scope: null }, - { type: 'language', subtag: 'tno', prefix: [], scope: null }, - { type: 'language', subtag: 'tnp', prefix: [], scope: null }, - { type: 'language', subtag: 'tnq', prefix: [], scope: null }, - { type: 'language', subtag: 'tnr', prefix: [], scope: null }, - { type: 'language', subtag: 'tns', prefix: [], scope: null }, - { type: 'language', subtag: 'tnt', prefix: [], scope: null }, - { type: 'language', subtag: 'tnu', prefix: [], scope: null }, - { type: 'language', subtag: 'tnv', prefix: [], scope: null }, - { type: 'language', subtag: 'tnw', prefix: [], scope: null }, - { type: 'language', subtag: 'tnx', prefix: [], scope: null }, - { type: 'language', subtag: 'tny', prefix: [], scope: null }, - { type: 'language', subtag: 'tnz', prefix: [], scope: null }, - { type: 'language', subtag: 'tob', prefix: [], scope: null }, - { type: 'language', subtag: 'toc', prefix: [], scope: null }, - { type: 'language', subtag: 'tod', prefix: [], scope: null }, - { type: 'language', subtag: 'toe', prefix: [], scope: null }, - { type: 'language', subtag: 'tof', prefix: [], scope: null }, - { type: 'language', subtag: 'tog', prefix: [], scope: null }, - { type: 'language', subtag: 'toh', prefix: [], scope: null }, - { type: 'language', subtag: 'toi', prefix: [], scope: null }, - { type: 'language', subtag: 'toj', prefix: [], scope: null }, - { type: 'language', subtag: 'tok', prefix: [], scope: null }, - { type: 'language', subtag: 'tol', prefix: [], scope: null }, - { type: 'language', subtag: 'tom', prefix: [], scope: null }, - { type: 'language', subtag: 'too', prefix: [], scope: null }, - { type: 'language', subtag: 'top', prefix: [], scope: null }, - { type: 'language', subtag: 'toq', prefix: [], scope: null }, - { type: 'language', subtag: 'tor', prefix: [], scope: null }, - { type: 'language', subtag: 'tos', prefix: [], scope: null }, - { type: 'language', subtag: 'tou', prefix: [], scope: null }, - { type: 'language', subtag: 'tov', prefix: [], scope: null }, - { type: 'language', subtag: 'tow', prefix: [], scope: null }, - { type: 'language', subtag: 'tox', prefix: [], scope: null }, - { type: 'language', subtag: 'toy', prefix: [], scope: null }, - { type: 'language', subtag: 'toz', prefix: [], scope: null }, - { type: 'language', subtag: 'tpa', prefix: [], scope: null }, - { type: 'language', subtag: 'tpc', prefix: [], scope: null }, - { type: 'language', subtag: 'tpe', prefix: [], scope: null }, - { type: 'language', subtag: 'tpf', prefix: [], scope: null }, - { type: 'language', subtag: 'tpg', prefix: [], scope: null }, - { type: 'language', subtag: 'tpi', prefix: [], scope: null }, - { type: 'language', subtag: 'tpj', prefix: [], scope: null }, - { type: 'language', subtag: 'tpk', prefix: [], scope: null }, - { type: 'language', subtag: 'tpl', prefix: [], scope: null }, - { type: 'language', subtag: 'tpm', prefix: [], scope: null }, - { type: 'language', subtag: 'tpn', prefix: [], scope: null }, - { type: 'language', subtag: 'tpo', prefix: [], scope: null }, - { type: 'language', subtag: 'tpp', prefix: [], scope: null }, - { type: 'language', subtag: 'tpq', prefix: [], scope: null }, - { type: 'language', subtag: 'tpr', prefix: [], scope: null }, - { type: 'language', subtag: 'tpt', prefix: [], scope: null }, - { type: 'language', subtag: 'tpu', prefix: [], scope: null }, - { type: 'language', subtag: 'tpv', prefix: [], scope: null }, - { type: 'language', subtag: 'tpw', prefix: [], scope: null }, - { type: 'language', subtag: 'tpx', prefix: [], scope: null }, - { type: 'language', subtag: 'tpy', prefix: [], scope: null }, - { type: 'language', subtag: 'tpz', prefix: [], scope: null }, - { type: 'language', subtag: 'tqb', prefix: [], scope: null }, - { type: 'language', subtag: 'tql', prefix: [], scope: null }, - { type: 'language', subtag: 'tqm', prefix: [], scope: null }, - { type: 'language', subtag: 'tqn', prefix: [], scope: null }, - { type: 'language', subtag: 'tqo', prefix: [], scope: null }, - { type: 'language', subtag: 'tqp', prefix: [], scope: null }, - { type: 'language', subtag: 'tqq', prefix: [], scope: null }, - { type: 'language', subtag: 'tqr', prefix: [], scope: null }, - { type: 'language', subtag: 'tqt', prefix: [], scope: null }, - { type: 'language', subtag: 'tqu', prefix: [], scope: null }, - { type: 'language', subtag: 'tqw', prefix: [], scope: null }, - { type: 'language', subtag: 'tra', prefix: [], scope: null }, - { type: 'language', subtag: 'trb', prefix: [], scope: null }, - { type: 'language', subtag: 'trc', prefix: [], scope: null }, - { type: 'language', subtag: 'trd', prefix: [], scope: null }, - { type: 'language', subtag: 'tre', prefix: [], scope: null }, - { type: 'language', subtag: 'trf', prefix: [], scope: null }, - { type: 'language', subtag: 'trg', prefix: [], scope: null }, - { type: 'language', subtag: 'trh', prefix: [], scope: null }, - { type: 'language', subtag: 'tri', prefix: [], scope: null }, - { type: 'language', subtag: 'trj', prefix: [], scope: null }, - { type: 'language', subtag: 'trk', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'trl', prefix: [], scope: null }, - { type: 'language', subtag: 'trm', prefix: [], scope: null }, - { type: 'language', subtag: 'trn', prefix: [], scope: null }, - { type: 'language', subtag: 'tro', prefix: [], scope: null }, - { type: 'language', subtag: 'trp', prefix: [], scope: null }, - { type: 'language', subtag: 'trq', prefix: [], scope: null }, - { type: 'language', subtag: 'trr', prefix: [], scope: null }, - { type: 'language', subtag: 'trs', prefix: [], scope: null }, - { type: 'language', subtag: 'trt', prefix: [], scope: null }, - { type: 'language', subtag: 'tru', prefix: [], scope: null }, - { type: 'language', subtag: 'trv', prefix: [], scope: null }, - { type: 'language', subtag: 'trw', prefix: [], scope: null }, - { type: 'language', subtag: 'trx', prefix: [], scope: null }, - { type: 'language', subtag: 'try', prefix: [], scope: null }, - { type: 'language', subtag: 'trz', prefix: [], scope: null }, - { type: 'language', subtag: 'tsa', prefix: [], scope: null }, - { type: 'language', subtag: 'tsb', prefix: [], scope: null }, - { type: 'language', subtag: 'tsc', prefix: [], scope: null }, - { type: 'language', subtag: 'tsd', prefix: [], scope: null }, - { type: 'language', subtag: 'tse', prefix: [], scope: null }, - { type: 'language', subtag: 'tsf', prefix: [], scope: null }, - { type: 'language', subtag: 'tsg', prefix: [], scope: null }, - { type: 'language', subtag: 'tsh', prefix: [], scope: null }, - { type: 'language', subtag: 'tsi', prefix: [], scope: null }, - { type: 'language', subtag: 'tsj', prefix: [], scope: null }, - { type: 'language', subtag: 'tsk', prefix: [], scope: null }, - { type: 'language', subtag: 'tsl', prefix: [], scope: null }, - { type: 'language', subtag: 'tsm', prefix: [], scope: null }, - { type: 'language', subtag: 'tsp', prefix: [], scope: null }, - { type: 'language', subtag: 'tsq', prefix: [], scope: null }, - { type: 'language', subtag: 'tsr', prefix: [], scope: null }, - { type: 'language', subtag: 'tss', prefix: [], scope: null }, - { type: 'language', subtag: 'tst', prefix: [], scope: null }, - { type: 'language', subtag: 'tsu', prefix: [], scope: null }, - { type: 'language', subtag: 'tsv', prefix: [], scope: null }, - { type: 'language', subtag: 'tsw', prefix: [], scope: null }, - { type: 'language', subtag: 'tsx', prefix: [], scope: null }, - { type: 'language', subtag: 'tsy', prefix: [], scope: null }, - { type: 'language', subtag: 'tsz', prefix: [], scope: null }, - { type: 'language', subtag: 'tta', prefix: [], scope: null }, - { type: 'language', subtag: 'ttb', prefix: [], scope: null }, - { type: 'language', subtag: 'ttc', prefix: [], scope: null }, - { type: 'language', subtag: 'ttd', prefix: [], scope: null }, - { type: 'language', subtag: 'tte', prefix: [], scope: null }, - { type: 'language', subtag: 'ttf', prefix: [], scope: null }, - { type: 'language', subtag: 'ttg', prefix: [], scope: null }, - { type: 'language', subtag: 'tth', prefix: [], scope: null }, - { type: 'language', subtag: 'tti', prefix: [], scope: null }, - { type: 'language', subtag: 'ttj', prefix: [], scope: null }, - { type: 'language', subtag: 'ttk', prefix: [], scope: null }, - { type: 'language', subtag: 'ttl', prefix: [], scope: null }, - { type: 'language', subtag: 'ttm', prefix: [], scope: null }, - { type: 'language', subtag: 'ttn', prefix: [], scope: null }, - { type: 'language', subtag: 'tto', prefix: [], scope: null }, - { type: 'language', subtag: 'ttp', prefix: [], scope: null }, - { type: 'language', subtag: 'ttq', prefix: [], scope: null }, - { type: 'language', subtag: 'ttr', prefix: [], scope: null }, - { type: 'language', subtag: 'tts', prefix: [], scope: null }, - { type: 'language', subtag: 'ttt', prefix: [], scope: null }, - { type: 'language', subtag: 'ttu', prefix: [], scope: null }, - { type: 'language', subtag: 'ttv', prefix: [], scope: null }, - { type: 'language', subtag: 'ttw', prefix: [], scope: null }, - { type: 'language', subtag: 'tty', prefix: [], scope: null }, - { type: 'language', subtag: 'ttz', prefix: [], scope: null }, - { type: 'language', subtag: 'tua', prefix: [], scope: null }, - { type: 'language', subtag: 'tub', prefix: [], scope: null }, - { type: 'language', subtag: 'tuc', prefix: [], scope: null }, - { type: 'language', subtag: 'tud', prefix: [], scope: null }, - { type: 'language', subtag: 'tue', prefix: [], scope: null }, - { type: 'language', subtag: 'tuf', prefix: [], scope: null }, - { type: 'language', subtag: 'tug', prefix: [], scope: null }, - { type: 'language', subtag: 'tuh', prefix: [], scope: null }, - { type: 'language', subtag: 'tui', prefix: [], scope: null }, - { type: 'language', subtag: 'tuj', prefix: [], scope: null }, - { type: 'language', subtag: 'tul', prefix: [], scope: null }, - { type: 'language', subtag: 'tum', prefix: [], scope: null }, - { type: 'language', subtag: 'tun', prefix: [], scope: null }, - { type: 'language', subtag: 'tuo', prefix: [], scope: null }, - { type: 'language', subtag: 'tup', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'tuq', prefix: [], scope: null }, - { type: 'language', subtag: 'tus', prefix: [], scope: null }, - { type: 'language', subtag: 'tut', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'tuu', prefix: [], scope: null }, - { type: 'language', subtag: 'tuv', prefix: [], scope: null }, - { type: 'language', subtag: 'tuw', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'tux', prefix: [], scope: null }, - { type: 'language', subtag: 'tuy', prefix: [], scope: null }, - { type: 'language', subtag: 'tuz', prefix: [], scope: null }, - { type: 'language', subtag: 'tva', prefix: [], scope: null }, - { type: 'language', subtag: 'tvd', prefix: [], scope: null }, - { type: 'language', subtag: 'tve', prefix: [], scope: null }, - { type: 'language', subtag: 'tvk', prefix: [], scope: null }, - { type: 'language', subtag: 'tvl', prefix: [], scope: null }, - { type: 'language', subtag: 'tvm', prefix: [], scope: null }, - { type: 'language', subtag: 'tvn', prefix: [], scope: null }, - { type: 'language', subtag: 'tvo', prefix: [], scope: null }, - { type: 'language', subtag: 'tvs', prefix: [], scope: null }, - { type: 'language', subtag: 'tvt', prefix: [], scope: null }, - { type: 'language', subtag: 'tvu', prefix: [], scope: null }, - { type: 'language', subtag: 'tvw', prefix: [], scope: null }, - { type: 'language', subtag: 'tvx', prefix: [], scope: null }, - { type: 'language', subtag: 'tvy', prefix: [], scope: null }, - { type: 'language', subtag: 'twa', prefix: [], scope: null }, - { type: 'language', subtag: 'twb', prefix: [], scope: null }, - { type: 'language', subtag: 'twc', prefix: [], scope: null }, - { type: 'language', subtag: 'twd', prefix: [], scope: null }, - { type: 'language', subtag: 'twe', prefix: [], scope: null }, - { type: 'language', subtag: 'twf', prefix: [], scope: null }, - { type: 'language', subtag: 'twg', prefix: [], scope: null }, - { type: 'language', subtag: 'twh', prefix: [], scope: null }, - { type: 'language', subtag: 'twl', prefix: [], scope: null }, - { type: 'language', subtag: 'twm', prefix: [], scope: null }, - { type: 'language', subtag: 'twn', prefix: [], scope: null }, - { type: 'language', subtag: 'two', prefix: [], scope: null }, - { type: 'language', subtag: 'twp', prefix: [], scope: null }, - { type: 'language', subtag: 'twq', prefix: [], scope: null }, - { type: 'language', subtag: 'twr', prefix: [], scope: null }, - { type: 'language', subtag: 'twt', prefix: [], scope: null }, - { type: 'language', subtag: 'twu', prefix: [], scope: null }, - { type: 'language', subtag: 'tww', prefix: [], scope: null }, - { type: 'language', subtag: 'twx', prefix: [], scope: null }, - { type: 'language', subtag: 'twy', prefix: [], scope: null }, - { type: 'language', subtag: 'txa', prefix: [], scope: null }, - { type: 'language', subtag: 'txb', prefix: [], scope: null }, - { type: 'language', subtag: 'txc', prefix: [], scope: null }, - { type: 'language', subtag: 'txe', prefix: [], scope: null }, - { type: 'language', subtag: 'txg', prefix: [], scope: null }, - { type: 'language', subtag: 'txh', prefix: [], scope: null }, - { type: 'language', subtag: 'txi', prefix: [], scope: null }, - { type: 'language', subtag: 'txj', prefix: [], scope: null }, - { type: 'language', subtag: 'txm', prefix: [], scope: null }, - { type: 'language', subtag: 'txn', prefix: [], scope: null }, - { type: 'language', subtag: 'txo', prefix: [], scope: null }, - { type: 'language', subtag: 'txq', prefix: [], scope: null }, - { type: 'language', subtag: 'txr', prefix: [], scope: null }, - { type: 'language', subtag: 'txs', prefix: [], scope: null }, - { type: 'language', subtag: 'txt', prefix: [], scope: null }, - { type: 'language', subtag: 'txu', prefix: [], scope: null }, - { type: 'language', subtag: 'txx', prefix: [], scope: null }, - { type: 'language', subtag: 'txy', prefix: [], scope: null }, - { type: 'language', subtag: 'tya', prefix: [], scope: null }, - { type: 'language', subtag: 'tye', prefix: [], scope: null }, - { type: 'language', subtag: 'tyh', prefix: [], scope: null }, - { type: 'language', subtag: 'tyi', prefix: [], scope: null }, - { type: 'language', subtag: 'tyj', prefix: [], scope: null }, - { type: 'language', subtag: 'tyl', prefix: [], scope: null }, - { type: 'language', subtag: 'tyn', prefix: [], scope: null }, - { type: 'language', subtag: 'typ', prefix: [], scope: null }, - { type: 'language', subtag: 'tyr', prefix: [], scope: null }, - { type: 'language', subtag: 'tys', prefix: [], scope: null }, - { type: 'language', subtag: 'tyt', prefix: [], scope: null }, - { type: 'language', subtag: 'tyu', prefix: [], scope: null }, - { type: 'language', subtag: 'tyv', prefix: [], scope: null }, - { type: 'language', subtag: 'tyx', prefix: [], scope: null }, - { type: 'language', subtag: 'tyy', prefix: [], scope: null }, - { type: 'language', subtag: 'tyz', prefix: [], scope: null }, - { type: 'language', subtag: 'tza', prefix: [], scope: null }, - { type: 'language', subtag: 'tzh', prefix: [], scope: null }, - { type: 'language', subtag: 'tzj', prefix: [], scope: null }, - { type: 'language', subtag: 'tzl', prefix: [], scope: null }, - { type: 'language', subtag: 'tzm', prefix: [], scope: null }, - { type: 'language', subtag: 'tzn', prefix: [], scope: null }, - { type: 'language', subtag: 'tzo', prefix: [], scope: null }, - { type: 'language', subtag: 'tzx', prefix: [], scope: null }, - { type: 'language', subtag: 'uam', prefix: [], scope: null }, - { type: 'language', subtag: 'uan', prefix: [], scope: null }, - { type: 'language', subtag: 'uar', prefix: [], scope: null }, - { type: 'language', subtag: 'uba', prefix: [], scope: null }, - { type: 'language', subtag: 'ubi', prefix: [], scope: null }, - { type: 'language', subtag: 'ubl', prefix: [], scope: null }, - { type: 'language', subtag: 'ubr', prefix: [], scope: null }, - { type: 'language', subtag: 'ubu', prefix: [], scope: null }, - { type: 'language', subtag: 'uby', prefix: [], scope: null }, - { type: 'language', subtag: 'uda', prefix: [], scope: null }, - { type: 'language', subtag: 'ude', prefix: [], scope: null }, - { type: 'language', subtag: 'udg', prefix: [], scope: null }, - { type: 'language', subtag: 'udi', prefix: [], scope: null }, - { type: 'language', subtag: 'udj', prefix: [], scope: null }, - { type: 'language', subtag: 'udl', prefix: [], scope: null }, - { type: 'language', subtag: 'udm', prefix: [], scope: null }, - { type: 'language', subtag: 'udu', prefix: [], scope: null }, - { type: 'language', subtag: 'ues', prefix: [], scope: null }, - { type: 'language', subtag: 'ufi', prefix: [], scope: null }, - { type: 'language', subtag: 'uga', prefix: [], scope: null }, - { type: 'language', subtag: 'ugb', prefix: [], scope: null }, - { type: 'language', subtag: 'uge', prefix: [], scope: null }, - { type: 'language', subtag: 'ugh', prefix: [], scope: null }, - { type: 'language', subtag: 'ugn', prefix: [], scope: null }, - { type: 'language', subtag: 'ugo', prefix: [], scope: null }, - { type: 'language', subtag: 'ugy', prefix: [], scope: null }, - { type: 'language', subtag: 'uha', prefix: [], scope: null }, - { type: 'language', subtag: 'uhn', prefix: [], scope: null }, - { type: 'language', subtag: 'uis', prefix: [], scope: null }, - { type: 'language', subtag: 'uiv', prefix: [], scope: null }, - { type: 'language', subtag: 'uji', prefix: [], scope: null }, - { type: 'language', subtag: 'uka', prefix: [], scope: null }, - { type: 'language', subtag: 'ukg', prefix: [], scope: null }, - { type: 'language', subtag: 'ukh', prefix: [], scope: null }, - { type: 'language', subtag: 'uki', prefix: [], scope: null }, - { type: 'language', subtag: 'ukk', prefix: [], scope: null }, - { type: 'language', subtag: 'ukl', prefix: [], scope: null }, - { type: 'language', subtag: 'ukp', prefix: [], scope: null }, - { type: 'language', subtag: 'ukq', prefix: [], scope: null }, - { type: 'language', subtag: 'uks', prefix: [], scope: null }, - { type: 'language', subtag: 'uku', prefix: [], scope: null }, - { type: 'language', subtag: 'ukv', prefix: [], scope: null }, - { type: 'language', subtag: 'ukw', prefix: [], scope: null }, - { type: 'language', subtag: 'uky', prefix: [], scope: null }, - { type: 'language', subtag: 'ula', prefix: [], scope: null }, - { type: 'language', subtag: 'ulb', prefix: [], scope: null }, - { type: 'language', subtag: 'ulc', prefix: [], scope: null }, - { type: 'language', subtag: 'ule', prefix: [], scope: null }, - { type: 'language', subtag: 'ulf', prefix: [], scope: null }, - { type: 'language', subtag: 'uli', prefix: [], scope: null }, - { type: 'language', subtag: 'ulk', prefix: [], scope: null }, - { type: 'language', subtag: 'ull', prefix: [], scope: null }, - { type: 'language', subtag: 'ulm', prefix: [], scope: null }, - { type: 'language', subtag: 'uln', prefix: [], scope: null }, - { type: 'language', subtag: 'ulu', prefix: [], scope: null }, - { type: 'language', subtag: 'ulw', prefix: [], scope: null }, - { type: 'language', subtag: 'uma', prefix: [], scope: null }, - { type: 'language', subtag: 'umb', prefix: [], scope: null }, - { type: 'language', subtag: 'umc', prefix: [], scope: null }, - { type: 'language', subtag: 'umd', prefix: [], scope: null }, - { type: 'language', subtag: 'umg', prefix: [], scope: null }, - { type: 'language', subtag: 'umi', prefix: [], scope: null }, - { type: 'language', subtag: 'umm', prefix: [], scope: null }, - { type: 'language', subtag: 'umn', prefix: [], scope: null }, - { type: 'language', subtag: 'umo', prefix: [], scope: null }, - { type: 'language', subtag: 'ump', prefix: [], scope: null }, - { type: 'language', subtag: 'umr', prefix: [], scope: null }, - { type: 'language', subtag: 'ums', prefix: [], scope: null }, - { type: 'language', subtag: 'umu', prefix: [], scope: null }, - { type: 'language', subtag: 'una', prefix: [], scope: null }, - { type: 'language', subtag: 'und', prefix: [], scope: 'special' }, - { type: 'language', subtag: 'une', prefix: [], scope: null }, - { type: 'language', subtag: 'ung', prefix: [], scope: null }, - { type: 'language', subtag: 'uni', prefix: [], scope: null }, - { type: 'language', subtag: 'unk', prefix: [], scope: null }, - { type: 'language', subtag: 'unm', prefix: [], scope: null }, - { type: 'language', subtag: 'unn', prefix: [], scope: null }, - { type: 'language', subtag: 'unp', prefix: [], scope: null }, - { type: 'language', subtag: 'unr', prefix: [], scope: null }, - { type: 'language', subtag: 'unu', prefix: [], scope: null }, - { type: 'language', subtag: 'unx', prefix: [], scope: null }, - { type: 'language', subtag: 'unz', prefix: [], scope: null }, - { type: 'language', subtag: 'uok', prefix: [], scope: null }, - { type: 'language', subtag: 'uon', prefix: [], scope: null }, - { type: 'language', subtag: 'upi', prefix: [], scope: null }, - { type: 'language', subtag: 'upv', prefix: [], scope: null }, - { type: 'language', subtag: 'ura', prefix: [], scope: null }, - { type: 'language', subtag: 'urb', prefix: [], scope: null }, - { type: 'language', subtag: 'urc', prefix: [], scope: null }, - { type: 'language', subtag: 'ure', prefix: [], scope: null }, - { type: 'language', subtag: 'urf', prefix: [], scope: null }, - { type: 'language', subtag: 'urg', prefix: [], scope: null }, - { type: 'language', subtag: 'urh', prefix: [], scope: null }, - { type: 'language', subtag: 'uri', prefix: [], scope: null }, - { type: 'language', subtag: 'urj', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'urk', prefix: [], scope: null }, - { type: 'language', subtag: 'url', prefix: [], scope: null }, - { type: 'language', subtag: 'urm', prefix: [], scope: null }, - { type: 'language', subtag: 'urn', prefix: [], scope: null }, - { type: 'language', subtag: 'uro', prefix: [], scope: null }, - { type: 'language', subtag: 'urp', prefix: [], scope: null }, - { type: 'language', subtag: 'urr', prefix: [], scope: null }, - { type: 'language', subtag: 'urt', prefix: [], scope: null }, - { type: 'language', subtag: 'uru', prefix: [], scope: null }, - { type: 'language', subtag: 'urv', prefix: [], scope: null }, - { type: 'language', subtag: 'urw', prefix: [], scope: null }, - { type: 'language', subtag: 'urx', prefix: [], scope: null }, - { type: 'language', subtag: 'ury', prefix: [], scope: null }, - { type: 'language', subtag: 'urz', prefix: [], scope: null }, - { type: 'language', subtag: 'usa', prefix: [], scope: null }, - { type: 'language', subtag: 'ush', prefix: [], scope: null }, - { type: 'language', subtag: 'usi', prefix: [], scope: null }, - { type: 'language', subtag: 'usk', prefix: [], scope: null }, - { type: 'language', subtag: 'usp', prefix: [], scope: null }, - { type: 'language', subtag: 'uss', prefix: [], scope: null }, - { type: 'language', subtag: 'usu', prefix: [], scope: null }, - { type: 'language', subtag: 'uta', prefix: [], scope: null }, - { type: 'language', subtag: 'ute', prefix: [], scope: null }, - { type: 'language', subtag: 'uth', prefix: [], scope: null }, - { type: 'language', subtag: 'utp', prefix: [], scope: null }, - { type: 'language', subtag: 'utr', prefix: [], scope: null }, - { type: 'language', subtag: 'utu', prefix: [], scope: null }, - { type: 'language', subtag: 'uum', prefix: [], scope: null }, - { type: 'language', subtag: 'uun', prefix: [], scope: null }, - { type: 'language', subtag: 'uur', prefix: [], scope: null }, - { type: 'language', subtag: 'uuu', prefix: [], scope: null }, - { type: 'language', subtag: 'uve', prefix: [], scope: null }, - { type: 'language', subtag: 'uvh', prefix: [], scope: null }, - { type: 'language', subtag: 'uvl', prefix: [], scope: null }, - { type: 'language', subtag: 'uwa', prefix: [], scope: null }, - { type: 'language', subtag: 'uya', prefix: [], scope: null }, - { type: 'language', subtag: 'uzn', prefix: [], scope: null }, - { type: 'language', subtag: 'uzs', prefix: [], scope: null }, - { type: 'language', subtag: 'vaa', prefix: [], scope: null }, - { type: 'language', subtag: 'vae', prefix: [], scope: null }, - { type: 'language', subtag: 'vaf', prefix: [], scope: null }, - { type: 'language', subtag: 'vag', prefix: [], scope: null }, - { type: 'language', subtag: 'vah', prefix: [], scope: null }, - { type: 'language', subtag: 'vai', prefix: [], scope: null }, - { type: 'language', subtag: 'vaj', prefix: [], scope: null }, - { type: 'language', subtag: 'val', prefix: [], scope: null }, - { type: 'language', subtag: 'vam', prefix: [], scope: null }, - { type: 'language', subtag: 'van', prefix: [], scope: null }, - { type: 'language', subtag: 'vao', prefix: [], scope: null }, - { type: 'language', subtag: 'vap', prefix: [], scope: null }, - { type: 'language', subtag: 'var', prefix: [], scope: null }, - { type: 'language', subtag: 'vas', prefix: [], scope: null }, - { type: 'language', subtag: 'vau', prefix: [], scope: null }, - { type: 'language', subtag: 'vav', prefix: [], scope: null }, - { type: 'language', subtag: 'vay', prefix: [], scope: null }, - { type: 'language', subtag: 'vbb', prefix: [], scope: null }, - { type: 'language', subtag: 'vbk', prefix: [], scope: null }, - { type: 'language', subtag: 'vec', prefix: [], scope: null }, - { type: 'language', subtag: 'ved', prefix: [], scope: null }, - { type: 'language', subtag: 'vel', prefix: [], scope: null }, - { type: 'language', subtag: 'vem', prefix: [], scope: null }, - { type: 'language', subtag: 'veo', prefix: [], scope: null }, - { type: 'language', subtag: 'vep', prefix: [], scope: null }, - { type: 'language', subtag: 'ver', prefix: [], scope: null }, - { type: 'language', subtag: 'vgr', prefix: [], scope: null }, - { type: 'language', subtag: 'vgt', prefix: [], scope: null }, - { type: 'language', subtag: 'vic', prefix: [], scope: null }, - { type: 'language', subtag: 'vid', prefix: [], scope: null }, - { type: 'language', subtag: 'vif', prefix: [], scope: null }, - { type: 'language', subtag: 'vig', prefix: [], scope: null }, - { type: 'language', subtag: 'vil', prefix: [], scope: null }, - { type: 'language', subtag: 'vin', prefix: [], scope: null }, - { type: 'language', subtag: 'vis', prefix: [], scope: null }, - { type: 'language', subtag: 'vit', prefix: [], scope: null }, - { type: 'language', subtag: 'viv', prefix: [], scope: null }, - { type: 'language', subtag: 'vka', prefix: [], scope: null }, - { type: 'language', subtag: 'vki', prefix: [], scope: null }, - { type: 'language', subtag: 'vkj', prefix: [], scope: null }, - { type: 'language', subtag: 'vkk', prefix: [], scope: null }, - { type: 'language', subtag: 'vkl', prefix: [], scope: null }, - { type: 'language', subtag: 'vkm', prefix: [], scope: null }, - { type: 'language', subtag: 'vkn', prefix: [], scope: null }, - { type: 'language', subtag: 'vko', prefix: [], scope: null }, - { type: 'language', subtag: 'vkp', prefix: [], scope: null }, - { type: 'language', subtag: 'vkt', prefix: [], scope: null }, - { type: 'language', subtag: 'vku', prefix: [], scope: null }, - { type: 'language', subtag: 'vkz', prefix: [], scope: null }, - { type: 'language', subtag: 'vlp', prefix: [], scope: null }, - { type: 'language', subtag: 'vls', prefix: [], scope: null }, - { type: 'language', subtag: 'vma', prefix: [], scope: null }, - { type: 'language', subtag: 'vmb', prefix: [], scope: null }, - { type: 'language', subtag: 'vmc', prefix: [], scope: null }, - { type: 'language', subtag: 'vmd', prefix: [], scope: null }, - { type: 'language', subtag: 'vme', prefix: [], scope: null }, - { type: 'language', subtag: 'vmf', prefix: [], scope: null }, - { type: 'language', subtag: 'vmg', prefix: [], scope: null }, - { type: 'language', subtag: 'vmh', prefix: [], scope: null }, - { type: 'language', subtag: 'vmi', prefix: [], scope: null }, - { type: 'language', subtag: 'vmj', prefix: [], scope: null }, - { type: 'language', subtag: 'vmk', prefix: [], scope: null }, - { type: 'language', subtag: 'vml', prefix: [], scope: null }, - { type: 'language', subtag: 'vmm', prefix: [], scope: null }, - { type: 'language', subtag: 'vmp', prefix: [], scope: null }, - { type: 'language', subtag: 'vmq', prefix: [], scope: null }, - { type: 'language', subtag: 'vmr', prefix: [], scope: null }, - { type: 'language', subtag: 'vms', prefix: [], scope: null }, - { type: 'language', subtag: 'vmu', prefix: [], scope: null }, - { type: 'language', subtag: 'vmv', prefix: [], scope: null }, - { type: 'language', subtag: 'vmw', prefix: [], scope: null }, - { type: 'language', subtag: 'vmx', prefix: [], scope: null }, - { type: 'language', subtag: 'vmy', prefix: [], scope: null }, - { type: 'language', subtag: 'vmz', prefix: [], scope: null }, - { type: 'language', subtag: 'vnk', prefix: [], scope: null }, - { type: 'language', subtag: 'vnm', prefix: [], scope: null }, - { type: 'language', subtag: 'vnp', prefix: [], scope: null }, - { type: 'language', subtag: 'vor', prefix: [], scope: null }, - { type: 'language', subtag: 'vot', prefix: [], scope: null }, - { type: 'language', subtag: 'vra', prefix: [], scope: null }, - { type: 'language', subtag: 'vro', prefix: [], scope: null }, - { type: 'language', subtag: 'vrs', prefix: [], scope: null }, - { type: 'language', subtag: 'vrt', prefix: [], scope: null }, - { type: 'language', subtag: 'vsi', prefix: [], scope: null }, - { type: 'language', subtag: 'vsl', prefix: [], scope: null }, - { type: 'language', subtag: 'vsv', prefix: [], scope: null }, - { type: 'language', subtag: 'vto', prefix: [], scope: null }, - { type: 'language', subtag: 'vum', prefix: [], scope: null }, - { type: 'language', subtag: 'vun', prefix: [], scope: null }, - { type: 'language', subtag: 'vut', prefix: [], scope: null }, - { type: 'language', subtag: 'vwa', prefix: [], scope: null }, - { type: 'language', subtag: 'waa', prefix: [], scope: null }, - { type: 'language', subtag: 'wab', prefix: [], scope: null }, - { type: 'language', subtag: 'wac', prefix: [], scope: null }, - { type: 'language', subtag: 'wad', prefix: [], scope: null }, - { type: 'language', subtag: 'wae', prefix: [], scope: null }, - { type: 'language', subtag: 'waf', prefix: [], scope: null }, - { type: 'language', subtag: 'wag', prefix: [], scope: null }, - { type: 'language', subtag: 'wah', prefix: [], scope: null }, - { type: 'language', subtag: 'wai', prefix: [], scope: null }, - { type: 'language', subtag: 'waj', prefix: [], scope: null }, - { type: 'language', subtag: 'wak', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'wal', prefix: [], scope: null }, - { type: 'language', subtag: 'wam', prefix: [], scope: null }, - { type: 'language', subtag: 'wan', prefix: [], scope: null }, - { type: 'language', subtag: 'wao', prefix: [], scope: null }, - { type: 'language', subtag: 'wap', prefix: [], scope: null }, - { type: 'language', subtag: 'waq', prefix: [], scope: null }, - { type: 'language', subtag: 'war', prefix: [], scope: null }, - { type: 'language', subtag: 'was', prefix: [], scope: null }, - { type: 'language', subtag: 'wat', prefix: [], scope: null }, - { type: 'language', subtag: 'wau', prefix: [], scope: null }, - { type: 'language', subtag: 'wav', prefix: [], scope: null }, - { type: 'language', subtag: 'waw', prefix: [], scope: null }, - { type: 'language', subtag: 'wax', prefix: [], scope: null }, - { type: 'language', subtag: 'way', prefix: [], scope: null }, - { type: 'language', subtag: 'waz', prefix: [], scope: null }, - { type: 'language', subtag: 'wba', prefix: [], scope: null }, - { type: 'language', subtag: 'wbb', prefix: [], scope: null }, - { type: 'language', subtag: 'wbe', prefix: [], scope: null }, - { type: 'language', subtag: 'wbf', prefix: [], scope: null }, - { type: 'language', subtag: 'wbh', prefix: [], scope: null }, - { type: 'language', subtag: 'wbi', prefix: [], scope: null }, - { type: 'language', subtag: 'wbj', prefix: [], scope: null }, - { type: 'language', subtag: 'wbk', prefix: [], scope: null }, - { type: 'language', subtag: 'wbl', prefix: [], scope: null }, - { type: 'language', subtag: 'wbm', prefix: [], scope: null }, - { type: 'language', subtag: 'wbp', prefix: [], scope: null }, - { type: 'language', subtag: 'wbq', prefix: [], scope: null }, - { type: 'language', subtag: 'wbr', prefix: [], scope: null }, - { type: 'language', subtag: 'wbs', prefix: [], scope: null }, - { type: 'language', subtag: 'wbt', prefix: [], scope: null }, - { type: 'language', subtag: 'wbv', prefix: [], scope: null }, - { type: 'language', subtag: 'wbw', prefix: [], scope: null }, - { type: 'language', subtag: 'wca', prefix: [], scope: null }, - { type: 'language', subtag: 'wci', prefix: [], scope: null }, - { type: 'language', subtag: 'wdd', prefix: [], scope: null }, - { type: 'language', subtag: 'wdg', prefix: [], scope: null }, - { type: 'language', subtag: 'wdj', prefix: [], scope: null }, - { type: 'language', subtag: 'wdk', prefix: [], scope: null }, - { type: 'language', subtag: 'wdt', prefix: [], scope: null }, - { type: 'language', subtag: 'wdu', prefix: [], scope: null }, - { type: 'language', subtag: 'wdy', prefix: [], scope: null }, - { type: 'language', subtag: 'wea', prefix: [], scope: null }, - { type: 'language', subtag: 'wec', prefix: [], scope: null }, - { type: 'language', subtag: 'wed', prefix: [], scope: null }, - { type: 'language', subtag: 'weg', prefix: [], scope: null }, - { type: 'language', subtag: 'weh', prefix: [], scope: null }, - { type: 'language', subtag: 'wei', prefix: [], scope: null }, - { type: 'language', subtag: 'wem', prefix: [], scope: null }, - { type: 'language', subtag: 'wen', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'weo', prefix: [], scope: null }, - { type: 'language', subtag: 'wep', prefix: [], scope: null }, - { type: 'language', subtag: 'wer', prefix: [], scope: null }, - { type: 'language', subtag: 'wes', prefix: [], scope: null }, - { type: 'language', subtag: 'wet', prefix: [], scope: null }, - { type: 'language', subtag: 'weu', prefix: [], scope: null }, - { type: 'language', subtag: 'wew', prefix: [], scope: null }, - { type: 'language', subtag: 'wfg', prefix: [], scope: null }, - { type: 'language', subtag: 'wga', prefix: [], scope: null }, - { type: 'language', subtag: 'wgb', prefix: [], scope: null }, - { type: 'language', subtag: 'wgg', prefix: [], scope: null }, - { type: 'language', subtag: 'wgi', prefix: [], scope: null }, - { type: 'language', subtag: 'wgo', prefix: [], scope: null }, - { type: 'language', subtag: 'wgu', prefix: [], scope: null }, - { type: 'language', subtag: 'wgw', prefix: [], scope: null }, - { type: 'language', subtag: 'wgy', prefix: [], scope: null }, - { type: 'language', subtag: 'wha', prefix: [], scope: null }, - { type: 'language', subtag: 'whg', prefix: [], scope: null }, - { type: 'language', subtag: 'whk', prefix: [], scope: null }, - { type: 'language', subtag: 'whu', prefix: [], scope: null }, - { type: 'language', subtag: 'wib', prefix: [], scope: null }, - { type: 'language', subtag: 'wic', prefix: [], scope: null }, - { type: 'language', subtag: 'wie', prefix: [], scope: null }, - { type: 'language', subtag: 'wif', prefix: [], scope: null }, - { type: 'language', subtag: 'wig', prefix: [], scope: null }, - { type: 'language', subtag: 'wih', prefix: [], scope: null }, - { type: 'language', subtag: 'wii', prefix: [], scope: null }, - { type: 'language', subtag: 'wij', prefix: [], scope: null }, - { type: 'language', subtag: 'wik', prefix: [], scope: null }, - { type: 'language', subtag: 'wil', prefix: [], scope: null }, - { type: 'language', subtag: 'wim', prefix: [], scope: null }, - { type: 'language', subtag: 'win', prefix: [], scope: null }, - { type: 'language', subtag: 'wir', prefix: [], scope: null }, - { type: 'language', subtag: 'wit', prefix: [], scope: null }, - { type: 'language', subtag: 'wiu', prefix: [], scope: null }, - { type: 'language', subtag: 'wiv', prefix: [], scope: null }, - { type: 'language', subtag: 'wiw', prefix: [], scope: null }, - { type: 'language', subtag: 'wiy', prefix: [], scope: null }, - { type: 'language', subtag: 'wja', prefix: [], scope: null }, - { type: 'language', subtag: 'wji', prefix: [], scope: null }, - { type: 'language', subtag: 'wka', prefix: [], scope: null }, - { type: 'language', subtag: 'wkb', prefix: [], scope: null }, - { type: 'language', subtag: 'wkd', prefix: [], scope: null }, - { type: 'language', subtag: 'wkl', prefix: [], scope: null }, - { type: 'language', subtag: 'wkr', prefix: [], scope: null }, - { type: 'language', subtag: 'wku', prefix: [], scope: null }, - { type: 'language', subtag: 'wkw', prefix: [], scope: null }, - { type: 'language', subtag: 'wky', prefix: [], scope: null }, - { type: 'language', subtag: 'wla', prefix: [], scope: null }, - { type: 'language', subtag: 'wlc', prefix: [], scope: null }, - { type: 'language', subtag: 'wle', prefix: [], scope: null }, - { type: 'language', subtag: 'wlg', prefix: [], scope: null }, - { type: 'language', subtag: 'wlh', prefix: [], scope: null }, - { type: 'language', subtag: 'wli', prefix: [], scope: null }, - { type: 'language', subtag: 'wlk', prefix: [], scope: null }, - { type: 'language', subtag: 'wll', prefix: [], scope: null }, - { type: 'language', subtag: 'wlm', prefix: [], scope: null }, - { type: 'language', subtag: 'wlo', prefix: [], scope: null }, - { type: 'language', subtag: 'wlr', prefix: [], scope: null }, - { type: 'language', subtag: 'wls', prefix: [], scope: null }, - { type: 'language', subtag: 'wlu', prefix: [], scope: null }, - { type: 'language', subtag: 'wlv', prefix: [], scope: null }, - { type: 'language', subtag: 'wlw', prefix: [], scope: null }, - { type: 'language', subtag: 'wlx', prefix: [], scope: null }, - { type: 'language', subtag: 'wly', prefix: [], scope: null }, - { type: 'language', subtag: 'wma', prefix: [], scope: null }, - { type: 'language', subtag: 'wmb', prefix: [], scope: null }, - { type: 'language', subtag: 'wmc', prefix: [], scope: null }, - { type: 'language', subtag: 'wmd', prefix: [], scope: null }, - { type: 'language', subtag: 'wme', prefix: [], scope: null }, - { type: 'language', subtag: 'wmg', prefix: [], scope: null }, - { type: 'language', subtag: 'wmh', prefix: [], scope: null }, - { type: 'language', subtag: 'wmi', prefix: [], scope: null }, - { type: 'language', subtag: 'wmm', prefix: [], scope: null }, - { type: 'language', subtag: 'wmn', prefix: [], scope: null }, - { type: 'language', subtag: 'wmo', prefix: [], scope: null }, - { type: 'language', subtag: 'wms', prefix: [], scope: null }, - { type: 'language', subtag: 'wmt', prefix: [], scope: null }, - { type: 'language', subtag: 'wmw', prefix: [], scope: null }, - { type: 'language', subtag: 'wmx', prefix: [], scope: null }, - { type: 'language', subtag: 'wnb', prefix: [], scope: null }, - { type: 'language', subtag: 'wnc', prefix: [], scope: null }, - { type: 'language', subtag: 'wnd', prefix: [], scope: null }, - { type: 'language', subtag: 'wne', prefix: [], scope: null }, - { type: 'language', subtag: 'wng', prefix: [], scope: null }, - { type: 'language', subtag: 'wni', prefix: [], scope: null }, - { type: 'language', subtag: 'wnk', prefix: [], scope: null }, - { type: 'language', subtag: 'wnm', prefix: [], scope: null }, - { type: 'language', subtag: 'wnn', prefix: [], scope: null }, - { type: 'language', subtag: 'wno', prefix: [], scope: null }, - { type: 'language', subtag: 'wnp', prefix: [], scope: null }, - { type: 'language', subtag: 'wnu', prefix: [], scope: null }, - { type: 'language', subtag: 'wnw', prefix: [], scope: null }, - { type: 'language', subtag: 'wny', prefix: [], scope: null }, - { type: 'language', subtag: 'woa', prefix: [], scope: null }, - { type: 'language', subtag: 'wob', prefix: [], scope: null }, - { type: 'language', subtag: 'woc', prefix: [], scope: null }, - { type: 'language', subtag: 'wod', prefix: [], scope: null }, - { type: 'language', subtag: 'woe', prefix: [], scope: null }, - { type: 'language', subtag: 'wof', prefix: [], scope: null }, - { type: 'language', subtag: 'wog', prefix: [], scope: null }, - { type: 'language', subtag: 'woi', prefix: [], scope: null }, - { type: 'language', subtag: 'wok', prefix: [], scope: null }, - { type: 'language', subtag: 'wom', prefix: [], scope: null }, - { type: 'language', subtag: 'won', prefix: [], scope: null }, - { type: 'language', subtag: 'woo', prefix: [], scope: null }, - { type: 'language', subtag: 'wor', prefix: [], scope: null }, - { type: 'language', subtag: 'wos', prefix: [], scope: null }, - { type: 'language', subtag: 'wow', prefix: [], scope: null }, - { type: 'language', subtag: 'woy', prefix: [], scope: null }, - { type: 'language', subtag: 'wpc', prefix: [], scope: null }, - { type: 'language', subtag: 'wra', prefix: [], scope: null }, - { type: 'language', subtag: 'wrb', prefix: [], scope: null }, - { type: 'language', subtag: 'wrd', prefix: [], scope: null }, - { type: 'language', subtag: 'wrg', prefix: [], scope: null }, - { type: 'language', subtag: 'wrh', prefix: [], scope: null }, - { type: 'language', subtag: 'wri', prefix: [], scope: null }, - { type: 'language', subtag: 'wrk', prefix: [], scope: null }, - { type: 'language', subtag: 'wrl', prefix: [], scope: null }, - { type: 'language', subtag: 'wrm', prefix: [], scope: null }, - { type: 'language', subtag: 'wrn', prefix: [], scope: null }, - { type: 'language', subtag: 'wro', prefix: [], scope: null }, - { type: 'language', subtag: 'wrp', prefix: [], scope: null }, - { type: 'language', subtag: 'wrr', prefix: [], scope: null }, - { type: 'language', subtag: 'wrs', prefix: [], scope: null }, - { type: 'language', subtag: 'wru', prefix: [], scope: null }, - { type: 'language', subtag: 'wrv', prefix: [], scope: null }, - { type: 'language', subtag: 'wrw', prefix: [], scope: null }, - { type: 'language', subtag: 'wrx', prefix: [], scope: null }, - { type: 'language', subtag: 'wry', prefix: [], scope: null }, - { type: 'language', subtag: 'wrz', prefix: [], scope: null }, - { type: 'language', subtag: 'wsa', prefix: [], scope: null }, - { type: 'language', subtag: 'wsg', prefix: [], scope: null }, - { type: 'language', subtag: 'wsi', prefix: [], scope: null }, - { type: 'language', subtag: 'wsk', prefix: [], scope: null }, - { type: 'language', subtag: 'wsr', prefix: [], scope: null }, - { type: 'language', subtag: 'wss', prefix: [], scope: null }, - { type: 'language', subtag: 'wsu', prefix: [], scope: null }, - { type: 'language', subtag: 'wsv', prefix: [], scope: null }, - { type: 'language', subtag: 'wtf', prefix: [], scope: null }, - { type: 'language', subtag: 'wth', prefix: [], scope: null }, - { type: 'language', subtag: 'wti', prefix: [], scope: null }, - { type: 'language', subtag: 'wtk', prefix: [], scope: null }, - { type: 'language', subtag: 'wtm', prefix: [], scope: null }, - { type: 'language', subtag: 'wtw', prefix: [], scope: null }, - { type: 'language', subtag: 'wua', prefix: [], scope: null }, - { type: 'language', subtag: 'wub', prefix: [], scope: null }, - { type: 'language', subtag: 'wud', prefix: [], scope: null }, - { type: 'language', subtag: 'wuh', prefix: [], scope: null }, - { type: 'language', subtag: 'wul', prefix: [], scope: null }, - { type: 'language', subtag: 'wum', prefix: [], scope: null }, - { type: 'language', subtag: 'wun', prefix: [], scope: null }, - { type: 'language', subtag: 'wur', prefix: [], scope: null }, - { type: 'language', subtag: 'wut', prefix: [], scope: null }, - { type: 'language', subtag: 'wuu', prefix: [], scope: null }, - { type: 'language', subtag: 'wuv', prefix: [], scope: null }, - { type: 'language', subtag: 'wux', prefix: [], scope: null }, - { type: 'language', subtag: 'wuy', prefix: [], scope: null }, - { type: 'language', subtag: 'wwa', prefix: [], scope: null }, - { type: 'language', subtag: 'wwb', prefix: [], scope: null }, - { type: 'language', subtag: 'wwo', prefix: [], scope: null }, - { type: 'language', subtag: 'wwr', prefix: [], scope: null }, - { type: 'language', subtag: 'www', prefix: [], scope: null }, - { type: 'language', subtag: 'wxa', prefix: [], scope: null }, - { type: 'language', subtag: 'wxw', prefix: [], scope: null }, - { type: 'language', subtag: 'wya', prefix: [], scope: null }, - { type: 'language', subtag: 'wyb', prefix: [], scope: null }, - { type: 'language', subtag: 'wyi', prefix: [], scope: null }, - { type: 'language', subtag: 'wym', prefix: [], scope: null }, - { type: 'language', subtag: 'wyn', prefix: [], scope: null }, - { type: 'language', subtag: 'wyr', prefix: [], scope: null }, - { type: 'language', subtag: 'wyy', prefix: [], scope: null }, - { type: 'language', subtag: 'xaa', prefix: [], scope: null }, - { type: 'language', subtag: 'xab', prefix: [], scope: null }, - { type: 'language', subtag: 'xac', prefix: [], scope: null }, - { type: 'language', subtag: 'xad', prefix: [], scope: null }, - { type: 'language', subtag: 'xae', prefix: [], scope: null }, - { type: 'language', subtag: 'xag', prefix: [], scope: null }, - { type: 'language', subtag: 'xai', prefix: [], scope: null }, - { type: 'language', subtag: 'xaj', prefix: [], scope: null }, - { type: 'language', subtag: 'xak', prefix: [], scope: null }, - { type: 'language', subtag: 'xal', prefix: [], scope: null }, - { type: 'language', subtag: 'xam', prefix: [], scope: null }, - { type: 'language', subtag: 'xan', prefix: [], scope: null }, - { type: 'language', subtag: 'xao', prefix: [], scope: null }, - { type: 'language', subtag: 'xap', prefix: [], scope: null }, - { type: 'language', subtag: 'xaq', prefix: [], scope: null }, - { type: 'language', subtag: 'xar', prefix: [], scope: null }, - { type: 'language', subtag: 'xas', prefix: [], scope: null }, - { type: 'language', subtag: 'xat', prefix: [], scope: null }, - { type: 'language', subtag: 'xau', prefix: [], scope: null }, - { type: 'language', subtag: 'xav', prefix: [], scope: null }, - { type: 'language', subtag: 'xaw', prefix: [], scope: null }, - { type: 'language', subtag: 'xay', prefix: [], scope: null }, - { type: 'language', subtag: 'xba', prefix: [], scope: null }, - { type: 'language', subtag: 'xbb', prefix: [], scope: null }, - { type: 'language', subtag: 'xbc', prefix: [], scope: null }, - { type: 'language', subtag: 'xbd', prefix: [], scope: null }, - { type: 'language', subtag: 'xbe', prefix: [], scope: null }, - { type: 'language', subtag: 'xbg', prefix: [], scope: null }, - { type: 'language', subtag: 'xbi', prefix: [], scope: null }, - { type: 'language', subtag: 'xbj', prefix: [], scope: null }, - { type: 'language', subtag: 'xbm', prefix: [], scope: null }, - { type: 'language', subtag: 'xbn', prefix: [], scope: null }, - { type: 'language', subtag: 'xbo', prefix: [], scope: null }, - { type: 'language', subtag: 'xbp', prefix: [], scope: null }, - { type: 'language', subtag: 'xbr', prefix: [], scope: null }, - { type: 'language', subtag: 'xbw', prefix: [], scope: null }, - { type: 'language', subtag: 'xbx', prefix: [], scope: null }, - { type: 'language', subtag: 'xby', prefix: [], scope: null }, - { type: 'language', subtag: 'xcb', prefix: [], scope: null }, - { type: 'language', subtag: 'xcc', prefix: [], scope: null }, - { type: 'language', subtag: 'xce', prefix: [], scope: null }, - { type: 'language', subtag: 'xcg', prefix: [], scope: null }, - { type: 'language', subtag: 'xch', prefix: [], scope: null }, - { type: 'language', subtag: 'xcl', prefix: [], scope: null }, - { type: 'language', subtag: 'xcm', prefix: [], scope: null }, - { type: 'language', subtag: 'xcn', prefix: [], scope: null }, - { type: 'language', subtag: 'xco', prefix: [], scope: null }, - { type: 'language', subtag: 'xcr', prefix: [], scope: null }, - { type: 'language', subtag: 'xct', prefix: [], scope: null }, - { type: 'language', subtag: 'xcu', prefix: [], scope: null }, - { type: 'language', subtag: 'xcv', prefix: [], scope: null }, - { type: 'language', subtag: 'xcw', prefix: [], scope: null }, - { type: 'language', subtag: 'xcy', prefix: [], scope: null }, - { type: 'language', subtag: 'xda', prefix: [], scope: null }, - { type: 'language', subtag: 'xdc', prefix: [], scope: null }, - { type: 'language', subtag: 'xdk', prefix: [], scope: null }, - { type: 'language', subtag: 'xdm', prefix: [], scope: null }, - { type: 'language', subtag: 'xdo', prefix: [], scope: null }, - { type: 'language', subtag: 'xdq', prefix: [], scope: null }, - { type: 'language', subtag: 'xdy', prefix: [], scope: null }, - { type: 'language', subtag: 'xeb', prefix: [], scope: null }, - { type: 'language', subtag: 'xed', prefix: [], scope: null }, - { type: 'language', subtag: 'xeg', prefix: [], scope: null }, - { type: 'language', subtag: 'xel', prefix: [], scope: null }, - { type: 'language', subtag: 'xem', prefix: [], scope: null }, - { type: 'language', subtag: 'xep', prefix: [], scope: null }, - { type: 'language', subtag: 'xer', prefix: [], scope: null }, - { type: 'language', subtag: 'xes', prefix: [], scope: null }, - { type: 'language', subtag: 'xet', prefix: [], scope: null }, - { type: 'language', subtag: 'xeu', prefix: [], scope: null }, - { type: 'language', subtag: 'xfa', prefix: [], scope: null }, - { type: 'language', subtag: 'xga', prefix: [], scope: null }, - { type: 'language', subtag: 'xgb', prefix: [], scope: null }, - { type: 'language', subtag: 'xgd', prefix: [], scope: null }, - { type: 'language', subtag: 'xgf', prefix: [], scope: null }, - { type: 'language', subtag: 'xgg', prefix: [], scope: null }, - { type: 'language', subtag: 'xgi', prefix: [], scope: null }, - { type: 'language', subtag: 'xgl', prefix: [], scope: null }, - { type: 'language', subtag: 'xgm', prefix: [], scope: null }, - { type: 'language', subtag: 'xgn', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'xgr', prefix: [], scope: null }, - { type: 'language', subtag: 'xgu', prefix: [], scope: null }, - { type: 'language', subtag: 'xgw', prefix: [], scope: null }, - { type: 'language', subtag: 'xha', prefix: [], scope: null }, - { type: 'language', subtag: 'xhc', prefix: [], scope: null }, - { type: 'language', subtag: 'xhd', prefix: [], scope: null }, - { type: 'language', subtag: 'xhe', prefix: [], scope: null }, - { type: 'language', subtag: 'xhm', prefix: [], scope: null }, - { type: 'language', subtag: 'xhr', prefix: [], scope: null }, - { type: 'language', subtag: 'xht', prefix: [], scope: null }, - { type: 'language', subtag: 'xhu', prefix: [], scope: null }, - { type: 'language', subtag: 'xhv', prefix: [], scope: null }, - { type: 'language', subtag: 'xia', prefix: [], scope: null }, - { type: 'language', subtag: 'xib', prefix: [], scope: null }, - { type: 'language', subtag: 'xii', prefix: [], scope: null }, - { type: 'language', subtag: 'xil', prefix: [], scope: null }, - { type: 'language', subtag: 'xin', prefix: [], scope: null }, - { type: 'language', subtag: 'xip', prefix: [], scope: null }, - { type: 'language', subtag: 'xir', prefix: [], scope: null }, - { type: 'language', subtag: 'xis', prefix: [], scope: null }, - { type: 'language', subtag: 'xiv', prefix: [], scope: null }, - { type: 'language', subtag: 'xiy', prefix: [], scope: null }, - { type: 'language', subtag: 'xjb', prefix: [], scope: null }, - { type: 'language', subtag: 'xjt', prefix: [], scope: null }, - { type: 'language', subtag: 'xka', prefix: [], scope: null }, - { type: 'language', subtag: 'xkb', prefix: [], scope: null }, - { type: 'language', subtag: 'xkc', prefix: [], scope: null }, - { type: 'language', subtag: 'xkd', prefix: [], scope: null }, - { type: 'language', subtag: 'xke', prefix: [], scope: null }, - { type: 'language', subtag: 'xkf', prefix: [], scope: null }, - { type: 'language', subtag: 'xkg', prefix: [], scope: null }, - { type: 'language', subtag: 'xkh', prefix: [], scope: null }, - { type: 'language', subtag: 'xki', prefix: [], scope: null }, - { type: 'language', subtag: 'xkj', prefix: [], scope: null }, - { type: 'language', subtag: 'xkk', prefix: [], scope: null }, - { type: 'language', subtag: 'xkl', prefix: [], scope: null }, - { type: 'language', subtag: 'xkn', prefix: [], scope: null }, - { type: 'language', subtag: 'xko', prefix: [], scope: null }, - { type: 'language', subtag: 'xkp', prefix: [], scope: null }, - { type: 'language', subtag: 'xkq', prefix: [], scope: null }, - { type: 'language', subtag: 'xkr', prefix: [], scope: null }, - { type: 'language', subtag: 'xks', prefix: [], scope: null }, - { type: 'language', subtag: 'xkt', prefix: [], scope: null }, - { type: 'language', subtag: 'xku', prefix: [], scope: null }, - { type: 'language', subtag: 'xkv', prefix: [], scope: null }, - { type: 'language', subtag: 'xkw', prefix: [], scope: null }, - { type: 'language', subtag: 'xkx', prefix: [], scope: null }, - { type: 'language', subtag: 'xky', prefix: [], scope: null }, - { type: 'language', subtag: 'xkz', prefix: [], scope: null }, - { type: 'language', subtag: 'xla', prefix: [], scope: null }, - { type: 'language', subtag: 'xlb', prefix: [], scope: null }, - { type: 'language', subtag: 'xlc', prefix: [], scope: null }, - { type: 'language', subtag: 'xld', prefix: [], scope: null }, - { type: 'language', subtag: 'xle', prefix: [], scope: null }, - { type: 'language', subtag: 'xlg', prefix: [], scope: null }, - { type: 'language', subtag: 'xli', prefix: [], scope: null }, - { type: 'language', subtag: 'xln', prefix: [], scope: null }, - { type: 'language', subtag: 'xlo', prefix: [], scope: null }, - { type: 'language', subtag: 'xlp', prefix: [], scope: null }, - { type: 'language', subtag: 'xls', prefix: [], scope: null }, - { type: 'language', subtag: 'xlu', prefix: [], scope: null }, - { type: 'language', subtag: 'xly', prefix: [], scope: null }, - { type: 'language', subtag: 'xma', prefix: [], scope: null }, - { type: 'language', subtag: 'xmb', prefix: [], scope: null }, - { type: 'language', subtag: 'xmc', prefix: [], scope: null }, - { type: 'language', subtag: 'xmd', prefix: [], scope: null }, - { type: 'language', subtag: 'xme', prefix: [], scope: null }, - { type: 'language', subtag: 'xmf', prefix: [], scope: null }, - { type: 'language', subtag: 'xmg', prefix: [], scope: null }, - { type: 'language', subtag: 'xmh', prefix: [], scope: null }, - { type: 'language', subtag: 'xmj', prefix: [], scope: null }, - { type: 'language', subtag: 'xmk', prefix: [], scope: null }, - { type: 'language', subtag: 'xml', prefix: [], scope: null }, - { type: 'language', subtag: 'xmm', prefix: [], scope: null }, - { type: 'language', subtag: 'xmn', prefix: [], scope: null }, - { type: 'language', subtag: 'xmo', prefix: [], scope: null }, - { type: 'language', subtag: 'xmp', prefix: [], scope: null }, - { type: 'language', subtag: 'xmq', prefix: [], scope: null }, - { type: 'language', subtag: 'xmr', prefix: [], scope: null }, - { type: 'language', subtag: 'xms', prefix: [], scope: null }, - { type: 'language', subtag: 'xmt', prefix: [], scope: null }, - { type: 'language', subtag: 'xmu', prefix: [], scope: null }, - { type: 'language', subtag: 'xmv', prefix: [], scope: null }, - { type: 'language', subtag: 'xmw', prefix: [], scope: null }, - { type: 'language', subtag: 'xmx', prefix: [], scope: null }, - { type: 'language', subtag: 'xmy', prefix: [], scope: null }, - { type: 'language', subtag: 'xmz', prefix: [], scope: null }, - { type: 'language', subtag: 'xna', prefix: [], scope: null }, - { type: 'language', subtag: 'xnb', prefix: [], scope: null }, - { type: 'language', subtag: 'xnd', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'xng', prefix: [], scope: null }, - { type: 'language', subtag: 'xnh', prefix: [], scope: null }, - { type: 'language', subtag: 'xni', prefix: [], scope: null }, - { type: 'language', subtag: 'xnj', prefix: [], scope: null }, - { type: 'language', subtag: 'xnk', prefix: [], scope: null }, - { type: 'language', subtag: 'xnm', prefix: [], scope: null }, - { type: 'language', subtag: 'xnn', prefix: [], scope: null }, - { type: 'language', subtag: 'xno', prefix: [], scope: null }, - { type: 'language', subtag: 'xnq', prefix: [], scope: null }, - { type: 'language', subtag: 'xnr', prefix: [], scope: null }, - { type: 'language', subtag: 'xns', prefix: [], scope: null }, - { type: 'language', subtag: 'xnt', prefix: [], scope: null }, - { type: 'language', subtag: 'xnu', prefix: [], scope: null }, - { type: 'language', subtag: 'xny', prefix: [], scope: null }, - { type: 'language', subtag: 'xnz', prefix: [], scope: null }, - { type: 'language', subtag: 'xoc', prefix: [], scope: null }, - { type: 'language', subtag: 'xod', prefix: [], scope: null }, - { type: 'language', subtag: 'xog', prefix: [], scope: null }, - { type: 'language', subtag: 'xoi', prefix: [], scope: null }, - { type: 'language', subtag: 'xok', prefix: [], scope: null }, - { type: 'language', subtag: 'xom', prefix: [], scope: null }, - { type: 'language', subtag: 'xon', prefix: [], scope: null }, - { type: 'language', subtag: 'xoo', prefix: [], scope: null }, - { type: 'language', subtag: 'xop', prefix: [], scope: null }, - { type: 'language', subtag: 'xor', prefix: [], scope: null }, - { type: 'language', subtag: 'xow', prefix: [], scope: null }, - { type: 'language', subtag: 'xpa', prefix: [], scope: null }, - { type: 'language', subtag: 'xpb', prefix: [], scope: null }, - { type: 'language', subtag: 'xpc', prefix: [], scope: null }, - { type: 'language', subtag: 'xpd', prefix: [], scope: null }, - { type: 'language', subtag: 'xpe', prefix: [], scope: null }, - { type: 'language', subtag: 'xpf', prefix: [], scope: null }, - { type: 'language', subtag: 'xpg', prefix: [], scope: null }, - { type: 'language', subtag: 'xph', prefix: [], scope: null }, - { type: 'language', subtag: 'xpi', prefix: [], scope: null }, - { type: 'language', subtag: 'xpj', prefix: [], scope: null }, - { type: 'language', subtag: 'xpk', prefix: [], scope: null }, - { type: 'language', subtag: 'xpl', prefix: [], scope: null }, - { type: 'language', subtag: 'xpm', prefix: [], scope: null }, - { type: 'language', subtag: 'xpn', prefix: [], scope: null }, - { type: 'language', subtag: 'xpo', prefix: [], scope: null }, - { type: 'language', subtag: 'xpp', prefix: [], scope: null }, - { type: 'language', subtag: 'xpq', prefix: [], scope: null }, - { type: 'language', subtag: 'xpr', prefix: [], scope: null }, - { type: 'language', subtag: 'xps', prefix: [], scope: null }, - { type: 'language', subtag: 'xpt', prefix: [], scope: null }, - { type: 'language', subtag: 'xpu', prefix: [], scope: null }, - { type: 'language', subtag: 'xpv', prefix: [], scope: null }, - { type: 'language', subtag: 'xpw', prefix: [], scope: null }, - { type: 'language', subtag: 'xpx', prefix: [], scope: null }, - { type: 'language', subtag: 'xpy', prefix: [], scope: null }, - { type: 'language', subtag: 'xpz', prefix: [], scope: null }, - { type: 'language', subtag: 'xqa', prefix: [], scope: null }, - { type: 'language', subtag: 'xqt', prefix: [], scope: null }, - { type: 'language', subtag: 'xra', prefix: [], scope: null }, - { type: 'language', subtag: 'xrb', prefix: [], scope: null }, - { type: 'language', subtag: 'xrd', prefix: [], scope: null }, - { type: 'language', subtag: 'xre', prefix: [], scope: null }, - { type: 'language', subtag: 'xrg', prefix: [], scope: null }, - { type: 'language', subtag: 'xri', prefix: [], scope: null }, - { type: 'language', subtag: 'xrm', prefix: [], scope: null }, - { type: 'language', subtag: 'xrn', prefix: [], scope: null }, - { type: 'language', subtag: 'xrq', prefix: [], scope: null }, - { type: 'language', subtag: 'xrr', prefix: [], scope: null }, - { type: 'language', subtag: 'xrt', prefix: [], scope: null }, - { type: 'language', subtag: 'xru', prefix: [], scope: null }, - { type: 'language', subtag: 'xrw', prefix: [], scope: null }, - { type: 'language', subtag: 'xsa', prefix: [], scope: null }, - { type: 'language', subtag: 'xsb', prefix: [], scope: null }, - { type: 'language', subtag: 'xsc', prefix: [], scope: null }, - { type: 'language', subtag: 'xsd', prefix: [], scope: null }, - { type: 'language', subtag: 'xse', prefix: [], scope: null }, - { type: 'language', subtag: 'xsh', prefix: [], scope: null }, - { type: 'language', subtag: 'xsi', prefix: [], scope: null }, - { type: 'language', subtag: 'xsj', prefix: [], scope: null }, - { type: 'language', subtag: 'xsl', prefix: [], scope: null }, - { type: 'language', subtag: 'xsm', prefix: [], scope: null }, - { type: 'language', subtag: 'xsn', prefix: [], scope: null }, - { type: 'language', subtag: 'xso', prefix: [], scope: null }, - { type: 'language', subtag: 'xsp', prefix: [], scope: null }, - { type: 'language', subtag: 'xsq', prefix: [], scope: null }, - { type: 'language', subtag: 'xsr', prefix: [], scope: null }, - { type: 'language', subtag: 'xss', prefix: [], scope: null }, - { type: 'language', subtag: 'xsu', prefix: [], scope: null }, - { type: 'language', subtag: 'xsv', prefix: [], scope: null }, - { type: 'language', subtag: 'xsy', prefix: [], scope: null }, - { type: 'language', subtag: 'xta', prefix: [], scope: null }, - { type: 'language', subtag: 'xtb', prefix: [], scope: null }, - { type: 'language', subtag: 'xtc', prefix: [], scope: null }, - { type: 'language', subtag: 'xtd', prefix: [], scope: null }, - { type: 'language', subtag: 'xte', prefix: [], scope: null }, - { type: 'language', subtag: 'xtg', prefix: [], scope: null }, - { type: 'language', subtag: 'xth', prefix: [], scope: null }, - { type: 'language', subtag: 'xti', prefix: [], scope: null }, - { type: 'language', subtag: 'xtj', prefix: [], scope: null }, - { type: 'language', subtag: 'xtl', prefix: [], scope: null }, - { type: 'language', subtag: 'xtm', prefix: [], scope: null }, - { type: 'language', subtag: 'xtn', prefix: [], scope: null }, - { type: 'language', subtag: 'xto', prefix: [], scope: null }, - { type: 'language', subtag: 'xtp', prefix: [], scope: null }, - { type: 'language', subtag: 'xtq', prefix: [], scope: null }, - { type: 'language', subtag: 'xtr', prefix: [], scope: null }, - { type: 'language', subtag: 'xts', prefix: [], scope: null }, - { type: 'language', subtag: 'xtt', prefix: [], scope: null }, - { type: 'language', subtag: 'xtu', prefix: [], scope: null }, - { type: 'language', subtag: 'xtv', prefix: [], scope: null }, - { type: 'language', subtag: 'xtw', prefix: [], scope: null }, - { type: 'language', subtag: 'xty', prefix: [], scope: null }, - { type: 'language', subtag: 'xtz', prefix: [], scope: null }, - { type: 'language', subtag: 'xua', prefix: [], scope: null }, - { type: 'language', subtag: 'xub', prefix: [], scope: null }, - { type: 'language', subtag: 'xud', prefix: [], scope: null }, - { type: 'language', subtag: 'xug', prefix: [], scope: null }, - { type: 'language', subtag: 'xuj', prefix: [], scope: null }, - { type: 'language', subtag: 'xul', prefix: [], scope: null }, - { type: 'language', subtag: 'xum', prefix: [], scope: null }, - { type: 'language', subtag: 'xun', prefix: [], scope: null }, - { type: 'language', subtag: 'xuo', prefix: [], scope: null }, - { type: 'language', subtag: 'xup', prefix: [], scope: null }, - { type: 'language', subtag: 'xur', prefix: [], scope: null }, - { type: 'language', subtag: 'xut', prefix: [], scope: null }, - { type: 'language', subtag: 'xuu', prefix: [], scope: null }, - { type: 'language', subtag: 'xve', prefix: [], scope: null }, - { type: 'language', subtag: 'xvi', prefix: [], scope: null }, - { type: 'language', subtag: 'xvn', prefix: [], scope: null }, - { type: 'language', subtag: 'xvo', prefix: [], scope: null }, - { type: 'language', subtag: 'xvs', prefix: [], scope: null }, - { type: 'language', subtag: 'xwa', prefix: [], scope: null }, - { type: 'language', subtag: 'xwc', prefix: [], scope: null }, - { type: 'language', subtag: 'xwd', prefix: [], scope: null }, - { type: 'language', subtag: 'xwe', prefix: [], scope: null }, - { type: 'language', subtag: 'xwg', prefix: [], scope: null }, - { type: 'language', subtag: 'xwj', prefix: [], scope: null }, - { type: 'language', subtag: 'xwk', prefix: [], scope: null }, - { type: 'language', subtag: 'xwl', prefix: [], scope: null }, - { type: 'language', subtag: 'xwo', prefix: [], scope: null }, - { type: 'language', subtag: 'xwr', prefix: [], scope: null }, - { type: 'language', subtag: 'xwt', prefix: [], scope: null }, - { type: 'language', subtag: 'xww', prefix: [], scope: null }, - { type: 'language', subtag: 'xxb', prefix: [], scope: null }, - { type: 'language', subtag: 'xxk', prefix: [], scope: null }, - { type: 'language', subtag: 'xxm', prefix: [], scope: null }, - { type: 'language', subtag: 'xxr', prefix: [], scope: null }, - { type: 'language', subtag: 'xxt', prefix: [], scope: null }, - { type: 'language', subtag: 'xya', prefix: [], scope: null }, - { type: 'language', subtag: 'xyb', prefix: [], scope: null }, - { type: 'language', subtag: 'xyj', prefix: [], scope: null }, - { type: 'language', subtag: 'xyk', prefix: [], scope: null }, - { type: 'language', subtag: 'xyl', prefix: [], scope: null }, - { type: 'language', subtag: 'xyt', prefix: [], scope: null }, - { type: 'language', subtag: 'xyy', prefix: [], scope: null }, - { type: 'language', subtag: 'xzh', prefix: [], scope: null }, - { type: 'language', subtag: 'xzm', prefix: [], scope: null }, - { type: 'language', subtag: 'xzp', prefix: [], scope: null }, - { type: 'language', subtag: 'yaa', prefix: [], scope: null }, - { type: 'language', subtag: 'yab', prefix: [], scope: null }, - { type: 'language', subtag: 'yac', prefix: [], scope: null }, - { type: 'language', subtag: 'yad', prefix: [], scope: null }, - { type: 'language', subtag: 'yae', prefix: [], scope: null }, - { type: 'language', subtag: 'yaf', prefix: [], scope: null }, - { type: 'language', subtag: 'yag', prefix: [], scope: null }, - { type: 'language', subtag: 'yah', prefix: [], scope: null }, - { type: 'language', subtag: 'yai', prefix: [], scope: null }, - { type: 'language', subtag: 'yaj', prefix: [], scope: null }, - { type: 'language', subtag: 'yak', prefix: [], scope: null }, - { type: 'language', subtag: 'yal', prefix: [], scope: null }, - { type: 'language', subtag: 'yam', prefix: [], scope: null }, - { type: 'language', subtag: 'yan', prefix: [], scope: null }, - { type: 'language', subtag: 'yao', prefix: [], scope: null }, - { type: 'language', subtag: 'yap', prefix: [], scope: null }, - { type: 'language', subtag: 'yaq', prefix: [], scope: null }, - { type: 'language', subtag: 'yar', prefix: [], scope: null }, - { type: 'language', subtag: 'yas', prefix: [], scope: null }, - { type: 'language', subtag: 'yat', prefix: [], scope: null }, - { type: 'language', subtag: 'yau', prefix: [], scope: null }, - { type: 'language', subtag: 'yav', prefix: [], scope: null }, - { type: 'language', subtag: 'yaw', prefix: [], scope: null }, - { type: 'language', subtag: 'yax', prefix: [], scope: null }, - { type: 'language', subtag: 'yay', prefix: [], scope: null }, - { type: 'language', subtag: 'yaz', prefix: [], scope: null }, - { type: 'language', subtag: 'yba', prefix: [], scope: null }, - { type: 'language', subtag: 'ybb', prefix: [], scope: null }, - { type: 'language', subtag: 'ybd', prefix: [], scope: null }, - { type: 'language', subtag: 'ybe', prefix: [], scope: null }, - { type: 'language', subtag: 'ybh', prefix: [], scope: null }, - { type: 'language', subtag: 'ybi', prefix: [], scope: null }, - { type: 'language', subtag: 'ybj', prefix: [], scope: null }, - { type: 'language', subtag: 'ybk', prefix: [], scope: null }, - { type: 'language', subtag: 'ybl', prefix: [], scope: null }, - { type: 'language', subtag: 'ybm', prefix: [], scope: null }, - { type: 'language', subtag: 'ybn', prefix: [], scope: null }, - { type: 'language', subtag: 'ybo', prefix: [], scope: null }, - { type: 'language', subtag: 'ybx', prefix: [], scope: null }, - { type: 'language', subtag: 'yby', prefix: [], scope: null }, - { type: 'language', subtag: 'ych', prefix: [], scope: null }, - { type: 'language', subtag: 'ycl', prefix: [], scope: null }, - { type: 'language', subtag: 'ycn', prefix: [], scope: null }, - { type: 'language', subtag: 'ycp', prefix: [], scope: null }, - { type: 'language', subtag: 'yda', prefix: [], scope: null }, - { type: 'language', subtag: 'ydd', prefix: [], scope: null }, - { type: 'language', subtag: 'yde', prefix: [], scope: null }, - { type: 'language', subtag: 'ydg', prefix: [], scope: null }, - { type: 'language', subtag: 'ydk', prefix: [], scope: null }, - { type: 'language', subtag: 'yds', prefix: [], scope: null }, - { type: 'language', subtag: 'yea', prefix: [], scope: null }, - { type: 'language', subtag: 'yec', prefix: [], scope: null }, - { type: 'language', subtag: 'yee', prefix: [], scope: null }, - { type: 'language', subtag: 'yei', prefix: [], scope: null }, - { type: 'language', subtag: 'yej', prefix: [], scope: null }, - { type: 'language', subtag: 'yel', prefix: [], scope: null }, - { type: 'language', subtag: 'yen', prefix: [], scope: null }, - { type: 'language', subtag: 'yer', prefix: [], scope: null }, - { type: 'language', subtag: 'yes', prefix: [], scope: null }, - { type: 'language', subtag: 'yet', prefix: [], scope: null }, - { type: 'language', subtag: 'yeu', prefix: [], scope: null }, - { type: 'language', subtag: 'yev', prefix: [], scope: null }, - { type: 'language', subtag: 'yey', prefix: [], scope: null }, - { type: 'language', subtag: 'yga', prefix: [], scope: null }, - { type: 'language', subtag: 'ygi', prefix: [], scope: null }, - { type: 'language', subtag: 'ygl', prefix: [], scope: null }, - { type: 'language', subtag: 'ygm', prefix: [], scope: null }, - { type: 'language', subtag: 'ygp', prefix: [], scope: null }, - { type: 'language', subtag: 'ygr', prefix: [], scope: null }, - { type: 'language', subtag: 'ygs', prefix: [], scope: null }, - { type: 'language', subtag: 'ygu', prefix: [], scope: null }, - { type: 'language', subtag: 'ygw', prefix: [], scope: null }, - { type: 'language', subtag: 'yha', prefix: [], scope: null }, - { type: 'language', subtag: 'yhd', prefix: [], scope: null }, - { type: 'language', subtag: 'yhl', prefix: [], scope: null }, - { type: 'language', subtag: 'yhs', prefix: [], scope: null }, - { type: 'language', subtag: 'yia', prefix: [], scope: null }, - { type: 'language', subtag: 'yif', prefix: [], scope: null }, - { type: 'language', subtag: 'yig', prefix: [], scope: null }, - { type: 'language', subtag: 'yih', prefix: [], scope: null }, - { type: 'language', subtag: 'yii', prefix: [], scope: null }, - { type: 'language', subtag: 'yij', prefix: [], scope: null }, - { type: 'language', subtag: 'yik', prefix: [], scope: null }, - { type: 'language', subtag: 'yil', prefix: [], scope: null }, - { type: 'language', subtag: 'yim', prefix: [], scope: null }, - { type: 'language', subtag: 'yin', prefix: [], scope: null }, - { type: 'language', subtag: 'yip', prefix: [], scope: null }, - { type: 'language', subtag: 'yiq', prefix: [], scope: null }, - { type: 'language', subtag: 'yir', prefix: [], scope: null }, - { type: 'language', subtag: 'yis', prefix: [], scope: null }, - { type: 'language', subtag: 'yit', prefix: [], scope: null }, - { type: 'language', subtag: 'yiu', prefix: [], scope: null }, - { type: 'language', subtag: 'yiv', prefix: [], scope: null }, - { type: 'language', subtag: 'yix', prefix: [], scope: null }, - { type: 'language', subtag: 'yiy', prefix: [], scope: null }, - { type: 'language', subtag: 'yiz', prefix: [], scope: null }, - { type: 'language', subtag: 'yka', prefix: [], scope: null }, - { type: 'language', subtag: 'ykg', prefix: [], scope: null }, - { type: 'language', subtag: 'yki', prefix: [], scope: null }, - { type: 'language', subtag: 'ykk', prefix: [], scope: null }, - { type: 'language', subtag: 'ykl', prefix: [], scope: null }, - { type: 'language', subtag: 'ykm', prefix: [], scope: null }, - { type: 'language', subtag: 'ykn', prefix: [], scope: null }, - { type: 'language', subtag: 'yko', prefix: [], scope: null }, - { type: 'language', subtag: 'ykr', prefix: [], scope: null }, - { type: 'language', subtag: 'ykt', prefix: [], scope: null }, - { type: 'language', subtag: 'yku', prefix: [], scope: null }, - { type: 'language', subtag: 'yky', prefix: [], scope: null }, - { type: 'language', subtag: 'yla', prefix: [], scope: null }, - { type: 'language', subtag: 'ylb', prefix: [], scope: null }, - { type: 'language', subtag: 'yle', prefix: [], scope: null }, - { type: 'language', subtag: 'ylg', prefix: [], scope: null }, - { type: 'language', subtag: 'yli', prefix: [], scope: null }, - { type: 'language', subtag: 'yll', prefix: [], scope: null }, - { type: 'language', subtag: 'ylm', prefix: [], scope: null }, - { type: 'language', subtag: 'yln', prefix: [], scope: null }, - { type: 'language', subtag: 'ylo', prefix: [], scope: null }, - { type: 'language', subtag: 'ylr', prefix: [], scope: null }, - { type: 'language', subtag: 'ylu', prefix: [], scope: null }, - { type: 'language', subtag: 'yly', prefix: [], scope: null }, - { type: 'language', subtag: 'yma', prefix: [], scope: null }, - { type: 'language', subtag: 'ymb', prefix: [], scope: null }, - { type: 'language', subtag: 'ymc', prefix: [], scope: null }, - { type: 'language', subtag: 'ymd', prefix: [], scope: null }, - { type: 'language', subtag: 'yme', prefix: [], scope: null }, - { type: 'language', subtag: 'ymg', prefix: [], scope: null }, - { type: 'language', subtag: 'ymh', prefix: [], scope: null }, - { type: 'language', subtag: 'ymi', prefix: [], scope: null }, - { type: 'language', subtag: 'ymk', prefix: [], scope: null }, - { type: 'language', subtag: 'yml', prefix: [], scope: null }, - { type: 'language', subtag: 'ymm', prefix: [], scope: null }, - { type: 'language', subtag: 'ymn', prefix: [], scope: null }, - { type: 'language', subtag: 'ymo', prefix: [], scope: null }, - { type: 'language', subtag: 'ymp', prefix: [], scope: null }, - { type: 'language', subtag: 'ymq', prefix: [], scope: null }, - { type: 'language', subtag: 'ymr', prefix: [], scope: null }, - { type: 'language', subtag: 'yms', prefix: [], scope: null }, - { type: 'language', subtag: 'ymt', prefix: [], scope: null }, - { type: 'language', subtag: 'ymx', prefix: [], scope: null }, - { type: 'language', subtag: 'ymz', prefix: [], scope: null }, - { type: 'language', subtag: 'yna', prefix: [], scope: null }, - { type: 'language', subtag: 'ynd', prefix: [], scope: null }, - { type: 'language', subtag: 'yne', prefix: [], scope: null }, - { type: 'language', subtag: 'yng', prefix: [], scope: null }, - { type: 'language', subtag: 'ynh', prefix: [], scope: null }, - { type: 'language', subtag: 'ynk', prefix: [], scope: null }, - { type: 'language', subtag: 'ynl', prefix: [], scope: null }, - { type: 'language', subtag: 'ynn', prefix: [], scope: null }, - { type: 'language', subtag: 'yno', prefix: [], scope: null }, - { type: 'language', subtag: 'ynq', prefix: [], scope: null }, - { type: 'language', subtag: 'yns', prefix: [], scope: null }, - { type: 'language', subtag: 'ynu', prefix: [], scope: null }, - { type: 'language', subtag: 'yob', prefix: [], scope: null }, - { type: 'language', subtag: 'yog', prefix: [], scope: null }, - { type: 'language', subtag: 'yoi', prefix: [], scope: null }, - { type: 'language', subtag: 'yok', prefix: [], scope: null }, - { type: 'language', subtag: 'yol', prefix: [], scope: null }, - { type: 'language', subtag: 'yom', prefix: [], scope: null }, - { type: 'language', subtag: 'yon', prefix: [], scope: null }, - { type: 'language', subtag: 'yos', prefix: [], scope: null }, - { type: 'language', subtag: 'yot', prefix: [], scope: null }, - { type: 'language', subtag: 'yox', prefix: [], scope: null }, - { type: 'language', subtag: 'yoy', prefix: [], scope: null }, - { type: 'language', subtag: 'ypa', prefix: [], scope: null }, - { type: 'language', subtag: 'ypb', prefix: [], scope: null }, - { type: 'language', subtag: 'ypg', prefix: [], scope: null }, - { type: 'language', subtag: 'yph', prefix: [], scope: null }, - { type: 'language', subtag: 'ypk', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'ypm', prefix: [], scope: null }, - { type: 'language', subtag: 'ypn', prefix: [], scope: null }, - { type: 'language', subtag: 'ypo', prefix: [], scope: null }, - { type: 'language', subtag: 'ypp', prefix: [], scope: null }, - { type: 'language', subtag: 'ypz', prefix: [], scope: null }, - { type: 'language', subtag: 'yra', prefix: [], scope: null }, - { type: 'language', subtag: 'yrb', prefix: [], scope: null }, - { type: 'language', subtag: 'yre', prefix: [], scope: null }, - { type: 'language', subtag: 'yri', prefix: [], scope: null }, - { type: 'language', subtag: 'yrk', prefix: [], scope: null }, - { type: 'language', subtag: 'yrl', prefix: [], scope: null }, - { type: 'language', subtag: 'yrm', prefix: [], scope: null }, - { type: 'language', subtag: 'yrn', prefix: [], scope: null }, - { type: 'language', subtag: 'yro', prefix: [], scope: null }, - { type: 'language', subtag: 'yrs', prefix: [], scope: null }, - { type: 'language', subtag: 'yrw', prefix: [], scope: null }, - { type: 'language', subtag: 'yry', prefix: [], scope: null }, - { type: 'language', subtag: 'ysc', prefix: [], scope: null }, - { type: 'language', subtag: 'ysd', prefix: [], scope: null }, - { type: 'language', subtag: 'ysg', prefix: [], scope: null }, - { type: 'language', subtag: 'ysl', prefix: [], scope: null }, - { type: 'language', subtag: 'ysm', prefix: [], scope: null }, - { type: 'language', subtag: 'ysn', prefix: [], scope: null }, - { type: 'language', subtag: 'yso', prefix: [], scope: null }, - { type: 'language', subtag: 'ysp', prefix: [], scope: null }, - { type: 'language', subtag: 'ysr', prefix: [], scope: null }, - { type: 'language', subtag: 'yss', prefix: [], scope: null }, - { type: 'language', subtag: 'ysy', prefix: [], scope: null }, - { type: 'language', subtag: 'yta', prefix: [], scope: null }, - { type: 'language', subtag: 'ytl', prefix: [], scope: null }, - { type: 'language', subtag: 'ytp', prefix: [], scope: null }, - { type: 'language', subtag: 'ytw', prefix: [], scope: null }, - { type: 'language', subtag: 'yty', prefix: [], scope: null }, - { type: 'language', subtag: 'yua', prefix: [], scope: null }, - { type: 'language', subtag: 'yub', prefix: [], scope: null }, - { type: 'language', subtag: 'yuc', prefix: [], scope: null }, - { type: 'language', subtag: 'yud', prefix: [], scope: null }, - { type: 'language', subtag: 'yue', prefix: [], scope: null }, - { type: 'language', subtag: 'yuf', prefix: [], scope: null }, - { type: 'language', subtag: 'yug', prefix: [], scope: null }, - { type: 'language', subtag: 'yui', prefix: [], scope: null }, - { type: 'language', subtag: 'yuj', prefix: [], scope: null }, - { type: 'language', subtag: 'yuk', prefix: [], scope: null }, - { type: 'language', subtag: 'yul', prefix: [], scope: null }, - { type: 'language', subtag: 'yum', prefix: [], scope: null }, - { type: 'language', subtag: 'yun', prefix: [], scope: null }, - { type: 'language', subtag: 'yup', prefix: [], scope: null }, - { type: 'language', subtag: 'yuq', prefix: [], scope: null }, - { type: 'language', subtag: 'yur', prefix: [], scope: null }, - { type: 'language', subtag: 'yut', prefix: [], scope: null }, - { type: 'language', subtag: 'yuu', prefix: [], scope: null }, - { type: 'language', subtag: 'yuw', prefix: [], scope: null }, - { type: 'language', subtag: 'yux', prefix: [], scope: null }, - { type: 'language', subtag: 'yuy', prefix: [], scope: null }, - { type: 'language', subtag: 'yuz', prefix: [], scope: null }, - { type: 'language', subtag: 'yva', prefix: [], scope: null }, - { type: 'language', subtag: 'yvt', prefix: [], scope: null }, - { type: 'language', subtag: 'ywa', prefix: [], scope: null }, - { type: 'language', subtag: 'ywg', prefix: [], scope: null }, - { type: 'language', subtag: 'ywl', prefix: [], scope: null }, - { type: 'language', subtag: 'ywn', prefix: [], scope: null }, - { type: 'language', subtag: 'ywq', prefix: [], scope: null }, - { type: 'language', subtag: 'ywr', prefix: [], scope: null }, - { type: 'language', subtag: 'ywt', prefix: [], scope: null }, - { type: 'language', subtag: 'ywu', prefix: [], scope: null }, - { type: 'language', subtag: 'yww', prefix: [], scope: null }, - { type: 'language', subtag: 'yxa', prefix: [], scope: null }, - { type: 'language', subtag: 'yxg', prefix: [], scope: null }, - { type: 'language', subtag: 'yxl', prefix: [], scope: null }, - { type: 'language', subtag: 'yxm', prefix: [], scope: null }, - { type: 'language', subtag: 'yxu', prefix: [], scope: null }, - { type: 'language', subtag: 'yxy', prefix: [], scope: null }, - { type: 'language', subtag: 'yyr', prefix: [], scope: null }, - { type: 'language', subtag: 'yyu', prefix: [], scope: null }, - { type: 'language', subtag: 'yyz', prefix: [], scope: null }, - { type: 'language', subtag: 'yzg', prefix: [], scope: null }, - { type: 'language', subtag: 'yzk', prefix: [], scope: null }, - { type: 'language', subtag: 'zaa', prefix: [], scope: null }, - { type: 'language', subtag: 'zab', prefix: [], scope: null }, - { type: 'language', subtag: 'zac', prefix: [], scope: null }, - { type: 'language', subtag: 'zad', prefix: [], scope: null }, - { type: 'language', subtag: 'zae', prefix: [], scope: null }, - { type: 'language', subtag: 'zaf', prefix: [], scope: null }, - { type: 'language', subtag: 'zag', prefix: [], scope: null }, - { type: 'language', subtag: 'zah', prefix: [], scope: null }, - { type: 'language', subtag: 'zai', prefix: [], scope: null }, - { type: 'language', subtag: 'zaj', prefix: [], scope: null }, - { type: 'language', subtag: 'zak', prefix: [], scope: null }, - { type: 'language', subtag: 'zal', prefix: [], scope: null }, - { type: 'language', subtag: 'zam', prefix: [], scope: null }, - { type: 'language', subtag: 'zao', prefix: [], scope: null }, - { type: 'language', subtag: 'zap', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'zaq', prefix: [], scope: null }, - { type: 'language', subtag: 'zar', prefix: [], scope: null }, - { type: 'language', subtag: 'zas', prefix: [], scope: null }, - { type: 'language', subtag: 'zat', prefix: [], scope: null }, - { type: 'language', subtag: 'zau', prefix: [], scope: null }, - { type: 'language', subtag: 'zav', prefix: [], scope: null }, - { type: 'language', subtag: 'zaw', prefix: [], scope: null }, - { type: 'language', subtag: 'zax', prefix: [], scope: null }, - { type: 'language', subtag: 'zay', prefix: [], scope: null }, - { type: 'language', subtag: 'zaz', prefix: [], scope: null }, - { type: 'language', subtag: 'zba', prefix: [], scope: null }, - { type: 'language', subtag: 'zbc', prefix: [], scope: null }, - { type: 'language', subtag: 'zbe', prefix: [], scope: null }, - { type: 'language', subtag: 'zbl', prefix: [], scope: null }, - { type: 'language', subtag: 'zbt', prefix: [], scope: null }, - { type: 'language', subtag: 'zbu', prefix: [], scope: null }, - { type: 'language', subtag: 'zbw', prefix: [], scope: null }, - { type: 'language', subtag: 'zca', prefix: [], scope: null }, - { type: 'language', subtag: 'zcd', prefix: [], scope: null }, - { type: 'language', subtag: 'zch', prefix: [], scope: null }, - { type: 'language', subtag: 'zdj', prefix: [], scope: null }, - { type: 'language', subtag: 'zea', prefix: [], scope: null }, - { type: 'language', subtag: 'zeg', prefix: [], scope: null }, - { type: 'language', subtag: 'zeh', prefix: [], scope: null }, - { type: 'language', subtag: 'zen', prefix: [], scope: null }, - { type: 'language', subtag: 'zga', prefix: [], scope: null }, - { type: 'language', subtag: 'zgb', prefix: [], scope: null }, - { type: 'language', subtag: 'zgh', prefix: [], scope: null }, - { type: 'language', subtag: 'zgm', prefix: [], scope: null }, - { type: 'language', subtag: 'zgn', prefix: [], scope: null }, - { type: 'language', subtag: 'zgr', prefix: [], scope: null }, - { type: 'language', subtag: 'zhb', prefix: [], scope: null }, - { type: 'language', subtag: 'zhd', prefix: [], scope: null }, - { type: 'language', subtag: 'zhi', prefix: [], scope: null }, - { type: 'language', subtag: 'zhn', prefix: [], scope: null }, - { type: 'language', subtag: 'zhw', prefix: [], scope: null }, - { type: 'language', subtag: 'zhx', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'zia', prefix: [], scope: null }, - { type: 'language', subtag: 'zib', prefix: [], scope: null }, - { type: 'language', subtag: 'zik', prefix: [], scope: null }, - { type: 'language', subtag: 'zil', prefix: [], scope: null }, - { type: 'language', subtag: 'zim', prefix: [], scope: null }, - { type: 'language', subtag: 'zin', prefix: [], scope: null }, - { type: 'language', subtag: 'zir', prefix: [], scope: null }, - { type: 'language', subtag: 'ziw', prefix: [], scope: null }, - { type: 'language', subtag: 'ziz', prefix: [], scope: null }, - { type: 'language', subtag: 'zka', prefix: [], scope: null }, - { type: 'language', subtag: 'zkb', prefix: [], scope: null }, - { type: 'language', subtag: 'zkd', prefix: [], scope: null }, - { type: 'language', subtag: 'zkg', prefix: [], scope: null }, - { type: 'language', subtag: 'zkh', prefix: [], scope: null }, - { type: 'language', subtag: 'zkk', prefix: [], scope: null }, - { type: 'language', subtag: 'zkn', prefix: [], scope: null }, - { type: 'language', subtag: 'zko', prefix: [], scope: null }, - { type: 'language', subtag: 'zkp', prefix: [], scope: null }, - { type: 'language', subtag: 'zkr', prefix: [], scope: null }, - { type: 'language', subtag: 'zkt', prefix: [], scope: null }, - { type: 'language', subtag: 'zku', prefix: [], scope: null }, - { type: 'language', subtag: 'zkv', prefix: [], scope: null }, - { type: 'language', subtag: 'zkz', prefix: [], scope: null }, - { type: 'language', subtag: 'zla', prefix: [], scope: null }, - { type: 'language', subtag: 'zle', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'zlj', prefix: [], scope: null }, - { type: 'language', subtag: 'zlm', prefix: [], scope: null }, - { type: 'language', subtag: 'zln', prefix: [], scope: null }, - { type: 'language', subtag: 'zlq', prefix: [], scope: null }, - { type: 'language', subtag: 'zls', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'zlw', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'zma', prefix: [], scope: null }, - { type: 'language', subtag: 'zmb', prefix: [], scope: null }, - { type: 'language', subtag: 'zmc', prefix: [], scope: null }, - { type: 'language', subtag: 'zmd', prefix: [], scope: null }, - { type: 'language', subtag: 'zme', prefix: [], scope: null }, - { type: 'language', subtag: 'zmf', prefix: [], scope: null }, - { type: 'language', subtag: 'zmg', prefix: [], scope: null }, - { type: 'language', subtag: 'zmh', prefix: [], scope: null }, - { type: 'language', subtag: 'zmi', prefix: [], scope: null }, - { type: 'language', subtag: 'zmj', prefix: [], scope: null }, - { type: 'language', subtag: 'zmk', prefix: [], scope: null }, - { type: 'language', subtag: 'zml', prefix: [], scope: null }, - { type: 'language', subtag: 'zmm', prefix: [], scope: null }, - { type: 'language', subtag: 'zmn', prefix: [], scope: null }, - { type: 'language', subtag: 'zmo', prefix: [], scope: null }, - { type: 'language', subtag: 'zmp', prefix: [], scope: null }, - { type: 'language', subtag: 'zmq', prefix: [], scope: null }, - { type: 'language', subtag: 'zmr', prefix: [], scope: null }, - { type: 'language', subtag: 'zms', prefix: [], scope: null }, - { type: 'language', subtag: 'zmt', prefix: [], scope: null }, - { type: 'language', subtag: 'zmu', prefix: [], scope: null }, - { type: 'language', subtag: 'zmv', prefix: [], scope: null }, - { type: 'language', subtag: 'zmw', prefix: [], scope: null }, - { type: 'language', subtag: 'zmx', prefix: [], scope: null }, - { type: 'language', subtag: 'zmy', prefix: [], scope: null }, - { type: 'language', subtag: 'zmz', prefix: [], scope: null }, - { type: 'language', subtag: 'zna', prefix: [], scope: null }, - { type: 'language', subtag: 'znd', prefix: [], scope: 'collection' }, - { type: 'language', subtag: 'zne', prefix: [], scope: null }, - { type: 'language', subtag: 'zng', prefix: [], scope: null }, - { type: 'language', subtag: 'znk', prefix: [], scope: null }, - { type: 'language', subtag: 'zns', prefix: [], scope: null }, - { type: 'language', subtag: 'zoc', prefix: [], scope: null }, - { type: 'language', subtag: 'zoh', prefix: [], scope: null }, - { type: 'language', subtag: 'zom', prefix: [], scope: null }, - { type: 'language', subtag: 'zoo', prefix: [], scope: null }, - { type: 'language', subtag: 'zoq', prefix: [], scope: null }, - { type: 'language', subtag: 'zor', prefix: [], scope: null }, - { type: 'language', subtag: 'zos', prefix: [], scope: null }, - { type: 'language', subtag: 'zpa', prefix: [], scope: null }, - { type: 'language', subtag: 'zpb', prefix: [], scope: null }, - { type: 'language', subtag: 'zpc', prefix: [], scope: null }, - { type: 'language', subtag: 'zpd', prefix: [], scope: null }, - { type: 'language', subtag: 'zpe', prefix: [], scope: null }, - { type: 'language', subtag: 'zpf', prefix: [], scope: null }, - { type: 'language', subtag: 'zpg', prefix: [], scope: null }, - { type: 'language', subtag: 'zph', prefix: [], scope: null }, - { type: 'language', subtag: 'zpi', prefix: [], scope: null }, - { type: 'language', subtag: 'zpj', prefix: [], scope: null }, - { type: 'language', subtag: 'zpk', prefix: [], scope: null }, - { type: 'language', subtag: 'zpl', prefix: [], scope: null }, - { type: 'language', subtag: 'zpm', prefix: [], scope: null }, - { type: 'language', subtag: 'zpn', prefix: [], scope: null }, - { type: 'language', subtag: 'zpo', prefix: [], scope: null }, - { type: 'language', subtag: 'zpp', prefix: [], scope: null }, - { type: 'language', subtag: 'zpq', prefix: [], scope: null }, - { type: 'language', subtag: 'zpr', prefix: [], scope: null }, - { type: 'language', subtag: 'zps', prefix: [], scope: null }, - { type: 'language', subtag: 'zpt', prefix: [], scope: null }, - { type: 'language', subtag: 'zpu', prefix: [], scope: null }, - { type: 'language', subtag: 'zpv', prefix: [], scope: null }, - { type: 'language', subtag: 'zpw', prefix: [], scope: null }, - { type: 'language', subtag: 'zpx', prefix: [], scope: null }, - { type: 'language', subtag: 'zpy', prefix: [], scope: null }, - { type: 'language', subtag: 'zpz', prefix: [], scope: null }, - { type: 'language', subtag: 'zqe', prefix: [], scope: null }, - { type: 'language', subtag: 'zra', prefix: [], scope: null }, - { type: 'language', subtag: 'zrg', prefix: [], scope: null }, - { type: 'language', subtag: 'zrn', prefix: [], scope: null }, - { type: 'language', subtag: 'zro', prefix: [], scope: null }, - { type: 'language', subtag: 'zrp', prefix: [], scope: null }, - { type: 'language', subtag: 'zrs', prefix: [], scope: null }, - { type: 'language', subtag: 'zsa', prefix: [], scope: null }, - { type: 'language', subtag: 'zsk', prefix: [], scope: null }, - { type: 'language', subtag: 'zsl', prefix: [], scope: null }, - { type: 'language', subtag: 'zsm', prefix: [], scope: null }, - { type: 'language', subtag: 'zsr', prefix: [], scope: null }, - { type: 'language', subtag: 'zsu', prefix: [], scope: null }, - { type: 'language', subtag: 'zte', prefix: [], scope: null }, - { type: 'language', subtag: 'ztg', prefix: [], scope: null }, - { type: 'language', subtag: 'ztl', prefix: [], scope: null }, - { type: 'language', subtag: 'ztm', prefix: [], scope: null }, - { type: 'language', subtag: 'ztn', prefix: [], scope: null }, - { type: 'language', subtag: 'ztp', prefix: [], scope: null }, - { type: 'language', subtag: 'ztq', prefix: [], scope: null }, - { type: 'language', subtag: 'zts', prefix: [], scope: null }, - { type: 'language', subtag: 'ztt', prefix: [], scope: null }, - { type: 'language', subtag: 'ztu', prefix: [], scope: null }, - { type: 'language', subtag: 'ztx', prefix: [], scope: null }, - { type: 'language', subtag: 'zty', prefix: [], scope: null }, - { type: 'language', subtag: 'zua', prefix: [], scope: null }, - { type: 'language', subtag: 'zuh', prefix: [], scope: null }, - { type: 'language', subtag: 'zum', prefix: [], scope: null }, - { type: 'language', subtag: 'zun', prefix: [], scope: null }, - { type: 'language', subtag: 'zuy', prefix: [], scope: null }, - { type: 'language', subtag: 'zwa', prefix: [], scope: null }, - { type: 'language', subtag: 'zxx', prefix: [], scope: 'special' }, - { type: 'language', subtag: 'zyb', prefix: [], scope: null }, - { type: 'language', subtag: 'zyg', prefix: [], scope: null }, - { type: 'language', subtag: 'zyj', prefix: [], scope: null }, - { type: 'language', subtag: 'zyn', prefix: [], scope: null }, - { type: 'language', subtag: 'zyp', prefix: [], scope: null }, - { type: 'language', subtag: 'zza', prefix: [], scope: 'macrolanguage' }, - { type: 'language', subtag: 'zzj', prefix: [], scope: null }, - { type: 'extlang', subtag: 'aao', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'abh', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'abv', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'acm', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'acq', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'acw', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'acx', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'acy', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'adf', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'ads', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'aeb', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'aec', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'aed', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'aen', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'afb', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'afg', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'ajp', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'ajs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'apc', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'apd', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'arb', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'arq', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'ars', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'ary', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'arz', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'ase', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'asf', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'asp', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'asq', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'asw', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'auz', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'avl', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'ayh', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'ayl', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'ayn', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'ayp', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'bbz', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'bfi', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'bfk', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'bjn', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'bog', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'bqn', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'bqy', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'btj', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'bve', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'bvl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'bvu', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'bzs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'cdo', prefix: ['zh'], scope: null }, - { type: 'extlang', subtag: 'cds', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'cjy', prefix: ['zh'], scope: null }, - { type: 'extlang', subtag: 'cmn', prefix: ['zh'], scope: null }, - { type: 'extlang', subtag: 'cnp', prefix: ['zh'], scope: null }, - { type: 'extlang', subtag: 'coa', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'cpx', prefix: ['zh'], scope: null }, - { type: 'extlang', subtag: 'csc', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'csd', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'cse', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'csf', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'csg', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'csl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'csn', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'csp', prefix: ['zh'], scope: null }, - { type: 'extlang', subtag: 'csq', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'csr', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'csx', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'czh', prefix: ['zh'], scope: null }, - { type: 'extlang', subtag: 'czo', prefix: ['zh'], scope: null }, - { type: 'extlang', subtag: 'doq', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'dse', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'dsl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'dsz', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'dup', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'ecs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'ehs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'esl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'esn', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'eso', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'eth', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'fcs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'fse', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'fsl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'fss', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'gan', prefix: ['zh'], scope: null }, - { type: 'extlang', subtag: 'gds', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'gom', prefix: ['kok'], scope: null }, - { type: 'extlang', subtag: 'gse', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'gsg', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'gsm', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'gss', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'gus', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'hab', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'haf', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'hak', prefix: ['zh'], scope: null }, - { type: 'extlang', subtag: 'hds', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'hji', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'hks', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'hos', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'hps', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'hsh', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'hsl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'hsn', prefix: ['zh'], scope: null }, - { type: 'extlang', subtag: 'icl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'iks', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'ils', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'inl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'ins', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'ise', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'isg', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'isr', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'jak', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'jax', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'jcs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'jhs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'jks', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'jls', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'jos', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'jsl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'jus', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'kgi', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'knn', prefix: ['kok'], scope: null }, - { type: 'extlang', subtag: 'kvb', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'kvk', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'kvr', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'kxd', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'lbs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'lce', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'lcf', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'liw', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'lls', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'lsb', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'lsc', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'lsg', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'lsl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'lsn', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'lso', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'lsp', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'lst', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'lsv', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'lsw', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'lsy', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'ltg', prefix: ['lv'], scope: null }, - { type: 'extlang', subtag: 'lvs', prefix: ['lv'], scope: null }, - { type: 'extlang', subtag: 'lws', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'lzh', prefix: ['zh'], scope: null }, - { type: 'extlang', subtag: 'max', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'mdl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'meo', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'mfa', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'mfb', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'mfs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'min', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'mnp', prefix: ['zh'], scope: null }, - { type: 'extlang', subtag: 'mqg', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'mre', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'msd', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'msi', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'msr', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'mui', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'mzc', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'mzg', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'mzy', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'nan', prefix: ['zh'], scope: null }, - { type: 'extlang', subtag: 'nbs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'ncs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'nsi', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'nsl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'nsp', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'nsr', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'nzs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'okl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'orn', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'ors', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'pel', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'pga', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'pgz', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'pks', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'prl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'prz', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'psc', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'psd', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'pse', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'psg', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'psl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'pso', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'psp', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'psr', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'pys', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'rib', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'rms', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'rnb', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'rsi', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'rsl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'rsm', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'rsn', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'sdl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'sfb', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'sfs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'sgg', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'sgx', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'shu', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'slf', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'sls', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'sqk', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'sqs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'sqx', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'ssh', prefix: ['ar'], scope: null }, - { type: 'extlang', subtag: 'ssp', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'ssr', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'svk', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'swc', prefix: ['sw'], scope: null }, - { type: 'extlang', subtag: 'swh', prefix: ['sw'], scope: null }, - { type: 'extlang', subtag: 'swl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'syy', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'szs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'tmw', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'tse', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'tsm', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'tsq', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'tss', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'tsy', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'tza', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'ugn', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'ugy', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'ukl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'uks', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'urk', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'uzn', prefix: ['uz'], scope: null }, - { type: 'extlang', subtag: 'uzs', prefix: ['uz'], scope: null }, - { type: 'extlang', subtag: 'vgt', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'vkk', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'vkt', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'vsi', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'vsl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'vsv', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'wbs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'wuu', prefix: ['zh'], scope: null }, - { type: 'extlang', subtag: 'xki', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'xml', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'xmm', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'xms', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'yds', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'ygs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'yhs', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'ysl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'ysm', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'yue', prefix: ['zh'], scope: null }, - { type: 'extlang', subtag: 'zib', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'zlm', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'zmi', prefix: ['ms'], scope: null }, - { type: 'extlang', subtag: 'zsl', prefix: ['sgn'], scope: null }, - { type: 'extlang', subtag: 'zsm', prefix: ['ms'], scope: null }, - { type: 'script', subtag: 'Adlm', prefix: [], scope: null }, - { type: 'script', subtag: 'Afak', prefix: [], scope: null }, - { type: 'script', subtag: 'Aghb', prefix: [], scope: null }, - { type: 'script', subtag: 'Ahom', prefix: [], scope: null }, - { type: 'script', subtag: 'Arab', prefix: [], scope: null }, - { type: 'script', subtag: 'Aran', prefix: [], scope: null }, - { type: 'script', subtag: 'Armi', prefix: [], scope: null }, - { type: 'script', subtag: 'Armn', prefix: [], scope: null }, - { type: 'script', subtag: 'Avst', prefix: [], scope: null }, - { type: 'script', subtag: 'Bali', prefix: [], scope: null }, - { type: 'script', subtag: 'Bamu', prefix: [], scope: null }, - { type: 'script', subtag: 'Bass', prefix: [], scope: null }, - { type: 'script', subtag: 'Batk', prefix: [], scope: null }, - { type: 'script', subtag: 'Beng', prefix: [], scope: null }, - { type: 'script', subtag: 'Bhks', prefix: [], scope: null }, - { type: 'script', subtag: 'Blis', prefix: [], scope: null }, - { type: 'script', subtag: 'Bopo', prefix: [], scope: null }, - { type: 'script', subtag: 'Brah', prefix: [], scope: null }, - { type: 'script', subtag: 'Brai', prefix: [], scope: null }, - { type: 'script', subtag: 'Bugi', prefix: [], scope: null }, - { type: 'script', subtag: 'Buhd', prefix: [], scope: null }, - { type: 'script', subtag: 'Cakm', prefix: [], scope: null }, - { type: 'script', subtag: 'Cans', prefix: [], scope: null }, - { type: 'script', subtag: 'Cari', prefix: [], scope: null }, - { type: 'script', subtag: 'Cham', prefix: [], scope: null }, - { type: 'script', subtag: 'Cher', prefix: [], scope: null }, - { type: 'script', subtag: 'Chrs', prefix: [], scope: null }, - { type: 'script', subtag: 'Cirt', prefix: [], scope: null }, - { type: 'script', subtag: 'Copt', prefix: [], scope: null }, - { type: 'script', subtag: 'Cpmn', prefix: [], scope: null }, - { type: 'script', subtag: 'Cprt', prefix: [], scope: null }, - { type: 'script', subtag: 'Cyrl', prefix: [], scope: null }, - { type: 'script', subtag: 'Cyrs', prefix: [], scope: null }, - { type: 'script', subtag: 'Deva', prefix: [], scope: null }, - { type: 'script', subtag: 'Diak', prefix: [], scope: null }, - { type: 'script', subtag: 'Dogr', prefix: [], scope: null }, - { type: 'script', subtag: 'Dsrt', prefix: [], scope: null }, - { type: 'script', subtag: 'Dupl', prefix: [], scope: null }, - { type: 'script', subtag: 'Egyd', prefix: [], scope: null }, - { type: 'script', subtag: 'Egyh', prefix: [], scope: null }, - { type: 'script', subtag: 'Egyp', prefix: [], scope: null }, - { type: 'script', subtag: 'Elba', prefix: [], scope: null }, - { type: 'script', subtag: 'Elym', prefix: [], scope: null }, - { type: 'script', subtag: 'Ethi', prefix: [], scope: null }, - { type: 'script', subtag: 'Geok', prefix: [], scope: null }, - { type: 'script', subtag: 'Geor', prefix: [], scope: null }, - { type: 'script', subtag: 'Glag', prefix: [], scope: null }, - { type: 'script', subtag: 'Gong', prefix: [], scope: null }, - { type: 'script', subtag: 'Gonm', prefix: [], scope: null }, - { type: 'script', subtag: 'Goth', prefix: [], scope: null }, - { type: 'script', subtag: 'Gran', prefix: [], scope: null }, - { type: 'script', subtag: 'Grek', prefix: [], scope: null }, - { type: 'script', subtag: 'Gujr', prefix: [], scope: null }, - { type: 'script', subtag: 'Guru', prefix: [], scope: null }, - { type: 'script', subtag: 'Hanb', prefix: [], scope: null }, - { type: 'script', subtag: 'Hang', prefix: [], scope: null }, - { type: 'script', subtag: 'Hani', prefix: [], scope: null }, - { type: 'script', subtag: 'Hano', prefix: [], scope: null }, - { type: 'script', subtag: 'Hans', prefix: [], scope: null }, - { type: 'script', subtag: 'Hant', prefix: [], scope: null }, - { type: 'script', subtag: 'Hatr', prefix: [], scope: null }, - { type: 'script', subtag: 'Hebr', prefix: [], scope: null }, - { type: 'script', subtag: 'Hira', prefix: [], scope: null }, - { type: 'script', subtag: 'Hluw', prefix: [], scope: null }, - { type: 'script', subtag: 'Hmng', prefix: [], scope: null }, - { type: 'script', subtag: 'Hmnp', prefix: [], scope: null }, - { type: 'script', subtag: 'Hrkt', prefix: [], scope: null }, - { type: 'script', subtag: 'Hung', prefix: [], scope: null }, - { type: 'script', subtag: 'Inds', prefix: [], scope: null }, - { type: 'script', subtag: 'Ital', prefix: [], scope: null }, - { type: 'script', subtag: 'Jamo', prefix: [], scope: null }, - { type: 'script', subtag: 'Java', prefix: [], scope: null }, - { type: 'script', subtag: 'Jpan', prefix: [], scope: null }, - { type: 'script', subtag: 'Jurc', prefix: [], scope: null }, - { type: 'script', subtag: 'Kali', prefix: [], scope: null }, - { type: 'script', subtag: 'Kana', prefix: [], scope: null }, - { type: 'script', subtag: 'Kawi', prefix: [], scope: null }, - { type: 'script', subtag: 'Khar', prefix: [], scope: null }, - { type: 'script', subtag: 'Khmr', prefix: [], scope: null }, - { type: 'script', subtag: 'Khoj', prefix: [], scope: null }, - { type: 'script', subtag: 'Kitl', prefix: [], scope: null }, - { type: 'script', subtag: 'Kits', prefix: [], scope: null }, - { type: 'script', subtag: 'Knda', prefix: [], scope: null }, - { type: 'script', subtag: 'Kore', prefix: [], scope: null }, - { type: 'script', subtag: 'Kpel', prefix: [], scope: null }, - { type: 'script', subtag: 'Kthi', prefix: [], scope: null }, - { type: 'script', subtag: 'Lana', prefix: [], scope: null }, - { type: 'script', subtag: 'Laoo', prefix: [], scope: null }, - { type: 'script', subtag: 'Latf', prefix: [], scope: null }, - { type: 'script', subtag: 'Latg', prefix: [], scope: null }, - { type: 'script', subtag: 'Latn', prefix: [], scope: null }, - { type: 'script', subtag: 'Leke', prefix: [], scope: null }, - { type: 'script', subtag: 'Lepc', prefix: [], scope: null }, - { type: 'script', subtag: 'Limb', prefix: [], scope: null }, - { type: 'script', subtag: 'Lina', prefix: [], scope: null }, - { type: 'script', subtag: 'Linb', prefix: [], scope: null }, - { type: 'script', subtag: 'Lisu', prefix: [], scope: null }, - { type: 'script', subtag: 'Loma', prefix: [], scope: null }, - { type: 'script', subtag: 'Lyci', prefix: [], scope: null }, - { type: 'script', subtag: 'Lydi', prefix: [], scope: null }, - { type: 'script', subtag: 'Mahj', prefix: [], scope: null }, - { type: 'script', subtag: 'Maka', prefix: [], scope: null }, - { type: 'script', subtag: 'Mand', prefix: [], scope: null }, - { type: 'script', subtag: 'Mani', prefix: [], scope: null }, - { type: 'script', subtag: 'Marc', prefix: [], scope: null }, - { type: 'script', subtag: 'Maya', prefix: [], scope: null }, - { type: 'script', subtag: 'Medf', prefix: [], scope: null }, - { type: 'script', subtag: 'Mend', prefix: [], scope: null }, - { type: 'script', subtag: 'Merc', prefix: [], scope: null }, - { type: 'script', subtag: 'Mero', prefix: [], scope: null }, - { type: 'script', subtag: 'Mlym', prefix: [], scope: null }, - { type: 'script', subtag: 'Modi', prefix: [], scope: null }, - { type: 'script', subtag: 'Mong', prefix: [], scope: null }, - { type: 'script', subtag: 'Moon', prefix: [], scope: null }, - { type: 'script', subtag: 'Mroo', prefix: [], scope: null }, - { type: 'script', subtag: 'Mtei', prefix: [], scope: null }, - { type: 'script', subtag: 'Mult', prefix: [], scope: null }, - { type: 'script', subtag: 'Mymr', prefix: [], scope: null }, - { type: 'script', subtag: 'Nagm', prefix: [], scope: null }, - { type: 'script', subtag: 'Nand', prefix: [], scope: null }, - { type: 'script', subtag: 'Narb', prefix: [], scope: null }, - { type: 'script', subtag: 'Nbat', prefix: [], scope: null }, - { type: 'script', subtag: 'Newa', prefix: [], scope: null }, - { type: 'script', subtag: 'Nkdb', prefix: [], scope: null }, - { type: 'script', subtag: 'Nkgb', prefix: [], scope: null }, - { type: 'script', subtag: 'Nkoo', prefix: [], scope: null }, - { type: 'script', subtag: 'Nshu', prefix: [], scope: null }, - { type: 'script', subtag: 'Ogam', prefix: [], scope: null }, - { type: 'script', subtag: 'Olck', prefix: [], scope: null }, - { type: 'script', subtag: 'Orkh', prefix: [], scope: null }, - { type: 'script', subtag: 'Orya', prefix: [], scope: null }, - { type: 'script', subtag: 'Osge', prefix: [], scope: null }, - { type: 'script', subtag: 'Osma', prefix: [], scope: null }, - { type: 'script', subtag: 'Ougr', prefix: [], scope: null }, - { type: 'script', subtag: 'Palm', prefix: [], scope: null }, - { type: 'script', subtag: 'Pauc', prefix: [], scope: null }, - { type: 'script', subtag: 'Pcun', prefix: [], scope: null }, - { type: 'script', subtag: 'Pelm', prefix: [], scope: null }, - { type: 'script', subtag: 'Perm', prefix: [], scope: null }, - { type: 'script', subtag: 'Phag', prefix: [], scope: null }, - { type: 'script', subtag: 'Phli', prefix: [], scope: null }, - { type: 'script', subtag: 'Phlp', prefix: [], scope: null }, - { type: 'script', subtag: 'Phlv', prefix: [], scope: null }, - { type: 'script', subtag: 'Phnx', prefix: [], scope: null }, - { type: 'script', subtag: 'Piqd', prefix: [], scope: null }, - { type: 'script', subtag: 'Plrd', prefix: [], scope: null }, - { type: 'script', subtag: 'Prti', prefix: [], scope: null }, - { type: 'script', subtag: 'Psin', prefix: [], scope: null }, - { type: 'script', subtag: 'Qaaa..Qabx', prefix: [], scope: 'private-use' }, - { type: 'script', subtag: 'Ranj', prefix: [], scope: null }, - { type: 'script', subtag: 'Rjng', prefix: [], scope: null }, - { type: 'script', subtag: 'Rohg', prefix: [], scope: null }, - { type: 'script', subtag: 'Roro', prefix: [], scope: null }, - { type: 'script', subtag: 'Runr', prefix: [], scope: null }, - { type: 'script', subtag: 'Samr', prefix: [], scope: null }, - { type: 'script', subtag: 'Sara', prefix: [], scope: null }, - { type: 'script', subtag: 'Sarb', prefix: [], scope: null }, - { type: 'script', subtag: 'Saur', prefix: [], scope: null }, - { type: 'script', subtag: 'Sgnw', prefix: [], scope: null }, - { type: 'script', subtag: 'Shaw', prefix: [], scope: null }, - { type: 'script', subtag: 'Shrd', prefix: [], scope: null }, - { type: 'script', subtag: 'Shui', prefix: [], scope: null }, - { type: 'script', subtag: 'Sidd', prefix: [], scope: null }, - { type: 'script', subtag: 'Sind', prefix: [], scope: null }, - { type: 'script', subtag: 'Sinh', prefix: [], scope: null }, - { type: 'script', subtag: 'Sogd', prefix: [], scope: null }, - { type: 'script', subtag: 'Sogo', prefix: [], scope: null }, - { type: 'script', subtag: 'Sora', prefix: [], scope: null }, - { type: 'script', subtag: 'Soyo', prefix: [], scope: null }, - { type: 'script', subtag: 'Sund', prefix: [], scope: null }, - { type: 'script', subtag: 'Sunu', prefix: [], scope: null }, - { type: 'script', subtag: 'Sylo', prefix: [], scope: null }, - { type: 'script', subtag: 'Syrc', prefix: [], scope: null }, - { type: 'script', subtag: 'Syre', prefix: [], scope: null }, - { type: 'script', subtag: 'Syrj', prefix: [], scope: null }, - { type: 'script', subtag: 'Syrn', prefix: [], scope: null }, - { type: 'script', subtag: 'Tagb', prefix: [], scope: null }, - { type: 'script', subtag: 'Takr', prefix: [], scope: null }, - { type: 'script', subtag: 'Tale', prefix: [], scope: null }, - { type: 'script', subtag: 'Talu', prefix: [], scope: null }, - { type: 'script', subtag: 'Taml', prefix: [], scope: null }, - { type: 'script', subtag: 'Tang', prefix: [], scope: null }, - { type: 'script', subtag: 'Tavt', prefix: [], scope: null }, - { type: 'script', subtag: 'Telu', prefix: [], scope: null }, - { type: 'script', subtag: 'Teng', prefix: [], scope: null }, - { type: 'script', subtag: 'Tfng', prefix: [], scope: null }, - { type: 'script', subtag: 'Tglg', prefix: [], scope: null }, - { type: 'script', subtag: 'Thaa', prefix: [], scope: null }, - { type: 'script', subtag: 'Thai', prefix: [], scope: null }, - { type: 'script', subtag: 'Tibt', prefix: [], scope: null }, - { type: 'script', subtag: 'Tirh', prefix: [], scope: null }, - { type: 'script', subtag: 'Tnsa', prefix: [], scope: null }, - { type: 'script', subtag: 'Toto', prefix: [], scope: null }, - { type: 'script', subtag: 'Ugar', prefix: [], scope: null }, - { type: 'script', subtag: 'Vaii', prefix: [], scope: null }, - { type: 'script', subtag: 'Visp', prefix: [], scope: null }, - { type: 'script', subtag: 'Vith', prefix: [], scope: null }, - { type: 'script', subtag: 'Wara', prefix: [], scope: null }, - { type: 'script', subtag: 'Wcho', prefix: [], scope: null }, - { type: 'script', subtag: 'Wole', prefix: [], scope: null }, - { type: 'script', subtag: 'Xpeo', prefix: [], scope: null }, - { type: 'script', subtag: 'Xsux', prefix: [], scope: null }, - { type: 'script', subtag: 'Yezi', prefix: [], scope: null }, - { type: 'script', subtag: 'Yiii', prefix: [], scope: null }, - { type: 'script', subtag: 'Zanb', prefix: [], scope: null }, - { type: 'script', subtag: 'Zinh', prefix: [], scope: null }, - { type: 'script', subtag: 'Zmth', prefix: [], scope: null }, - { type: 'script', subtag: 'Zsye', prefix: [], scope: null }, - { type: 'script', subtag: 'Zsym', prefix: [], scope: null }, - { type: 'script', subtag: 'Zxxx', prefix: [], scope: null }, - { type: 'script', subtag: 'Zyyy', prefix: [], scope: null }, - { type: 'script', subtag: 'Zzzz', prefix: [], scope: null }, - { type: 'region', subtag: 'AA', prefix: [], scope: 'private-use' }, - { type: 'region', subtag: 'AC', prefix: [], scope: null }, - { type: 'region', subtag: 'AD', prefix: [], scope: null }, - { type: 'region', subtag: 'AE', prefix: [], scope: null }, - { type: 'region', subtag: 'AF', prefix: [], scope: null }, - { type: 'region', subtag: 'AG', prefix: [], scope: null }, - { type: 'region', subtag: 'AI', prefix: [], scope: null }, - { type: 'region', subtag: 'AL', prefix: [], scope: null }, - { type: 'region', subtag: 'AM', prefix: [], scope: null }, - { type: 'region', subtag: 'AN', prefix: [], scope: null }, - { type: 'region', subtag: 'AO', prefix: [], scope: null }, - { type: 'region', subtag: 'AQ', prefix: [], scope: null }, - { type: 'region', subtag: 'AR', prefix: [], scope: null }, - { type: 'region', subtag: 'AS', prefix: [], scope: null }, - { type: 'region', subtag: 'AT', prefix: [], scope: null }, - { type: 'region', subtag: 'AU', prefix: [], scope: null }, - { type: 'region', subtag: 'AW', prefix: [], scope: null }, - { type: 'region', subtag: 'AX', prefix: [], scope: null }, - { type: 'region', subtag: 'AZ', prefix: [], scope: null }, - { type: 'region', subtag: 'BA', prefix: [], scope: null }, - { type: 'region', subtag: 'BB', prefix: [], scope: null }, - { type: 'region', subtag: 'BD', prefix: [], scope: null }, - { type: 'region', subtag: 'BE', prefix: [], scope: null }, - { type: 'region', subtag: 'BF', prefix: [], scope: null }, - { type: 'region', subtag: 'BG', prefix: [], scope: null }, - { type: 'region', subtag: 'BH', prefix: [], scope: null }, - { type: 'region', subtag: 'BI', prefix: [], scope: null }, - { type: 'region', subtag: 'BJ', prefix: [], scope: null }, - { type: 'region', subtag: 'BL', prefix: [], scope: null }, - { type: 'region', subtag: 'BM', prefix: [], scope: null }, - { type: 'region', subtag: 'BN', prefix: [], scope: null }, - { type: 'region', subtag: 'BO', prefix: [], scope: null }, - { type: 'region', subtag: 'BQ', prefix: [], scope: null }, - { type: 'region', subtag: 'BR', prefix: [], scope: null }, - { type: 'region', subtag: 'BS', prefix: [], scope: null }, - { type: 'region', subtag: 'BT', prefix: [], scope: null }, - { type: 'region', subtag: 'BU', prefix: [], scope: null }, - { type: 'region', subtag: 'BV', prefix: [], scope: null }, - { type: 'region', subtag: 'BW', prefix: [], scope: null }, - { type: 'region', subtag: 'BY', prefix: [], scope: null }, - { type: 'region', subtag: 'BZ', prefix: [], scope: null }, - { type: 'region', subtag: 'CA', prefix: [], scope: null }, - { type: 'region', subtag: 'CC', prefix: [], scope: null }, - { type: 'region', subtag: 'CD', prefix: [], scope: null }, - { type: 'region', subtag: 'CF', prefix: [], scope: null }, - { type: 'region', subtag: 'CG', prefix: [], scope: null }, - { type: 'region', subtag: 'CH', prefix: [], scope: null }, - { type: 'region', subtag: 'CI', prefix: [], scope: null }, - { type: 'region', subtag: 'CK', prefix: [], scope: null }, - { type: 'region', subtag: 'CL', prefix: [], scope: null }, - { type: 'region', subtag: 'CM', prefix: [], scope: null }, - { type: 'region', subtag: 'CN', prefix: [], scope: null }, - { type: 'region', subtag: 'CO', prefix: [], scope: null }, - { type: 'region', subtag: 'CP', prefix: [], scope: null }, - { type: 'region', subtag: 'CR', prefix: [], scope: null }, - { type: 'region', subtag: 'CS', prefix: [], scope: null }, - { type: 'region', subtag: 'CU', prefix: [], scope: null }, - { type: 'region', subtag: 'CV', prefix: [], scope: null }, - { type: 'region', subtag: 'CW', prefix: [], scope: null }, - { type: 'region', subtag: 'CX', prefix: [], scope: null }, - { type: 'region', subtag: 'CY', prefix: [], scope: null }, - { type: 'region', subtag: 'CZ', prefix: [], scope: null }, - { type: 'region', subtag: 'DD', prefix: [], scope: null }, - { type: 'region', subtag: 'DE', prefix: [], scope: null }, - { type: 'region', subtag: 'DG', prefix: [], scope: null }, - { type: 'region', subtag: 'DJ', prefix: [], scope: null }, - { type: 'region', subtag: 'DK', prefix: [], scope: null }, - { type: 'region', subtag: 'DM', prefix: [], scope: null }, - { type: 'region', subtag: 'DO', prefix: [], scope: null }, - { type: 'region', subtag: 'DZ', prefix: [], scope: null }, - { type: 'region', subtag: 'EA', prefix: [], scope: null }, - { type: 'region', subtag: 'EC', prefix: [], scope: null }, - { type: 'region', subtag: 'EE', prefix: [], scope: null }, - { type: 'region', subtag: 'EG', prefix: [], scope: null }, - { type: 'region', subtag: 'EH', prefix: [], scope: null }, - { type: 'region', subtag: 'ER', prefix: [], scope: null }, - { type: 'region', subtag: 'ES', prefix: [], scope: null }, - { type: 'region', subtag: 'ET', prefix: [], scope: null }, - { type: 'region', subtag: 'EU', prefix: [], scope: null }, - { type: 'region', subtag: 'EZ', prefix: [], scope: null }, - { type: 'region', subtag: 'FI', prefix: [], scope: null }, - { type: 'region', subtag: 'FJ', prefix: [], scope: null }, - { type: 'region', subtag: 'FK', prefix: [], scope: null }, - { type: 'region', subtag: 'FM', prefix: [], scope: null }, - { type: 'region', subtag: 'FO', prefix: [], scope: null }, - { type: 'region', subtag: 'FR', prefix: [], scope: null }, - { type: 'region', subtag: 'FX', prefix: [], scope: null }, - { type: 'region', subtag: 'GA', prefix: [], scope: null }, - { type: 'region', subtag: 'GB', prefix: [], scope: null }, - { type: 'region', subtag: 'GD', prefix: [], scope: null }, - { type: 'region', subtag: 'GE', prefix: [], scope: null }, - { type: 'region', subtag: 'GF', prefix: [], scope: null }, - { type: 'region', subtag: 'GG', prefix: [], scope: null }, - { type: 'region', subtag: 'GH', prefix: [], scope: null }, - { type: 'region', subtag: 'GI', prefix: [], scope: null }, - { type: 'region', subtag: 'GL', prefix: [], scope: null }, - { type: 'region', subtag: 'GM', prefix: [], scope: null }, - { type: 'region', subtag: 'GN', prefix: [], scope: null }, - { type: 'region', subtag: 'GP', prefix: [], scope: null }, - { type: 'region', subtag: 'GQ', prefix: [], scope: null }, - { type: 'region', subtag: 'GR', prefix: [], scope: null }, - { type: 'region', subtag: 'GS', prefix: [], scope: null }, - { type: 'region', subtag: 'GT', prefix: [], scope: null }, - { type: 'region', subtag: 'GU', prefix: [], scope: null }, - { type: 'region', subtag: 'GW', prefix: [], scope: null }, - { type: 'region', subtag: 'GY', prefix: [], scope: null }, - { type: 'region', subtag: 'HK', prefix: [], scope: null }, - { type: 'region', subtag: 'HM', prefix: [], scope: null }, - { type: 'region', subtag: 'HN', prefix: [], scope: null }, - { type: 'region', subtag: 'HR', prefix: [], scope: null }, - { type: 'region', subtag: 'HT', prefix: [], scope: null }, - { type: 'region', subtag: 'HU', prefix: [], scope: null }, - { type: 'region', subtag: 'IC', prefix: [], scope: null }, - { type: 'region', subtag: 'ID', prefix: [], scope: null }, - { type: 'region', subtag: 'IE', prefix: [], scope: null }, - { type: 'region', subtag: 'IL', prefix: [], scope: null }, - { type: 'region', subtag: 'IM', prefix: [], scope: null }, - { type: 'region', subtag: 'IN', prefix: [], scope: null }, - { type: 'region', subtag: 'IO', prefix: [], scope: null }, - { type: 'region', subtag: 'IQ', prefix: [], scope: null }, - { type: 'region', subtag: 'IR', prefix: [], scope: null }, - { type: 'region', subtag: 'IS', prefix: [], scope: null }, - { type: 'region', subtag: 'IT', prefix: [], scope: null }, - { type: 'region', subtag: 'JE', prefix: [], scope: null }, - { type: 'region', subtag: 'JM', prefix: [], scope: null }, - { type: 'region', subtag: 'JO', prefix: [], scope: null }, - { type: 'region', subtag: 'JP', prefix: [], scope: null }, - { type: 'region', subtag: 'KE', prefix: [], scope: null }, - { type: 'region', subtag: 'KG', prefix: [], scope: null }, - { type: 'region', subtag: 'KH', prefix: [], scope: null }, - { type: 'region', subtag: 'KI', prefix: [], scope: null }, - { type: 'region', subtag: 'KM', prefix: [], scope: null }, - { type: 'region', subtag: 'KN', prefix: [], scope: null }, - { type: 'region', subtag: 'KP', prefix: [], scope: null }, - { type: 'region', subtag: 'KR', prefix: [], scope: null }, - { type: 'region', subtag: 'KW', prefix: [], scope: null }, - { type: 'region', subtag: 'KY', prefix: [], scope: null }, - { type: 'region', subtag: 'KZ', prefix: [], scope: null }, - { type: 'region', subtag: 'LA', prefix: [], scope: null }, - { type: 'region', subtag: 'LB', prefix: [], scope: null }, - { type: 'region', subtag: 'LC', prefix: [], scope: null }, - { type: 'region', subtag: 'LI', prefix: [], scope: null }, - { type: 'region', subtag: 'LK', prefix: [], scope: null }, - { type: 'region', subtag: 'LR', prefix: [], scope: null }, - { type: 'region', subtag: 'LS', prefix: [], scope: null }, - { type: 'region', subtag: 'LT', prefix: [], scope: null }, - { type: 'region', subtag: 'LU', prefix: [], scope: null }, - { type: 'region', subtag: 'LV', prefix: [], scope: null }, - { type: 'region', subtag: 'LY', prefix: [], scope: null }, - { type: 'region', subtag: 'MA', prefix: [], scope: null }, - { type: 'region', subtag: 'MC', prefix: [], scope: null }, - { type: 'region', subtag: 'MD', prefix: [], scope: null }, - { type: 'region', subtag: 'ME', prefix: [], scope: null }, - { type: 'region', subtag: 'MF', prefix: [], scope: null }, - { type: 'region', subtag: 'MG', prefix: [], scope: null }, - { type: 'region', subtag: 'MH', prefix: [], scope: null }, - { type: 'region', subtag: 'MK', prefix: [], scope: null }, - { type: 'region', subtag: 'ML', prefix: [], scope: null }, - { type: 'region', subtag: 'MM', prefix: [], scope: null }, - { type: 'region', subtag: 'MN', prefix: [], scope: null }, - { type: 'region', subtag: 'MO', prefix: [], scope: null }, - { type: 'region', subtag: 'MP', prefix: [], scope: null }, - { type: 'region', subtag: 'MQ', prefix: [], scope: null }, - { type: 'region', subtag: 'MR', prefix: [], scope: null }, - { type: 'region', subtag: 'MS', prefix: [], scope: null }, - { type: 'region', subtag: 'MT', prefix: [], scope: null }, - { type: 'region', subtag: 'MU', prefix: [], scope: null }, - { type: 'region', subtag: 'MV', prefix: [], scope: null }, - { type: 'region', subtag: 'MW', prefix: [], scope: null }, - { type: 'region', subtag: 'MX', prefix: [], scope: null }, - { type: 'region', subtag: 'MY', prefix: [], scope: null }, - { type: 'region', subtag: 'MZ', prefix: [], scope: null }, - { type: 'region', subtag: 'NA', prefix: [], scope: null }, - { type: 'region', subtag: 'NC', prefix: [], scope: null }, - { type: 'region', subtag: 'NE', prefix: [], scope: null }, - { type: 'region', subtag: 'NF', prefix: [], scope: null }, - { type: 'region', subtag: 'NG', prefix: [], scope: null }, - { type: 'region', subtag: 'NI', prefix: [], scope: null }, - { type: 'region', subtag: 'NL', prefix: [], scope: null }, - { type: 'region', subtag: 'NO', prefix: [], scope: null }, - { type: 'region', subtag: 'NP', prefix: [], scope: null }, - { type: 'region', subtag: 'NR', prefix: [], scope: null }, - { type: 'region', subtag: 'NT', prefix: [], scope: null }, - { type: 'region', subtag: 'NU', prefix: [], scope: null }, - { type: 'region', subtag: 'NZ', prefix: [], scope: null }, - { type: 'region', subtag: 'OM', prefix: [], scope: null }, - { type: 'region', subtag: 'PA', prefix: [], scope: null }, - { type: 'region', subtag: 'PE', prefix: [], scope: null }, - { type: 'region', subtag: 'PF', prefix: [], scope: null }, - { type: 'region', subtag: 'PG', prefix: [], scope: null }, - { type: 'region', subtag: 'PH', prefix: [], scope: null }, - { type: 'region', subtag: 'PK', prefix: [], scope: null }, - { type: 'region', subtag: 'PL', prefix: [], scope: null }, - { type: 'region', subtag: 'PM', prefix: [], scope: null }, - { type: 'region', subtag: 'PN', prefix: [], scope: null }, - { type: 'region', subtag: 'PR', prefix: [], scope: null }, - { type: 'region', subtag: 'PS', prefix: [], scope: null }, - { type: 'region', subtag: 'PT', prefix: [], scope: null }, - { type: 'region', subtag: 'PW', prefix: [], scope: null }, - { type: 'region', subtag: 'PY', prefix: [], scope: null }, - { type: 'region', subtag: 'QA', prefix: [], scope: null }, - { type: 'region', subtag: 'QM..QZ', prefix: [], scope: 'private-use' }, - { type: 'region', subtag: 'RE', prefix: [], scope: null }, - { type: 'region', subtag: 'RO', prefix: [], scope: null }, - { type: 'region', subtag: 'RS', prefix: [], scope: null }, - { type: 'region', subtag: 'RU', prefix: [], scope: null }, - { type: 'region', subtag: 'RW', prefix: [], scope: null }, - { type: 'region', subtag: 'SA', prefix: [], scope: null }, - { type: 'region', subtag: 'SB', prefix: [], scope: null }, - { type: 'region', subtag: 'SC', prefix: [], scope: null }, - { type: 'region', subtag: 'SD', prefix: [], scope: null }, - { type: 'region', subtag: 'SE', prefix: [], scope: null }, - { type: 'region', subtag: 'SG', prefix: [], scope: null }, - { type: 'region', subtag: 'SH', prefix: [], scope: null }, - { type: 'region', subtag: 'SI', prefix: [], scope: null }, - { type: 'region', subtag: 'SJ', prefix: [], scope: null }, - { type: 'region', subtag: 'SK', prefix: [], scope: null }, - { type: 'region', subtag: 'SL', prefix: [], scope: null }, - { type: 'region', subtag: 'SM', prefix: [], scope: null }, - { type: 'region', subtag: 'SN', prefix: [], scope: null }, - { type: 'region', subtag: 'SO', prefix: [], scope: null }, - { type: 'region', subtag: 'SR', prefix: [], scope: null }, - { type: 'region', subtag: 'SS', prefix: [], scope: null }, - { type: 'region', subtag: 'ST', prefix: [], scope: null }, - { type: 'region', subtag: 'SU', prefix: [], scope: null }, - { type: 'region', subtag: 'SV', prefix: [], scope: null }, - { type: 'region', subtag: 'SX', prefix: [], scope: null }, - { type: 'region', subtag: 'SY', prefix: [], scope: null }, - { type: 'region', subtag: 'SZ', prefix: [], scope: null }, - { type: 'region', subtag: 'TA', prefix: [], scope: null }, - { type: 'region', subtag: 'TC', prefix: [], scope: null }, - { type: 'region', subtag: 'TD', prefix: [], scope: null }, - { type: 'region', subtag: 'TF', prefix: [], scope: null }, - { type: 'region', subtag: 'TG', prefix: [], scope: null }, - { type: 'region', subtag: 'TH', prefix: [], scope: null }, - { type: 'region', subtag: 'TJ', prefix: [], scope: null }, - { type: 'region', subtag: 'TK', prefix: [], scope: null }, - { type: 'region', subtag: 'TL', prefix: [], scope: null }, - { type: 'region', subtag: 'TM', prefix: [], scope: null }, - { type: 'region', subtag: 'TN', prefix: [], scope: null }, - { type: 'region', subtag: 'TO', prefix: [], scope: null }, - { type: 'region', subtag: 'TP', prefix: [], scope: null }, - { type: 'region', subtag: 'TR', prefix: [], scope: null }, - { type: 'region', subtag: 'TT', prefix: [], scope: null }, - { type: 'region', subtag: 'TV', prefix: [], scope: null }, - { type: 'region', subtag: 'TW', prefix: [], scope: null }, - { type: 'region', subtag: 'TZ', prefix: [], scope: null }, - { type: 'region', subtag: 'UA', prefix: [], scope: null }, - { type: 'region', subtag: 'UG', prefix: [], scope: null }, - { type: 'region', subtag: 'UM', prefix: [], scope: null }, - { type: 'region', subtag: 'UN', prefix: [], scope: null }, - { type: 'region', subtag: 'US', prefix: [], scope: null }, - { type: 'region', subtag: 'UY', prefix: [], scope: null }, - { type: 'region', subtag: 'UZ', prefix: [], scope: null }, - { type: 'region', subtag: 'VA', prefix: [], scope: null }, - { type: 'region', subtag: 'VC', prefix: [], scope: null }, - { type: 'region', subtag: 'VE', prefix: [], scope: null }, - { type: 'region', subtag: 'VG', prefix: [], scope: null }, - { type: 'region', subtag: 'VI', prefix: [], scope: null }, - { type: 'region', subtag: 'VN', prefix: [], scope: null }, - { type: 'region', subtag: 'VU', prefix: [], scope: null }, - { type: 'region', subtag: 'WF', prefix: [], scope: null }, - { type: 'region', subtag: 'WS', prefix: [], scope: null }, - { type: 'region', subtag: 'XA..XZ', prefix: [], scope: 'private-use' }, - { type: 'region', subtag: 'YD', prefix: [], scope: null }, - { type: 'region', subtag: 'YE', prefix: [], scope: null }, - { type: 'region', subtag: 'YT', prefix: [], scope: null }, - { type: 'region', subtag: 'YU', prefix: [], scope: null }, - { type: 'region', subtag: 'ZA', prefix: [], scope: null }, - { type: 'region', subtag: 'ZM', prefix: [], scope: null }, - { type: 'region', subtag: 'ZR', prefix: [], scope: null }, - { type: 'region', subtag: 'ZW', prefix: [], scope: null }, - { type: 'region', subtag: 'ZZ', prefix: [], scope: 'private-use' }, - { type: 'region', subtag: '001', prefix: [], scope: null }, - { type: 'region', subtag: '002', prefix: [], scope: null }, - { type: 'region', subtag: '003', prefix: [], scope: null }, - { type: 'region', subtag: '005', prefix: [], scope: null }, - { type: 'region', subtag: '009', prefix: [], scope: null }, - { type: 'region', subtag: '011', prefix: [], scope: null }, - { type: 'region', subtag: '013', prefix: [], scope: null }, - { type: 'region', subtag: '014', prefix: [], scope: null }, - { type: 'region', subtag: '015', prefix: [], scope: null }, - { type: 'region', subtag: '017', prefix: [], scope: null }, - { type: 'region', subtag: '018', prefix: [], scope: null }, - { type: 'region', subtag: '019', prefix: [], scope: null }, - { type: 'region', subtag: '021', prefix: [], scope: null }, - { type: 'region', subtag: '029', prefix: [], scope: null }, - { type: 'region', subtag: '030', prefix: [], scope: null }, - { type: 'region', subtag: '034', prefix: [], scope: null }, - { type: 'region', subtag: '035', prefix: [], scope: null }, - { type: 'region', subtag: '039', prefix: [], scope: null }, - { type: 'region', subtag: '053', prefix: [], scope: null }, - { type: 'region', subtag: '054', prefix: [], scope: null }, - { type: 'region', subtag: '057', prefix: [], scope: null }, - { type: 'region', subtag: '061', prefix: [], scope: null }, - { type: 'region', subtag: '142', prefix: [], scope: null }, - { type: 'region', subtag: '143', prefix: [], scope: null }, - { type: 'region', subtag: '145', prefix: [], scope: null }, - { type: 'region', subtag: '150', prefix: [], scope: null }, - { type: 'region', subtag: '151', prefix: [], scope: null }, - { type: 'region', subtag: '154', prefix: [], scope: null }, - { type: 'region', subtag: '155', prefix: [], scope: null }, - { type: 'region', subtag: '202', prefix: [], scope: null }, - { type: 'region', subtag: '419', prefix: [], scope: null }, - { type: 'variant', subtag: '1606nict', prefix: ['frm'], scope: null }, - { type: 'variant', subtag: '1694acad', prefix: ['fr'], scope: null }, - { type: 'variant', subtag: '1901', prefix: ['de'], scope: null }, - { type: 'variant', subtag: '1959acad', prefix: ['be'], scope: null }, - { - type: 'variant', - subtag: '1994', - prefix: [ - 'sl-rozaj', - 'sl-rozaj-biske', - 'sl-rozaj-njiva', - 'sl-rozaj-osojs', - 'sl-rozaj-solba', - ], - scope: null, - }, - { type: 'variant', subtag: '1996', prefix: ['de'], scope: null }, - { type: 'variant', subtag: 'abl1943', prefix: ['pt-BR'], scope: null }, - { type: 'variant', subtag: 'akuapem', prefix: ['tw'], scope: null }, - { type: 'variant', subtag: 'alalc97', prefix: [], scope: null }, - { type: 'variant', subtag: 'aluku', prefix: ['djk'], scope: null }, - { type: 'variant', subtag: 'ao1990', prefix: ['pt', 'gl'], scope: null }, - { type: 'variant', subtag: 'aranes', prefix: ['oc'], scope: null }, - { type: 'variant', subtag: 'arevela', prefix: ['hy'], scope: null }, - { type: 'variant', subtag: 'arevmda', prefix: ['hy'], scope: null }, - { type: 'variant', subtag: 'arkaika', prefix: ['eo'], scope: null }, - { type: 'variant', subtag: 'asante', prefix: ['tw'], scope: null }, - { type: 'variant', subtag: 'auvern', prefix: ['oc'], scope: null }, - { - type: 'variant', - subtag: 'baku1926', - prefix: ['az', 'ba', 'crh', 'kk', 'krc', 'ky', 'sah', 'tk', 'tt', 'uz'], - scope: null, - }, - { type: 'variant', subtag: 'balanka', prefix: ['blo'], scope: null }, - { type: 'variant', subtag: 'barla', prefix: ['kea'], scope: null }, - { type: 'variant', subtag: 'basiceng', prefix: ['en'], scope: null }, - { type: 'variant', subtag: 'bauddha', prefix: ['sa'], scope: null }, - { type: 'variant', subtag: 'biscayan', prefix: ['eu'], scope: null }, - { type: 'variant', subtag: 'biske', prefix: ['sl-rozaj'], scope: null }, - { type: 'variant', subtag: 'bohoric', prefix: ['sl'], scope: null }, - { type: 'variant', subtag: 'boont', prefix: ['en'], scope: null }, - { type: 'variant', subtag: 'bornholm', prefix: ['da'], scope: null }, - { type: 'variant', subtag: 'cisaup', prefix: ['oc'], scope: null }, - { type: 'variant', subtag: 'colb1945', prefix: ['pt'], scope: null }, - { type: 'variant', subtag: 'cornu', prefix: ['en'], scope: null }, - { type: 'variant', subtag: 'creiss', prefix: ['oc'], scope: null }, - { type: 'variant', subtag: 'dajnko', prefix: ['sl'], scope: null }, - { - type: 'variant', - subtag: 'ekavsk', - prefix: ['sr', 'sr-Latn', 'sr-Cyrl'], - scope: null, - }, - { type: 'variant', subtag: 'emodeng', prefix: ['en'], scope: null }, - { type: 'variant', subtag: 'fonipa', prefix: [], scope: null }, - { type: 'variant', subtag: 'fonkirsh', prefix: [], scope: null }, - { type: 'variant', subtag: 'fonnapa', prefix: [], scope: null }, - { type: 'variant', subtag: 'fonupa', prefix: [], scope: null }, - { type: 'variant', subtag: 'fonxsamp', prefix: [], scope: null }, - { type: 'variant', subtag: 'gallo', prefix: ['fr'], scope: null }, - { type: 'variant', subtag: 'gascon', prefix: ['oc'], scope: null }, - { - type: 'variant', - subtag: 'grclass', - prefix: [ - 'oc', - 'oc-aranes', - 'oc-auvern', - 'oc-cisaup', - 'oc-creiss', - 'oc-gascon', - 'oc-lemosin', - 'oc-lengadoc', - 'oc-nicard', - 'oc-provenc', - 'oc-vivaraup', - ], - scope: null, - }, - { - type: 'variant', - subtag: 'grital', - prefix: ['oc', 'oc-cisaup', 'oc-nicard', 'oc-provenc'], - scope: null, - }, - { - type: 'variant', - subtag: 'grmistr', - prefix: [ - 'oc', - 'oc-aranes', - 'oc-auvern', - 'oc-cisaup', - 'oc-creiss', - 'oc-gascon', - 'oc-lemosin', - 'oc-lengadoc', - 'oc-nicard', - 'oc-provenc', - 'oc-vivaraup', - ], - scope: null, - }, - { type: 'variant', subtag: 'hepburn', prefix: ['ja-Latn'], scope: null }, - { - type: 'variant', - subtag: 'heploc', - prefix: ['ja-Latn-hepburn'], - scope: null, - }, - { type: 'variant', subtag: 'hognorsk', prefix: ['nn'], scope: null }, - { type: 'variant', subtag: 'hsistemo', prefix: ['eo'], scope: null }, - { - type: 'variant', - subtag: 'ijekavsk', - prefix: ['sr', 'sr-Latn', 'sr-Cyrl'], - scope: null, - }, - { type: 'variant', subtag: 'itihasa', prefix: ['sa'], scope: null }, - { type: 'variant', subtag: 'ivanchov', prefix: ['bg'], scope: null }, - { type: 'variant', subtag: 'jauer', prefix: ['rm'], scope: null }, - { type: 'variant', subtag: 'jyutping', prefix: ['yue'], scope: null }, - { type: 'variant', subtag: 'kkcor', prefix: ['kw'], scope: null }, - { type: 'variant', subtag: 'kociewie', prefix: ['pl'], scope: null }, - { type: 'variant', subtag: 'kscor', prefix: ['kw'], scope: null }, - { type: 'variant', subtag: 'laukika', prefix: ['sa'], scope: null }, - { type: 'variant', subtag: 'lemosin', prefix: ['oc'], scope: null }, - { type: 'variant', subtag: 'lengadoc', prefix: ['oc'], scope: null }, - { type: 'variant', subtag: 'lipaw', prefix: ['sl-rozaj'], scope: null }, - { type: 'variant', subtag: 'luna1918', prefix: ['ru'], scope: null }, - { type: 'variant', subtag: 'metelko', prefix: ['sl'], scope: null }, - { type: 'variant', subtag: 'monoton', prefix: ['el'], scope: null }, - { type: 'variant', subtag: 'ndyuka', prefix: ['djk'], scope: null }, - { type: 'variant', subtag: 'nedis', prefix: ['sl'], scope: null }, - { type: 'variant', subtag: 'newfound', prefix: ['en-CA'], scope: null }, - { type: 'variant', subtag: 'nicard', prefix: ['oc'], scope: null }, - { type: 'variant', subtag: 'njiva', prefix: ['sl-rozaj'], scope: null }, - { type: 'variant', subtag: 'nulik', prefix: ['vo'], scope: null }, - { type: 'variant', subtag: 'osojs', prefix: ['sl-rozaj'], scope: null }, - { type: 'variant', subtag: 'oxendict', prefix: ['en'], scope: null }, - { type: 'variant', subtag: 'pahawh2', prefix: ['mww', 'hnj'], scope: null }, - { type: 'variant', subtag: 'pahawh3', prefix: ['mww', 'hnj'], scope: null }, - { type: 'variant', subtag: 'pahawh4', prefix: ['mww', 'hnj'], scope: null }, - { type: 'variant', subtag: 'pamaka', prefix: ['djk'], scope: null }, - { type: 'variant', subtag: 'peano', prefix: ['la'], scope: null }, - { type: 'variant', subtag: 'petr1708', prefix: ['ru'], scope: null }, - { - type: 'variant', - subtag: 'pinyin', - prefix: ['zh-Latn', 'bo-Latn'], - scope: null, - }, - { type: 'variant', subtag: 'polyton', prefix: ['el'], scope: null }, - { type: 'variant', subtag: 'provenc', prefix: ['oc'], scope: null }, - { type: 'variant', subtag: 'puter', prefix: ['rm'], scope: null }, - { type: 'variant', subtag: 'rigik', prefix: ['vo'], scope: null }, - { type: 'variant', subtag: 'rozaj', prefix: ['sl'], scope: null }, - { type: 'variant', subtag: 'rumgr', prefix: ['rm'], scope: null }, - { type: 'variant', subtag: 'scotland', prefix: ['en'], scope: null }, - { type: 'variant', subtag: 'scouse', prefix: ['en'], scope: null }, - { type: 'variant', subtag: 'simple', prefix: [], scope: null }, - { type: 'variant', subtag: 'solba', prefix: ['sl-rozaj'], scope: null }, - { type: 'variant', subtag: 'sotav', prefix: ['kea'], scope: null }, - { type: 'variant', subtag: 'spanglis', prefix: ['en', 'es'], scope: null }, - { type: 'variant', subtag: 'surmiran', prefix: ['rm'], scope: null }, - { type: 'variant', subtag: 'sursilv', prefix: ['rm'], scope: null }, - { type: 'variant', subtag: 'sutsilv', prefix: ['rm'], scope: null }, - { type: 'variant', subtag: 'synnejyl', prefix: ['da'], scope: null }, - { type: 'variant', subtag: 'tarask', prefix: ['be'], scope: null }, - { type: 'variant', subtag: 'tongyong', prefix: ['zh-Latn'], scope: null }, - { type: 'variant', subtag: 'tunumiit', prefix: ['kl'], scope: null }, - { type: 'variant', subtag: 'uccor', prefix: ['kw'], scope: null }, - { type: 'variant', subtag: 'ucrcor', prefix: ['kw'], scope: null }, - { type: 'variant', subtag: 'ulster', prefix: ['sco'], scope: null }, - { - type: 'variant', - subtag: 'unifon', - prefix: ['en', 'hup', 'kyh', 'tol', 'yur'], - scope: null, - }, - { type: 'variant', subtag: 'vaidika', prefix: ['sa'], scope: null }, - { type: 'variant', subtag: 'valencia', prefix: ['ca'], scope: null }, - { type: 'variant', subtag: 'vallader', prefix: ['rm'], scope: null }, - { type: 'variant', subtag: 'vecdruka', prefix: ['lv'], scope: null }, - { type: 'variant', subtag: 'vivaraup', prefix: ['oc'], scope: null }, - { type: 'variant', subtag: 'wadegile', prefix: ['zh-Latn'], scope: null }, - { type: 'variant', subtag: 'xsistemo', prefix: ['eo'], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'grandfathered', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - { type: 'redundant', subtag: '', prefix: [], scope: null }, - ], -}) diff --git a/csaf-validator-lib/lib/shared/csafAjv.js b/csaf-validator-lib/lib/shared/csafAjv.js deleted file mode 100644 index 712d853..0000000 --- a/csaf-validator-lib/lib/shared/csafAjv.js +++ /dev/null @@ -1,13 +0,0 @@ -import addFormats from 'ajv-formats' -import { Ajv2020 } from 'ajv/dist/2020.js' -import cvss_v2_0 from '../../schemas/cvss-v2.0.js' -import cvss_v3_0 from '../../schemas/cvss-v3.0.js' -import cvss_v3_1 from '../../schemas/cvss-v3.1.js' - -const csafAjv = new Ajv2020({ strict: false, allErrors: true }) -addFormats.default(csafAjv) -csafAjv.addSchema(cvss_v2_0, 'https://www.first.org/cvss/cvss-v2.0.json') -csafAjv.addSchema(cvss_v3_0, 'https://www.first.org/cvss/cvss-v3.0.json') -csafAjv.addSchema(cvss_v3_1, 'https://www.first.org/cvss/cvss-v3.1.json') - -export default csafAjv diff --git a/csaf-validator-lib/lib/shared/csafHelpers.js b/csaf-validator-lib/lib/shared/csafHelpers.js deleted file mode 100644 index b6bd2d5..0000000 --- a/csaf-validator-lib/lib/shared/csafHelpers.js +++ /dev/null @@ -1 +0,0 @@ -export { default as walkHashes } from './csafHelpers/walkHashes.js' diff --git a/csaf-validator-lib/lib/shared/csafHelpers/walkHashes.js b/csaf-validator-lib/lib/shared/csafHelpers/walkHashes.js deleted file mode 100644 index 2a75605..0000000 --- a/csaf-validator-lib/lib/shared/csafHelpers/walkHashes.js +++ /dev/null @@ -1,163 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const inputSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - product_tree: { - additionalProperties: true, - optionalProperties: { - branches: { elements: { additionalProperties: true, properties: {} } }, - full_product_names: { - elements: { additionalProperties: true, properties: {} }, - }, - relationships: { - elements: { additionalProperties: true, properties: {} }, - }, - }, - }, - }, -}) - -const fullProductNameSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - product_identification_helper: { - additionalProperties: true, - properties: { - hashes: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, - }, -}) - -const branchSchema = /** @type {const} */ ({ - additionalProperties: true, - optionalProperties: { - product: { - additionalProperties: true, - properties: { - product_identification_helper: { - additionalProperties: true, - properties: { - hashes: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, - }, - }, - }, -}) - -const relationshipSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - full_product_name: { - additionalProperties: true, - properties: { - product_identification_helper: { - additionalProperties: true, - properties: { - hashes: { - elements: { - additionalProperties: true, - properties: {}, - }, - }, - }, - }, - }, - }, - }, -}) - -const validateInput = ajv.compile(inputSchema) -const validateFullProductName = ajv.compile(fullProductNameSchema) -const validateRelationship = ajv.compile(relationshipSchema) -const validateBranch = ajv.compile(branchSchema) - -/** - * @param {any} doc - * @param {(params: { path: string; hash: {} }) => void} onHashFound - */ -export default function walkHashes(doc, onHashFound) { - const ctx = { - warnings: - /** @type {Array<{ instancePath: string; message: string }>} */ ([]), - } - - if (!validateInput(doc)) { - return ctx - } - - doc.product_tree.full_product_names?.forEach( - (fullProductName, fullProductNameIndex) => { - if (!validateFullProductName(fullProductName)) { - return - } - - fullProductName.product_identification_helper.hashes.forEach( - (hash, hashIndex) => { - onHashFound({ - path: `/product_tree/full_product_names/${fullProductNameIndex}/product_identification_helper/hashes/${hashIndex}`, - hash, - }) - } - ) - } - ) - - /** - * @param {string} prefix - * @param {unknown[]} branches - */ - const checkBranches = (prefix, branches) => { - branches.forEach((branch, branchIndex) => { - if (!validateBranch(branch)) { - return - } - - branch.product?.product_identification_helper.hashes.forEach( - (hash, hashIndex) => { - onHashFound({ - path: `${prefix}${branchIndex}/product_identification_helper/hashes/${hashIndex}`, - hash, - }) - } - ) - checkBranches( - `${prefix}${branchIndex}/branches/`, - Array.isArray(branch.branches) ? branch.branches : [] - ) - }) - } - - checkBranches('/product_tree/branches/', doc.product_tree.branches ?? []) - - doc.product_tree.relationships?.forEach((relationship, relationshipIndex) => { - if (!validateRelationship(relationship)) { - return - } - - relationship.full_product_name.product_identification_helper.hashes.forEach( - (hash, hashIndex) => { - onHashFound({ - path: `/product_tree/relationships/${relationshipIndex}/product_identification_helper/hashes/${hashIndex}`, - hash, - }) - } - ) - }) - - return ctx -} diff --git a/csaf-validator-lib/lib/shared/cvss2.js b/csaf-validator-lib/lib/shared/cvss2.js deleted file mode 100644 index 1396785..0000000 --- a/csaf-validator-lib/lib/shared/cvss2.js +++ /dev/null @@ -1,341 +0,0 @@ -/** - * @param {string | {}} vectorString - */ -export function getEnvironmentalScoreFromVectorString(vectorString) { - const vector = new Map( - typeof vectorString === 'string' - ? vectorString.split('/').map((k) => { - const [key, value] = k.split(':') - return [key, /** @type {string | null} */ (value ?? null)] - }) - : Object.entries(vectorString) - ) - - const impactScore = - 10.41 * - mkflt( - mkint(1.0) - - mkint( - mkflt(mkint(1.0) - mkint(getMetricScoreFloat(vector, 'C'))) * - mkflt(mkint(1.0) - mkint(getMetricScoreFloat(vector, 'I'))) * - mkflt(mkint(1.0) - mkint(getMetricScoreFloat(vector, 'A'))) - ) - ) - const exploitabilitySubScore = - 20.0 * - getMetricScoreFloat(vector, 'AC') * - getMetricScoreFloat(vector, 'Au') * - getMetricScoreFloat(vector, 'AV') - - const baseScore = quickRound( - mkflt( - mkint(0.6 * impactScore) + - mkint(0.4 * exploitabilitySubScore) - - mkint(1.5) - ) * fImpact(impactScore) - ) - - let environmentalScore = baseScore - - if ( - vector.has('CDP') || - vector.has('TD') || - vector.has('CR') || - vector.has('IR') || - vector.has('AR') - ) { - const adjustedImpactScore = Math.min( - 10, - 10.41 * - mkflt( - mkint(1.0) - - mkint( - mkflt( - mkint(1.0) - - mkint( - getMetricScoreFloat(vector, 'C') * - getMetricScoreFloat(vector, 'CR') - ) - ) * - (mkflt( - mkint(1.0) - - mkint( - getMetricScoreFloat(vector, 'I') * - getMetricScoreFloat(vector, 'IR') - ) - ) * - mkflt( - mkint(1.0) - - mkint( - getMetricScoreFloat(vector, 'A') * - getMetricScoreFloat(vector, 'AR') - ) - )) - ) - ) - ) - - const adjustedBaseScore = quickRound( - mkflt( - mkint(0.6 * adjustedImpactScore) + - mkint(0.4 * exploitabilitySubScore) - - mkint(1.5) - ) * fImpact(impactScore) - ) - - const adjustedTemporal = quickRound( - adjustedBaseScore * - getMetricScoreFloat(vector, 'E') * - getMetricScoreFloat(vector, 'RL') * - getMetricScoreFloat(vector, 'RC') - ) - - environmentalScore = quickRound( - mkflt( - mkint(adjustedTemporal) + - mkint( - mkflt(mkint(10) - mkint(adjustedTemporal)) * - getMetricScoreFloat(vector, 'CDP') - ) - ) * getMetricScoreFloat(vector, 'TD') - ) - } - - return environmentalScore -} - -const intFact = 1000 - -/** - * @param {Map} vector - * @param {CVSSField} field - */ -function getMetricScoreFloat(vector, field) { - const metric = cvssScores.get(field) - if (!metric) throw new Error('Metric not found') - let value = vector.get(field) ?? null - if (value === null) { - if (metric.category === 'environmental' || metric.category === 'temporal') { - value = 'ND' - } else { - throw new Error('Missing fields to calculate base score') - } - } - - return metric.scores.get(value) ?? 0 -} - -/** - * @param {number} original - * @returns - */ -function quickRound(original) { - return Math.round(original * 10) / 10 -} - -/** - * @param {number} original - * @returns - */ -function mkflt(original) { - return original / intFact -} - -/** - * @param {number} original - * @returns - */ -function mkint(original) { - return Math.round(original * intFact) -} - -/** - * @param {number} value - * @returns - */ -function fImpact(value) { - if (value > 0) { - return 1.176 - } else { - return 0 - } -} - -/** @typedef {(typeof mapping)[number][1]} CVSSField */ - -export const mapping = /** @type {const} */ ([ - // BASE SCORE - [ - 'accessVector', - 'AV', - { - NETWORK: { id: 'N', score: 1 }, - ADJACENT_NETWORK: { id: 'A', score: 0.646 }, - LOCAL: { id: 'L', score: 0.395 }, - }, - 'base', - ], - [ - 'accessComplexity', - 'AC', - { - HIGH: { id: 'H', score: 0.35 }, - MEDIUM: { id: 'M', score: 0.61 }, - LOW: { id: 'L', score: 0.71 }, - }, - 'base', - ], - [ - 'authentication', - 'Au', - { - MULTIPLE: { id: 'M', score: 0.45 }, - SINGLE: { id: 'S', score: 0.56 }, - NONE: { id: 'N', score: 0.704 }, - }, - 'base', - ], - [ - 'confidentialityImpact', - 'C', - { - NONE: { id: 'N', score: 0 }, - PARTIAL: { id: 'P', score: 0.275 }, - COMPLETE: { id: 'C', score: 0.66 }, - }, - 'base', - ], - [ - 'integrityImpact', - 'I', - { - NONE: { id: 'N', score: 0 }, - PARTIAL: { id: 'P', score: 0.275 }, - COMPLETE: { id: 'C', score: 0.66 }, - }, - 'base', - ], - [ - 'availabilityImpact', - 'A', - { - NONE: { id: 'N', score: 0 }, - PARTIAL: { id: 'P', score: 0.275 }, - COMPLETE: { id: 'C', score: 0.66 }, - }, - 'base', - ], - - // TEMPORAL SCORE - [ - 'exploitability', - 'E', - { - UNPROVEN: { id: 'U', score: 0.85 }, - PROOF_OF_CONCEPT: { id: 'POC', score: 0.9 }, - FUNCTIONAL: { id: 'F', score: 0.95 }, - HIGH: { id: 'H', score: 1.0 }, - NOT_DEFINED: { id: 'ND', score: 1.0 }, - }, - 'temporal', - ], - [ - 'remediationLevel', - 'RL', - { - OFFICIAL_FIX: { id: 'OF', score: 0.87 }, - TEMPORARY_FIX: { id: 'TF', score: 0.9 }, - WORKAROUND: { id: 'W', score: 0.95 }, - UNAVAILABLE: { id: 'U', score: 1.0 }, - NOT_DEFINED: { id: 'ND', score: 1.0 }, - }, - 'temporal', - ], - - [ - 'reportConfidence', - 'RC', - { - UNCONFIRMED: { id: 'UC', score: 0.9 }, - UNCORROBORATED: { id: 'UR', score: 0.95 }, - CONFIRMED: { id: 'C', score: 1.0 }, - NOT_DEFINED: { id: 'ND', score: 1.0 }, - }, - 'temporal', - ], - - // ENVIRONMENTAL SCORE - [ - 'collateralDamagePotential', - 'CDP', - { - NONE: { id: 'N', score: 0 }, - LOW: { id: 'L', score: 0.1 }, - LOW_MEDIUM: { id: 'LM', score: 0.3 }, - MEDIUM_HIGH: { id: 'MH', score: 0.4 }, - HIGH: { id: 'H', score: 0.5 }, - NOT_DEFINED: { id: 'ND', score: 0 }, - }, - 'environmental', - ], - [ - 'targetDistribution', - 'TD', - { - NONE: { id: 'N', score: 0 }, - LOW: { id: 'L', score: 0.25 }, - MEDIUM: { id: 'M', score: 0.75 }, - HIGH: { id: 'H', score: 1.0 }, - NOT_DEFINED: { id: 'ND', score: 1.0 }, - }, - 'environmental', - ], - [ - 'confidentialityRequirement', - 'CR', - { - LOW: { id: 'L', score: 0.5 }, - MEDIUM: { id: 'M', score: 1.0 }, - HIGH: { id: 'H', score: 1.51 }, - NOT_DEFINED: { id: 'ND', score: 1.0 }, - }, - 'environmental', - ], - [ - 'integrityRequirement', - 'IR', - { - LOW: { id: 'L', score: 0.5 }, - MEDIUM: { id: 'M', score: 1.0 }, - HIGH: { id: 'H', score: 1.51 }, - NOT_DEFINED: { id: 'ND', score: 1.0 }, - }, - 'environmental', - ], - [ - 'availabilityRequirement', - 'AR', - { - LOW: { id: 'L', score: 0.5 }, - MEDIUM: { id: 'M', score: 1.0 }, - HIGH: { id: 'H', score: 1.51 }, - NOT_DEFINED: { id: 'ND', score: 1.0 }, - }, - 'environmental', - ], -]) - -const cvssScores = new Map( - mapping.map(([, field, values, category]) => [ - field, - { - category, - scores: new Map( - Object.values(values).map((v) => [ - /** @type {string} */ (v.id), - /** @type {number} */ (v.score), - ]) - ), - }, - ]) -) diff --git a/csaf-validator-lib/lib/shared/cvss3.js b/csaf-validator-lib/lib/shared/cvss3.js deleted file mode 100644 index 25bd104..0000000 --- a/csaf-validator-lib/lib/shared/cvss3.js +++ /dev/null @@ -1,217 +0,0 @@ -export const mapping = /** @type {const} */ ([ - // BASE SCORE - [ - 'attackVector', - 'AV', - { - NETWORK: 'N', - ADJACENT_NETWORK: 'A', - LOCAL: 'L', - PHYSICAL: 'P', - }, - ], - [ - 'attackComplexity', - 'AC', - { - HIGH: 'H', - LOW: 'L', - }, - ], - [ - 'privilegesRequired', - 'PR', - { - NONE: 'N', - LOW: 'L', - HIGH: 'H', - }, - ], - [ - 'userInteraction', - 'UI', - { - NONE: 'N', - REQUIRED: 'R', - }, - ], - [ - 'scope', - 'S', - { - UNCHANGED: 'U', - CHANGED: 'C', - }, - ], - [ - 'confidentialityImpact', - 'C', - { - NONE: 'N', - LOW: 'L', - HIGH: 'H', - }, - ], - [ - 'integrityImpact', - 'I', - { - NONE: 'N', - LOW: 'L', - HIGH: 'H', - }, - ], - [ - 'availabilityImpact', - 'A', - { - NONE: 'N', - LOW: 'L', - HIGH: 'H', - }, - ], - - // TEMPORAL SCORE - [ - 'exploitCodeMaturity', - 'E', - { - UNPROVEN: 'U', - PROOF_OF_CONCEPT: 'P', - FUNCTIONAL: 'F', - HIGH: 'H', - NOT_DEFINED: 'X', - }, - ], - [ - 'remediationLevel', - 'RL', - { - OFFICIAL_FIX: 'O', - TEMPORARY_FIX: 'T', - WORKAROUND: 'W', - UNAVAILABLE: 'U', - NOT_DEFINED: 'X', - }, - ], - [ - 'reportConfidence', - 'RC', - { - UNKNOWN: 'U', - REASONABLE: 'R', - CONFIRMED: 'C', - NOT_DEFINED: 'X', - }, - ], - - // ENVIRONMENTAL SCORE - [ - 'confidentialityRequirement', - 'CR', - { - LOW: 'L', - MEDIUM: 'M', - HIGH: 'H', - NOT_DEFINED: 'X', - }, - ], - [ - 'integrityRequirement', - 'IR', - { - LOW: 'L', - MEDIUM: 'M', - HIGH: 'H', - NOT_DEFINED: 'X', - }, - ], - [ - 'availabilityRequirement', - 'AR', - { - LOW: 'L', - MEDIUM: 'M', - HIGH: 'H', - NOT_DEFINED: 'X', - }, - ], - [ - 'modifiedAttackVector', - 'MAV', - { - NETWORK: 'N', - ADJACENT_NETWORK: 'A', - LOCAL: 'L', - PHYSICAL: 'P', - NOT_DEFINED: 'X', - }, - ], - [ - 'modifiedAttackComplexity', - 'MAC', - { - HIGH: 'H', - LOW: 'L', - NOT_DEFINED: 'X', - }, - ], - [ - 'modifiedPrivilegesRequired', - 'MPR', - { - HIGH: 'H', - LOW: 'L', - NONE: 'N', - NOT_DEFINED: 'X', - }, - ], - [ - 'modifiedUserInteraction', - 'MUI', - { - NONE: 'N', - REQUIRED: 'R', - NOT_DEFINED: 'X', - }, - ], - [ - 'modifiedScope', - 'MS', - { - UNCHANGED: 'U', - CHANGED: 'C', - NOT_DEFINED: 'X', - }, - ], - [ - 'modifiedConfidentialityImpact', - 'MC', - { - HIGH: 'H', - LOW: 'L', - NONE: 'N', - NOT_DEFINED: 'X', - }, - ], - [ - 'modifiedIntegrityImpact', - 'MI', - { - HIGH: 'H', - LOW: 'L', - NONE: 'N', - NOT_DEFINED: 'X', - }, - ], - [ - 'modifiedAvailabilityImpact', - 'MA', - { - HIGH: 'H', - LOW: 'L', - NONE: 'N', - NOT_DEFINED: 'X', - }, - ], -]) diff --git a/csaf-validator-lib/lib/shared/cvss4.js b/csaf-validator-lib/lib/shared/cvss4.js deleted file mode 100644 index 158c8e9..0000000 --- a/csaf-validator-lib/lib/shared/cvss4.js +++ /dev/null @@ -1,1123 +0,0 @@ -import { CVSS40 } from './first/cvss40.js' - -// list of all metrics in cvss40 mainly from https://github.com/RedHatProductSecurity/cvss-v4-calculator/blob/main/metrics.json -export const flatMetrics = [ - { - metricType: 'Base Metrics', - metricTypeId: 'BASE', - metricGroup: 'Exploitability Metrics', - jsonName: 'attackVector', - metric: 'Attack Vector (AV)', - metricShort: 'AV', - options: [ - { - optionName: 'Network (N)', - optionValue: 'NETWORK', - optionKey: 'N', - }, - { - optionName: 'Adjacent (A)', - optionValue: 'ADJACENT', - optionKey: 'A', - }, - { - optionName: 'Local (L)', - optionValue: 'LOCAL', - optionKey: 'L', - }, - { - optionName: 'Physical (P)', - optionValue: 'PHYSICAL', - optionKey: 'P', - }, - ], - initialOption: 'N', - }, - { - metricType: 'Base Metrics', - metricTypeId: 'BASE', - metricGroup: 'Exploitability Metrics', - jsonName: 'attackComplexity', - metric: 'Attack Complexity (AC)', - metricShort: 'AC', - options: [ - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - ], - initialOption: 'L', - }, - { - metricType: 'Base Metrics', - metricTypeId: 'BASE', - metricGroup: 'Exploitability Metrics', - jsonName: 'attackRequirements', - metric: 'Attack Requirements (AT)', - metricShort: 'AT', - options: [ - { - optionName: 'None (N)', - optionValue: 'NONE', - optionKey: 'N', - }, - { - optionName: 'Present (P)', - optionValue: 'PRESENT', - optionKey: 'P', - }, - ], - initialOption: 'N', - }, - { - metricType: 'Base Metrics', - metricTypeId: 'BASE', - metricGroup: 'Exploitability Metrics', - jsonName: 'privilegesRequired', - metric: 'Privileges Required (PR)', - metricShort: 'PR', - options: [ - { - optionName: 'None (N)', - optionValue: 'NONE', - optionKey: 'N', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - ], - initialOption: 'N', - }, - { - metricType: 'Base Metrics', - metricTypeId: 'BASE', - metricGroup: 'Exploitability Metrics', - jsonName: 'userInteraction', - metric: 'User Interaction (UI)', - metricShort: 'UI', - options: [ - { - optionName: 'None (N)', - optionValue: 'NONE', - optionKey: 'N', - }, - { - optionName: 'Passive (P)', - optionValue: 'PASSIVE', - optionKey: 'P', - }, - { - optionName: 'Active (A)', - optionValue: 'ACTIVE', - optionKey: 'A', - }, - ], - initialOption: 'N', - }, - { - metricType: 'Base Metrics', - metricTypeId: 'BASE', - metricGroup: 'Vulnerable System Impact Metrics', - jsonName: 'vulnConfidentialityImpact', - metric: 'Confidentiality (VC)', - metricShort: 'VC', - options: [ - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'None (N)', - optionValue: 'NONE', - optionKey: 'N', - }, - ], - initialOption: 'N', - }, - { - metricType: 'Base Metrics', - metricTypeId: 'BASE', - metricGroup: 'Vulnerable System Impact Metrics', - jsonName: 'vulnIntegrityImpact', - metric: 'Integrity (VI)', - metricShort: 'VI', - options: [ - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'None (N)', - optionValue: 'NONE', - optionKey: 'N', - }, - ], - initialOption: 'N', - }, - { - metricType: 'Base Metrics', - metricTypeId: 'BASE', - metricGroup: 'Vulnerable System Impact Metrics', - jsonName: 'vulnAvailabilityImpact', - metric: 'Availability (VA)', - metricShort: 'VA', - options: [ - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'None (N)', - optionValue: 'NONE', - optionKey: 'N', - }, - ], - initialOption: 'N', - }, - { - metricType: 'Base Metrics', - metricTypeId: 'BASE', - metricGroup: 'Subsequent System Impact Metrics', - jsonName: 'subConfidentialityImpact', - metric: 'Confidentiality (SC)', - metricShort: 'SC', - options: [ - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'None (N)', - optionValue: 'NONE', - optionKey: 'N', - }, - ], - initialOption: 'N', - }, - { - metricType: 'Base Metrics', - metricTypeId: 'BASE', - metricGroup: 'Subsequent System Impact Metrics', - jsonName: 'subIntegrityImpact', - metric: 'Integrity (SI)', - metricShort: 'SI', - options: [ - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'None (N)', - optionValue: 'NONE', - optionKey: 'N', - }, - ], - initialOption: 'N', - }, - { - metricType: 'Base Metrics', - metricTypeId: 'BASE', - metricGroup: 'Subsequent System Impact Metrics', - jsonName: 'subAvailabilityImpact', - metric: 'Availability (SA)', - metricShort: 'SA', - options: [ - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'None (N)', - optionValue: 'NONE', - optionKey: 'N', - }, - ], - initialOption: 'N', - }, - { - metricType: 'Supplemental Metrics', - metricTypeId: 'SUPPLEMENTAL', - metricGroup: '', - jsonName: 'Safety', - metric: 'Safety (S)', - metricShort: 'S', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'Negligible (N)', - optionValue: 'NEGLIGIBLE', - optionKey: 'N', - }, - { - optionName: 'Present (P)', - optionValue: 'PRESENT', - optionKey: 'P', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Supplemental Metrics', - metricTypeId: 'SUPPLEMENTAL', - metricGroup: '', - jsonName: 'Automatable', - metric: 'Automatable (AU)', - metricShort: 'AU', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'No (N)', - optionValue: 'NO', - optionKey: 'N', - }, - { - optionName: 'Yes (Y)', - optionValue: 'YES', - optionKey: 'Y', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Supplemental Metrics', - metricTypeId: 'SUPPLEMENTAL', - metricGroup: '', - jsonName: 'Recovery', - metric: 'Recovery (R)', - metricShort: 'R', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'Automatic (A)', - optionValue: 'AUTOMATIC', - optionKey: 'A', - }, - { - optionName: 'User (U)', - optionValue: 'USER', - optionKey: 'U', - }, - { - optionName: 'Irrecoverable (I)', - optionValue: 'IRRECOVERABLE', - optionKey: 'I', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Supplemental Metrics', - metricTypeId: 'SUPPLEMENTAL', - metricGroup: '', - jsonName: 'valueDensity', - metric: 'Value Density (V)', - metricShort: 'V', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'Diffuse (D)', - optionValue: 'DIFFUSE', - optionKey: 'D', - }, - { - optionName: 'Concentrated (C)', - optionValue: 'CONCENTRATED', - optionKey: 'C', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Supplemental Metrics', - metricTypeId: 'SUPPLEMENTAL', - metricGroup: '', - jsonName: 'vulnerabilityResponseEffort', - metric: 'Vulnerability Response Effort (RE)', - metricShort: 'RE', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'Moderate (M)', - optionValue: 'MODERATE', - optionKey: 'M', - }, - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Supplemental Metrics', - metricTypeId: 'SUPPLEMENTAL', - metricGroup: '', - jsonName: 'providerUrgency', - metric: 'Provider Urgency (U)', - metricShort: 'U', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'Clear', - optionValue: 'CLEAR', - optionKey: 'Clear', - }, - { - optionName: 'Green', - optionValue: 'GREEN', - optionKey: 'Green', - }, - { - optionName: 'Amber', - optionValue: 'AMBER', - optionKey: 'Amber', - }, - { - optionName: 'Red', - optionValue: 'RED', - optionKey: 'Red', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Environmental (Modified Base Metrics)', - metricTypeId: 'ENVIRONMENTAL', - metricGroup: 'Exploitability Metrics', - jsonName: 'modifiedAttackVector', - metric: 'Attack Vector (MAV)', - metricShort: 'MAV', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'Network (N)', - optionValue: 'NETWORK', - optionKey: 'N', - }, - { - optionName: 'Adjacent (A)', - optionValue: 'ADJACENT', - optionKey: 'A', - }, - { - optionName: 'Local (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'Physical (P)', - optionValue: 'PHYSICAL', - optionKey: 'P', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Environmental (Modified Base Metrics)', - metricTypeId: 'ENVIRONMENTAL', - metricGroup: 'Exploitability Metrics', - jsonName: 'modifiedAttackComplexity', - metric: 'Attack Complexity (MAC)', - metricShort: 'MAC', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Environmental (Modified Base Metrics)', - metricTypeId: 'ENVIRONMENTAL', - metricGroup: 'Exploitability Metrics', - jsonName: 'modifiedAttackRequirements', - metric: 'Attack Requirements (MAT)', - metricShort: 'MAT', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'None (N)', - optionValue: 'NONE', - optionKey: 'N', - }, - { - optionName: 'Present (P)', - optionValue: 'PRESENT', - optionKey: 'P', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Environmental (Modified Base Metrics)', - metricTypeId: 'ENVIRONMENTAL', - metricGroup: 'Exploitability Metrics', - jsonName: 'modifiedPrivilegesRequired', - metric: 'Privileges Required (MPR)', - metricShort: 'MPR', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'None (N)', - optionValue: 'NONE', - optionKey: 'N', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Environmental (Modified Base Metrics)', - metricTypeId: 'ENVIRONMENTAL', - metricGroup: 'Exploitability Metrics', - jsonName: 'modifiedUserInteraction', - metric: 'User Interaction (MUI)', - metricShort: 'MUI', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'None (N)', - optionValue: 'NONE', - optionKey: 'N', - }, - { - optionName: 'Passive (P)', - optionValue: 'PASSIVE', - optionKey: 'P', - }, - { - optionName: 'Active (A)', - optionValue: 'ACTIVE', - optionKey: 'A', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Environmental (Modified Base Metrics)', - metricTypeId: 'ENVIRONMENTAL', - metricGroup: 'Vulnerable System Impact Metrics', - jsonName: 'modifiedVulnConfidentialityImpact', - metric: 'Confidentiality (MVC)', - metricShort: 'MVC', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'None (N)', - optionValue: 'NONE', - optionKey: 'N', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Environmental (Modified Base Metrics)', - metricTypeId: 'ENVIRONMENTAL', - metricGroup: 'Vulnerable System Impact Metrics', - jsonName: 'modifiedVulnIntegrityImpact', - metric: 'Integrity (MVI)', - metricShort: 'MVI', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'None (N)', - optionValue: 'NONEN', - optionKey: 'N', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Environmental (Modified Base Metrics)', - metricTypeId: 'ENVIRONMENTAL', - metricGroup: 'Vulnerable System Impact Metrics', - jsonName: 'modifiedVulnAvailabilityImpact', - metric: 'Availability (MVA)', - metricShort: 'MVA', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'None (N)', - optionValue: 'NONE', - optionKey: 'N', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Environmental (Modified Base Metrics)', - metricTypeId: 'ENVIRONMENTAL', - metricGroup: 'Subsequent System Impact Metrics', - jsonName: 'modifiedSubConfidentialityImpact', - metric: 'Confidentiality (MSC)', - metricShort: 'MSC', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'Negligible (N)', - optionValue: 'NEGLIGIBLE', - optionKey: 'N', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Environmental (Modified Base Metrics)', - metricTypeId: 'ENVIRONMENTAL', - metricGroup: 'Subsequent System Impact Metrics', - jsonName: 'modifiedSubIntegrityImpact', - metric: 'Integrity (MSI)', - metricShort: 'MSI', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'Safety (S)', - optionValue: 'SAFETY', - optionKey: 'S', - }, - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'Negligible (N)', - optionValue: '', - optionKey: 'N', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Environmental (Modified Base Metrics)', - metricTypeId: 'ENVIRONMENTAL', - metricGroup: 'Subsequent System Impact Metrics', - jsonName: 'modifiedSubAvailabilityImpact', - metric: 'Availability (MSA)', - metricShort: 'MSA', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'Safety (S)', - optionValue: 'SAFETY', - optionKey: 'S', - }, - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - { - optionName: 'Negligible (N)', - optionValue: 'NEGLIGIBLE', - optionKey: 'N', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Environmental (Security Requirements)', - metricTypeId: 'ENVIRONMENTAL', - metricGroup: '', - jsonName: 'confidentialityRequirement', - metric: 'Confidentiality Requirements (CR)', - metricShort: 'CR', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - { - optionName: 'Medium (M)', - optionValue: 'MEDIUM', - optionKey: 'M', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Environmental (Security Requirements)', - metricTypeId: 'ENVIRONMENTAL', - metricGroup: '', - jsonName: 'integrityRequirement', - metric: 'Integrity Requirements (IR)', - metricShort: 'IR', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - { - optionName: 'Medium (M)', - optionValue: 'MEDIUM', - optionKey: 'M', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Environmental (Security Requirements)', - metricTypeId: 'ENVIRONMENTAL', - metricGroup: '', - jsonName: 'availabilityRequirement', - metric: 'Availability Requirements (AR)', - metricShort: 'AR', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'High (H)', - optionValue: 'HIGH', - optionKey: 'H', - }, - { - optionName: 'Medium (M)', - optionValue: 'MEDIUM', - optionKey: 'M', - }, - { - optionName: 'Low (L)', - optionValue: 'LOW', - optionKey: 'L', - }, - ], - initialOption: 'X', - }, - { - metricType: 'Threat Metrics', - metricTypeId: 'THREAT', - metricGroup: '', - jsonName: 'exploitMaturity', - metric: 'Exploit Maturity (E)', - metricShort: 'E', - options: [ - { - optionName: 'Not Defined (X)', - optionValue: 'NOT_DEFINED', - optionKey: 'X', - }, - { - optionName: 'Attacked (A)', - optionValue: 'ATTACKED', - optionKey: 'A', - }, - { - optionName: 'POC (P)', - optionValue: 'PROOF_OF_CONCEPT', - optionKey: 'P', - }, - { - optionName: 'Unreported (U)', - optionValue: 'UNREPORTED', - optionKey: 'U', - }, - ], - initialOption: 'X', - }, -] - -/** @typedef {keyof cvss4Scores} MetricType */ - -const cvss4Scores = { - BASE: { - scoreJsonName: 'baseScore', - severityJsonName: 'baseSeverity', - }, - THREAT: { - scoreJsonName: 'threatScore', - severityJsonName: 'threatSeverity', - }, - ENVIRONMENTAL: { - scoreJsonName: 'environmentalScore', - severityJsonName: 'environmentalSeverity', - }, -} - -/** - * @typedef {object} Metric - * @property {string} metricShort - * @property {Map} optionsByValue - * @property {Map} optionsByKey - */ - -const name2Metric = calculateName2MetricMap() - -function calculateName2MetricMap() { - /** @type {Map} */ - const name2Metric = new Map() - flatMetrics.forEach((metric) => { - name2Metric.set(metric.jsonName, { - metricShort: metric.metricShort, - optionsByValue: new Map( - metric.options.map((option) => [option.optionValue, option.optionKey]) - ), - optionsByKey: new Map( - metric.options.map((option) => [option.optionKey, option.optionValue]) - ), - }) - }) - return name2Metric -} - -/** - * calculate the score and severity for the given metricTypeId - * @param {CVSS40} cvss40 - * @param {MetricType} metricTypeId - */ -function calculateScoreObject(cvss40, metricTypeId) { - const calculator = new CVSS40(cvss40.vector.raw) - // set all metrics,that don't belong to the given metric type to the initial value - flatMetrics - .filter( - (metric) => - metric.metricTypeId !== metricTypeId && metric.metricTypeId !== 'BASE' - ) - .forEach((metric) => { - calculator.vector.updateMetric(metric.metricShort, metric.initialOption) - }) - const score = cvss4Scores[metricTypeId] - return { - score: calculator.calculateScore(), - severity: calculator - .calculateSeverityRating(calculator.calculateScore()) - .toUpperCase(), - metricTypeId, - scoreJsonName: score.scoreJsonName, - severityJsonName: score.severityJsonName, - } -} - -/** - * @param {string} vectorString - * @return [{{score: number, severity: string, metricTypeId: string }}] - */ -export function calculateCvss4_0_Score(vectorString) { - return [ - calculateScoreObject(new CVSS40(vectorString), 'BASE'), - calculateScoreObject(new CVSS40(vectorString), 'THREAT'), - calculateScoreObject(new CVSS40(vectorString), 'ENVIRONMENTAL'), - ] -} - -/** - * @param {string} metricType - * @return {string[]} - */ -export function metricGroupsFormMetricType(metricType) { - /** @type {any} */ - const metricGroups = flatMetrics - .filter((metric) => metric.metricType === metricType) - .map((metric) => metric.metricGroup) - - return [...new Set(metricGroups)] -} - -export class Cvss4JsonWrapper { - #data - - /** - * @param {{ [key: string]: string | number }} data - */ - constructor(data) { - /** @private */ - this.#data = data - this.#data['version'] = '4.0' - } - - /** - * @param {string} property - * @param {string} value - */ - set(property, value) { - this.#data[property] = value - const calculation = this.#createCvssCalculationValuesFromData() - this.#data.vectorString = calculation.vector.raw - return this - } - - /** - * @param {string} property - */ - remove(property) { - delete this.#data[property] - return this - } - - /** - * calculate the scores and the severity for base, environmental und threat and set them in _data - */ - #calculateScores() { - // set values from json data - const calculation = this.#createCvssCalculationValuesFromData() - - for (const key of /** @type {MetricType[]} */ (Object.keys(cvss4Scores))) { - const score = calculateScoreObject(calculation, key) - this.#data[score.scoreJsonName] = score.score - this.#data[score.severityJsonName] = score.severity - } - } - - /** - * create a CVSS40 object form the existing _data - * @returns {CVSS40} - */ - #createCvssCalculationValuesFromData() { - const calculation = new CVSS40('CVSS:4.0') - for (const [key, value] of Object.entries(this.#data)) { - const metric = name2Metric.get(key) - if (metric && value) { - const metricOptionValue = metric.optionsByValue.get(String(value)) - calculation.vector.updateMetric( - metric.metricShort, - metricOptionValue ?? '' - ) - } - } - return calculation - } - - get data() { - this.#calculateScores() - return this.#data - } - - /** - * set the values in _data from a given cvss 4.0 vector string - * @param {string} vectorString - */ - updateFromVectorString(vectorString) { - try { - this.#data.vectorString = vectorString - const calculator = new CVSS40(vectorString) - flatMetrics.forEach((metric) => { - const metrics = /** @type {Record}*/ ( - calculator.vector.metrics - ) - let optionsKey = metrics[metric.metricShort] - optionsKey = optionsKey ? optionsKey : metric.initialOption - const metricOptions = name2Metric.get(metric.jsonName) - this.#data[metric.jsonName] = - metricOptions?.optionsByKey.get(optionsKey) ?? '' - }) - } catch (error) { - flatMetrics.forEach((metric) => { - this.#data[metric.jsonName] = '' - }) - } - } -} diff --git a/csaf-validator-lib/lib/shared/cwec.js b/csaf-validator-lib/lib/shared/cwec.js deleted file mode 100644 index e934e49..0000000 --- a/csaf-validator-lib/lib/shared/cwec.js +++ /dev/null @@ -1,2164 +0,0 @@ -export default /** @type {const} */ ({ - weaknesses: [ - { id: 'CWE-1004', name: "Sensitive Cookie Without 'HttpOnly' Flag" }, - { - id: 'CWE-1007', - name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', - }, - { id: 'CWE-102', name: 'Struts: Duplicate Validation Forms' }, - { - id: 'CWE-1021', - name: 'Improper Restriction of Rendered UI Layers or Frames', - }, - { - id: 'CWE-1022', - name: 'Use of Web Link to Untrusted Target with window.opener Access', - }, - { id: 'CWE-1023', name: 'Incomplete Comparison with Missing Factors' }, - { id: 'CWE-1024', name: 'Comparison of Incompatible Types' }, - { id: 'CWE-1025', name: 'Comparison Using Wrong Factors' }, - { id: 'CWE-103', name: 'Struts: Incomplete validate() Method Definition' }, - { - id: 'CWE-1037', - name: 'Processor Optimization Removal or Modification of Security-critical Code', - }, - { id: 'CWE-1038', name: 'Insecure Automated Optimizations' }, - { - id: 'CWE-1039', - name: 'Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism', - }, - { - id: 'CWE-104', - name: 'Struts: Form Bean Does Not Extend Validation Class', - }, - { id: 'CWE-1041', name: 'Use of Redundant Code' }, - { - id: 'CWE-1042', - name: 'Static Member Data Element outside of a Singleton Class Element', - }, - { - id: 'CWE-1043', - name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', - }, - { - id: 'CWE-1044', - name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', - }, - { - id: 'CWE-1045', - name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', - }, - { - id: 'CWE-1046', - name: 'Creation of Immutable Text Using String Concatenation', - }, - { id: 'CWE-1047', name: 'Modules with Circular Dependencies' }, - { - id: 'CWE-1048', - name: 'Invokable Control Element with Large Number of Outward Calls', - }, - { - id: 'CWE-1049', - name: 'Excessive Data Query Operations in a Large Data Table', - }, - { id: 'CWE-105', name: 'Struts: Form Field Without Validator' }, - { - id: 'CWE-1050', - name: 'Excessive Platform Resource Consumption within a Loop', - }, - { - id: 'CWE-1051', - name: 'Initialization with Hard-Coded Network Resource Configuration Data', - }, - { - id: 'CWE-1052', - name: 'Excessive Use of Hard-Coded Literals in Initialization', - }, - { id: 'CWE-1053', name: 'Missing Documentation for Design' }, - { - id: 'CWE-1054', - name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', - }, - { id: 'CWE-1055', name: 'Multiple Inheritance from Concrete Classes' }, - { - id: 'CWE-1056', - name: 'Invokable Control Element with Variadic Parameters', - }, - { - id: 'CWE-1057', - name: 'Data Access Operations Outside of Expected Data Manager Component', - }, - { - id: 'CWE-1058', - name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', - }, - { id: 'CWE-1059', name: 'Insufficient Technical Documentation' }, - { id: 'CWE-106', name: 'Struts: Plug-in Framework not in Use' }, - { - id: 'CWE-1060', - name: 'Excessive Number of Inefficient Server-Side Data Accesses', - }, - { id: 'CWE-1061', name: 'Insufficient Encapsulation' }, - { id: 'CWE-1062', name: 'Parent Class with References to Child Class' }, - { - id: 'CWE-1063', - name: 'Creation of Class Instance within a Static Code Block', - }, - { - id: 'CWE-1064', - name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', - }, - { - id: 'CWE-1065', - name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', - }, - { id: 'CWE-1066', name: 'Missing Serialization Control Element' }, - { - id: 'CWE-1067', - name: 'Excessive Execution of Sequential Searches of Data Resource', - }, - { - id: 'CWE-1068', - name: 'Inconsistency Between Implementation and Documented Design', - }, - { id: 'CWE-1069', name: 'Empty Exception Block' }, - { id: 'CWE-107', name: 'Struts: Unused Validation Form' }, - { - id: 'CWE-1070', - name: 'Serializable Data Element Containing non-Serializable Item Elements', - }, - { id: 'CWE-1071', name: 'Empty Code Block' }, - { - id: 'CWE-1072', - name: 'Data Resource Access without Use of Connection Pooling', - }, - { - id: 'CWE-1073', - name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', - }, - { id: 'CWE-1074', name: 'Class with Excessively Deep Inheritance' }, - { - id: 'CWE-1075', - name: 'Unconditional Control Flow Transfer outside of Switch Block', - }, - { id: 'CWE-1076', name: 'Insufficient Adherence to Expected Conventions' }, - { - id: 'CWE-1077', - name: 'Floating Point Comparison with Incorrect Operator', - }, - { id: 'CWE-1078', name: 'Inappropriate Source Code Style or Formatting' }, - { id: 'CWE-1079', name: 'Parent Class without Virtual Destructor Method' }, - { id: 'CWE-108', name: 'Struts: Unvalidated Action Form' }, - { - id: 'CWE-1080', - name: 'Source Code File with Excessive Number of Lines of Code', - }, - { id: 'CWE-1082', name: 'Class Instance Self Destruction Control Element' }, - { - id: 'CWE-1083', - name: 'Data Access from Outside Expected Data Manager Component', - }, - { - id: 'CWE-1084', - name: 'Invokable Control Element with Excessive File or Data Access Operations', - }, - { - id: 'CWE-1085', - name: 'Invokable Control Element with Excessive Volume of Commented-out Code', - }, - { id: 'CWE-1086', name: 'Class with Excessive Number of Child Classes' }, - { - id: 'CWE-1087', - name: 'Class with Virtual Method without a Virtual Destructor', - }, - { - id: 'CWE-1088', - name: 'Synchronous Access of Remote Resource without Timeout', - }, - { - id: 'CWE-1089', - name: 'Large Data Table with Excessive Number of Indices', - }, - { id: 'CWE-109', name: 'Struts: Validator Turned Off' }, - { - id: 'CWE-1090', - name: 'Method Containing Access of a Member Element from Another Class', - }, - { - id: 'CWE-1091', - name: 'Use of Object without Invoking Destructor Method', - }, - { - id: 'CWE-1092', - name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', - }, - { id: 'CWE-1093', name: 'Excessively Complex Data Representation' }, - { id: 'CWE-1094', name: 'Excessive Index Range Scan for a Data Resource' }, - { id: 'CWE-1095', name: 'Loop Condition Value Update within the Loop' }, - { - id: 'CWE-1096', - name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', - }, - { - id: 'CWE-1097', - name: 'Persistent Storable Data Element without Associated Comparison Control Element', - }, - { - id: 'CWE-1098', - name: 'Data Element containing Pointer Item without Proper Copy Control Element', - }, - { id: 'CWE-1099', name: 'Inconsistent Naming Conventions for Identifiers' }, - { id: 'CWE-11', name: 'ASP.NET Misconfiguration: Creating Debug Binary' }, - { id: 'CWE-110', name: 'Struts: Validator Without Form Field' }, - { - id: 'CWE-1100', - name: 'Insufficient Isolation of System-Dependent Functions', - }, - { id: 'CWE-1101', name: 'Reliance on Runtime Component in Generated Code' }, - { - id: 'CWE-1102', - name: 'Reliance on Machine-Dependent Data Representation', - }, - { - id: 'CWE-1103', - name: 'Use of Platform-Dependent Third Party Components', - }, - { id: 'CWE-1104', name: 'Use of Unmaintained Third Party Components' }, - { - id: 'CWE-1105', - name: 'Insufficient Encapsulation of Machine-Dependent Functionality', - }, - { id: 'CWE-1106', name: 'Insufficient Use of Symbolic Constants' }, - { - id: 'CWE-1107', - name: 'Insufficient Isolation of Symbolic Constant Definitions', - }, - { id: 'CWE-1108', name: 'Excessive Reliance on Global Variables' }, - { id: 'CWE-1109', name: 'Use of Same Variable for Multiple Purposes' }, - { id: 'CWE-111', name: 'Direct Use of Unsafe JNI' }, - { id: 'CWE-1110', name: 'Incomplete Design Documentation' }, - { id: 'CWE-1111', name: 'Incomplete I/O Documentation' }, - { id: 'CWE-1112', name: 'Incomplete Documentation of Program Execution' }, - { id: 'CWE-1113', name: 'Inappropriate Comment Style' }, - { id: 'CWE-1114', name: 'Inappropriate Whitespace Style' }, - { id: 'CWE-1115', name: 'Source Code Element without Standard Prologue' }, - { id: 'CWE-1116', name: 'Inaccurate Comments' }, - { id: 'CWE-1117', name: 'Callable with Insufficient Behavioral Summary' }, - { - id: 'CWE-1118', - name: 'Insufficient Documentation of Error Handling Techniques', - }, - { id: 'CWE-1119', name: 'Excessive Use of Unconditional Branching' }, - { id: 'CWE-112', name: 'Missing XML Validation' }, - { id: 'CWE-1120', name: 'Excessive Code Complexity' }, - { id: 'CWE-1121', name: 'Excessive McCabe Cyclomatic Complexity' }, - { id: 'CWE-1122', name: 'Excessive Halstead Complexity' }, - { id: 'CWE-1123', name: 'Excessive Use of Self-Modifying Code' }, - { id: 'CWE-1124', name: 'Excessively Deep Nesting' }, - { id: 'CWE-1125', name: 'Excessive Attack Surface' }, - { - id: 'CWE-1126', - name: 'Declaration of Variable with Unnecessarily Wide Scope', - }, - { - id: 'CWE-1127', - name: 'Compilation with Insufficient Warnings or Errors', - }, - { - id: 'CWE-113', - name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", - }, - { id: 'CWE-114', name: 'Process Control' }, - { id: 'CWE-115', name: 'Misinterpretation of Input' }, - { id: 'CWE-116', name: 'Improper Encoding or Escaping of Output' }, - { id: 'CWE-1164', name: 'Irrelevant Code' }, - { id: 'CWE-117', name: 'Improper Output Neutralization for Logs' }, - { id: 'CWE-1173', name: 'Improper Use of Validation Framework' }, - { - id: 'CWE-1174', - name: 'ASP.NET Misconfiguration: Improper Model Validation', - }, - { id: 'CWE-1176', name: 'Inefficient CPU Computation' }, - { id: 'CWE-1177', name: 'Use of Prohibited Code' }, - { - id: 'CWE-118', - name: "Incorrect Access of Indexable Resource ('Range Error')", - }, - { id: 'CWE-1187', name: 'DEPRECATED: Use of Uninitialized Resource' }, - { - id: 'CWE-1188', - name: 'Initialization of a Resource with an Insecure Default', - }, - { - id: 'CWE-1189', - name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', - }, - { - id: 'CWE-119', - name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', - }, - { id: 'CWE-1190', name: 'DMA Device Enabled Too Early in Boot Phase' }, - { - id: 'CWE-1191', - name: 'On-Chip Debug and Test Interface With Improper Access Control', - }, - { - id: 'CWE-1192', - name: 'Improper Identifier for IP Block used in System-On-Chip (SOC)', - }, - { - id: 'CWE-1193', - name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', - }, - { - id: 'CWE-12', - name: 'ASP.NET Misconfiguration: Missing Custom Error Page', - }, - { - id: 'CWE-120', - name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", - }, - { id: 'CWE-1204', name: 'Generation of Weak Initialization Vector (IV)' }, - { id: 'CWE-1209', name: 'Failure to Disable Reserved Bits' }, - { id: 'CWE-121', name: 'Stack-based Buffer Overflow' }, - { id: 'CWE-122', name: 'Heap-based Buffer Overflow' }, - { id: 'CWE-1220', name: 'Insufficient Granularity of Access Control' }, - { - id: 'CWE-1221', - name: 'Incorrect Register Defaults or Module Parameters', - }, - { - id: 'CWE-1222', - name: 'Insufficient Granularity of Address Regions Protected by Register Locks', - }, - { id: 'CWE-1223', name: 'Race Condition for Write-Once Attributes' }, - { id: 'CWE-1224', name: 'Improper Restriction of Write-Once Bit Fields' }, - { id: 'CWE-1229', name: 'Creation of Emergent Resource' }, - { id: 'CWE-123', name: 'Write-what-where Condition' }, - { - id: 'CWE-1230', - name: 'Exposure of Sensitive Information Through Metadata', - }, - { id: 'CWE-1231', name: 'Improper Prevention of Lock Bit Modification' }, - { - id: 'CWE-1232', - name: 'Improper Lock Behavior After Power State Transition', - }, - { - id: 'CWE-1233', - name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', - }, - { - id: 'CWE-1234', - name: 'Hardware Internal or Debug Modes Allow Override of Locks', - }, - { - id: 'CWE-1235', - name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', - }, - { - id: 'CWE-1236', - name: 'Improper Neutralization of Formula Elements in a CSV File', - }, - { id: 'CWE-1239', name: 'Improper Zeroization of Hardware Register' }, - { id: 'CWE-124', name: "Buffer Underwrite ('Buffer Underflow')" }, - { - id: 'CWE-1240', - name: 'Use of a Cryptographic Primitive with a Risky Implementation', - }, - { - id: 'CWE-1241', - name: 'Use of Predictable Algorithm in Random Number Generator', - }, - { - id: 'CWE-1242', - name: 'Inclusion of Undocumented Features or Chicken Bits', - }, - { - id: 'CWE-1243', - name: 'Sensitive Non-Volatile Information Not Protected During Debug', - }, - { - id: 'CWE-1244', - name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', - }, - { - id: 'CWE-1245', - name: 'Improper Finite State Machines (FSMs) in Hardware Logic', - }, - { - id: 'CWE-1246', - name: 'Improper Write Handling in Limited-write Non-Volatile Memories', - }, - { - id: 'CWE-1247', - name: 'Improper Protection Against Voltage and Clock Glitches', - }, - { - id: 'CWE-1248', - name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', - }, - { - id: 'CWE-1249', - name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', - }, - { id: 'CWE-125', name: 'Out-of-bounds Read' }, - { - id: 'CWE-1250', - name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', - }, - { id: 'CWE-1251', name: 'Mirrored Regions with Different Values' }, - { - id: 'CWE-1252', - name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', - }, - { id: 'CWE-1253', name: 'Incorrect Selection of Fuse Values' }, - { id: 'CWE-1254', name: 'Incorrect Comparison Logic Granularity' }, - { - id: 'CWE-1255', - name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', - }, - { - id: 'CWE-1256', - name: 'Improper Restriction of Software Interfaces to Hardware Features', - }, - { - id: 'CWE-1257', - name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', - }, - { - id: 'CWE-1258', - name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', - }, - { - id: 'CWE-1259', - name: 'Improper Restriction of Security Token Assignment', - }, - { id: 'CWE-126', name: 'Buffer Over-read' }, - { - id: 'CWE-1260', - name: 'Improper Handling of Overlap Between Protected Memory Ranges', - }, - { id: 'CWE-1261', name: 'Improper Handling of Single Event Upsets' }, - { id: 'CWE-1262', name: 'Improper Access Control for Register Interface' }, - { id: 'CWE-1263', name: 'Improper Physical Access Control' }, - { - id: 'CWE-1264', - name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', - }, - { - id: 'CWE-1265', - name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', - }, - { - id: 'CWE-1266', - name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', - }, - { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding' }, - { - id: 'CWE-1268', - name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', - }, - { id: 'CWE-1269', name: 'Product Released in Non-Release Configuration' }, - { id: 'CWE-127', name: 'Buffer Under-read' }, - { id: 'CWE-1270', name: 'Generation of Incorrect Security Tokens' }, - { - id: 'CWE-1271', - name: 'Uninitialized Value on Reset for Registers Holding Security Settings', - }, - { - id: 'CWE-1272', - name: 'Sensitive Information Uncleared Before Debug/Power State Transition', - }, - { id: 'CWE-1273', name: 'Device Unlock Credential Sharing' }, - { - id: 'CWE-1274', - name: 'Improper Access Control for Volatile Memory Containing Boot Code', - }, - { - id: 'CWE-1275', - name: 'Sensitive Cookie with Improper SameSite Attribute', - }, - { - id: 'CWE-1276', - name: 'Hardware Child Block Incorrectly Connected to Parent System', - }, - { id: 'CWE-1277', name: 'Firmware Not Updateable' }, - { - id: 'CWE-1278', - name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', - }, - { - id: 'CWE-1279', - name: 'Cryptographic Operations are run Before Supporting Units are Ready', - }, - { id: 'CWE-128', name: 'Wrap-around Error' }, - { - id: 'CWE-1280', - name: 'Access Control Check Implemented After Asset is Accessed', - }, - { - id: 'CWE-1281', - name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', - }, - { - id: 'CWE-1282', - name: 'Assumed-Immutable Data is Stored in Writable Memory', - }, - { - id: 'CWE-1283', - name: 'Mutable Attestation or Measurement Reporting Data', - }, - { - id: 'CWE-1284', - name: 'Improper Validation of Specified Quantity in Input', - }, - { - id: 'CWE-1285', - name: 'Improper Validation of Specified Index, Position, or Offset in Input', - }, - { - id: 'CWE-1286', - name: 'Improper Validation of Syntactic Correctness of Input', - }, - { id: 'CWE-1287', name: 'Improper Validation of Specified Type of Input' }, - { id: 'CWE-1288', name: 'Improper Validation of Consistency within Input' }, - { - id: 'CWE-1289', - name: 'Improper Validation of Unsafe Equivalence in Input', - }, - { id: 'CWE-129', name: 'Improper Validation of Array Index' }, - { id: 'CWE-1290', name: 'Incorrect Decoding of Security Identifiers' }, - { - id: 'CWE-1291', - name: 'Public Key Re-Use for Signing both Debug and Production Code', - }, - { id: 'CWE-1292', name: 'Incorrect Conversion of Security Identifiers' }, - { - id: 'CWE-1293', - name: 'Missing Source Correlation of Multiple Independent Data', - }, - { id: 'CWE-1294', name: 'Insecure Security Identifier Mechanism' }, - { - id: 'CWE-1295', - name: 'Debug Messages Revealing Unnecessary Information', - }, - { - id: 'CWE-1296', - name: 'Incorrect Chaining or Granularity of Debug Components', - }, - { - id: 'CWE-1297', - name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', - }, - { id: 'CWE-1298', name: 'Hardware Logic Contains Race Conditions' }, - { - id: 'CWE-1299', - name: 'Missing Protection Mechanism for Alternate Hardware Interface', - }, - { - id: 'CWE-13', - name: 'ASP.NET Misconfiguration: Password in Configuration File', - }, - { - id: 'CWE-130', - name: 'Improper Handling of Length Parameter Inconsistency', - }, - { id: 'CWE-1300', name: 'Improper Protection of Physical Side Channels' }, - { - id: 'CWE-1301', - name: 'Insufficient or Incomplete Data Removal within Hardware Component', - }, - { - id: 'CWE-1302', - name: 'Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)', - }, - { - id: 'CWE-1303', - name: 'Non-Transparent Sharing of Microarchitectural Resources', - }, - { - id: 'CWE-1304', - name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', - }, - { id: 'CWE-131', name: 'Incorrect Calculation of Buffer Size' }, - { id: 'CWE-1310', name: 'Missing Ability to Patch ROM Code' }, - { - id: 'CWE-1311', - name: 'Improper Translation of Security Attributes by Fabric Bridge', - }, - { - id: 'CWE-1312', - name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', - }, - { - id: 'CWE-1313', - name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', - }, - { - id: 'CWE-1314', - name: 'Missing Write Protection for Parametric Data Values', - }, - { - id: 'CWE-1315', - name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', - }, - { - id: 'CWE-1316', - name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', - }, - { id: 'CWE-1317', name: 'Improper Access Control in Fabric Bridge' }, - { - id: 'CWE-1318', - name: 'Missing Support for Security Features in On-chip Fabrics or Buses', - }, - { - id: 'CWE-1319', - name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', - }, - { id: 'CWE-132', name: 'DEPRECATED: Miscalculated Null Termination' }, - { - id: 'CWE-1320', - name: 'Improper Protection for Outbound Error Messages and Alert Signals', - }, - { - id: 'CWE-1321', - name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", - }, - { - id: 'CWE-1322', - name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', - }, - { id: 'CWE-1323', name: 'Improper Management of Sensitive Trace Data' }, - { - id: 'CWE-1324', - name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', - }, - { - id: 'CWE-1325', - name: 'Improperly Controlled Sequential Memory Allocation', - }, - { id: 'CWE-1326', name: 'Missing Immutable Root of Trust in Hardware' }, - { id: 'CWE-1327', name: 'Binding to an Unrestricted IP Address' }, - { - id: 'CWE-1328', - name: 'Security Version Number Mutable to Older Versions', - }, - { id: 'CWE-1329', name: 'Reliance on Component That is Not Updateable' }, - { id: 'CWE-1330', name: 'Remanent Data Readable after Memory Erase' }, - { - id: 'CWE-1331', - name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', - }, - { - id: 'CWE-1332', - name: 'Improper Handling of Faults that Lead to Instruction Skips', - }, - { id: 'CWE-1333', name: 'Inefficient Regular Expression Complexity' }, - { - id: 'CWE-1334', - name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', - }, - { id: 'CWE-1335', name: 'Incorrect Bitwise Shift of Integer' }, - { - id: 'CWE-1336', - name: 'Improper Neutralization of Special Elements Used in a Template Engine', - }, - { - id: 'CWE-1338', - name: 'Improper Protections Against Hardware Overheating', - }, - { - id: 'CWE-1339', - name: 'Insufficient Precision or Accuracy of a Real Number', - }, - { id: 'CWE-134', name: 'Use of Externally-Controlled Format String' }, - { id: 'CWE-1341', name: 'Multiple Releases of Same Resource or Handle' }, - { - id: 'CWE-1342', - name: 'Information Exposure through Microarchitectural State after Transient Execution', - }, - { - id: 'CWE-135', - name: 'Incorrect Calculation of Multi-Byte String Length', - }, - { - id: 'CWE-1351', - name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', - }, - { - id: 'CWE-1357', - name: 'Reliance on Insufficiently Trustworthy Component', - }, - { id: 'CWE-138', name: 'Improper Neutralization of Special Elements' }, - { - id: 'CWE-1384', - name: 'Improper Handling of Physical or Environmental Conditions', - }, - { id: 'CWE-1385', name: 'Missing Origin Validation in WebSockets' }, - { - id: 'CWE-1386', - name: 'Insecure Operation on Windows Junction / Mount Point', - }, - { - id: 'CWE-1389', - name: 'Incorrect Parsing of Numbers with Different Radices', - }, - { id: 'CWE-1390', name: 'Weak Authentication' }, - { id: 'CWE-1391', name: 'Use of Weak Credentials' }, - { id: 'CWE-1392', name: 'Use of Default Credentials' }, - { id: 'CWE-1393', name: 'Use of Default Password' }, - { id: 'CWE-1394', name: 'Use of Default Cryptographic Key' }, - { id: 'CWE-1395', name: 'Dependency on Vulnerable Third-Party Component' }, - { id: 'CWE-14', name: 'Compiler Removal of Code to Clear Buffers' }, - { id: 'CWE-140', name: 'Improper Neutralization of Delimiters' }, - { - id: 'CWE-141', - name: 'Improper Neutralization of Parameter/Argument Delimiters', - }, - { id: 'CWE-1419', name: 'Incorrect Initialization of Resource' }, - { id: 'CWE-142', name: 'Improper Neutralization of Value Delimiters' }, - { - id: 'CWE-1420', - name: 'Exposure of Sensitive Information during Transient Execution', - }, - { - id: 'CWE-1421', - name: 'Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution', - }, - { - id: 'CWE-1422', - name: 'Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution', - }, - { - id: 'CWE-1423', - name: 'Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution', - }, - { id: 'CWE-1426', name: 'Improper Validation of Generative AI Output' }, - { - id: 'CWE-1427', - name: 'Improper Neutralization of Input Used for LLM Prompting', - }, - { id: 'CWE-1428', name: 'Reliance on HTTP instead of HTTPS' }, - { - id: 'CWE-1429', - name: 'Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface', - }, - { id: 'CWE-143', name: 'Improper Neutralization of Record Delimiters' }, - { - id: 'CWE-1431', - name: 'Driving Intermediate Cryptographic State/Results to Hardware Module Outputs', - }, - { - id: 'CWE-1434', - name: 'Insecure Setting of Generative AI/ML Model Inference Parameters', - }, - { id: 'CWE-144', name: 'Improper Neutralization of Line Delimiters' }, - { id: 'CWE-145', name: 'Improper Neutralization of Section Delimiters' }, - { - id: 'CWE-146', - name: 'Improper Neutralization of Expression/Command Delimiters', - }, - { id: 'CWE-147', name: 'Improper Neutralization of Input Terminators' }, - { id: 'CWE-148', name: 'Improper Neutralization of Input Leaders' }, - { id: 'CWE-149', name: 'Improper Neutralization of Quoting Syntax' }, - { - id: 'CWE-15', - name: 'External Control of System or Configuration Setting', - }, - { - id: 'CWE-150', - name: 'Improper Neutralization of Escape, Meta, or Control Sequences', - }, - { id: 'CWE-151', name: 'Improper Neutralization of Comment Delimiters' }, - { id: 'CWE-152', name: 'Improper Neutralization of Macro Symbols' }, - { - id: 'CWE-153', - name: 'Improper Neutralization of Substitution Characters', - }, - { - id: 'CWE-154', - name: 'Improper Neutralization of Variable Name Delimiters', - }, - { - id: 'CWE-155', - name: 'Improper Neutralization of Wildcards or Matching Symbols', - }, - { id: 'CWE-156', name: 'Improper Neutralization of Whitespace' }, - { id: 'CWE-157', name: 'Failure to Sanitize Paired Delimiters' }, - { - id: 'CWE-158', - name: 'Improper Neutralization of Null Byte or NUL Character', - }, - { - id: 'CWE-159', - name: 'Improper Handling of Invalid Use of Special Elements', - }, - { - id: 'CWE-160', - name: 'Improper Neutralization of Leading Special Elements', - }, - { - id: 'CWE-161', - name: 'Improper Neutralization of Multiple Leading Special Elements', - }, - { - id: 'CWE-162', - name: 'Improper Neutralization of Trailing Special Elements', - }, - { - id: 'CWE-163', - name: 'Improper Neutralization of Multiple Trailing Special Elements', - }, - { - id: 'CWE-164', - name: 'Improper Neutralization of Internal Special Elements', - }, - { - id: 'CWE-165', - name: 'Improper Neutralization of Multiple Internal Special Elements', - }, - { id: 'CWE-166', name: 'Improper Handling of Missing Special Element' }, - { id: 'CWE-167', name: 'Improper Handling of Additional Special Element' }, - { - id: 'CWE-168', - name: 'Improper Handling of Inconsistent Special Elements', - }, - { id: 'CWE-170', name: 'Improper Null Termination' }, - { id: 'CWE-172', name: 'Encoding Error' }, - { id: 'CWE-173', name: 'Improper Handling of Alternate Encoding' }, - { id: 'CWE-174', name: 'Double Decoding of the Same Data' }, - { id: 'CWE-175', name: 'Improper Handling of Mixed Encoding' }, - { id: 'CWE-176', name: 'Improper Handling of Unicode Encoding' }, - { id: 'CWE-177', name: 'Improper Handling of URL Encoding (Hex Encoding)' }, - { id: 'CWE-178', name: 'Improper Handling of Case Sensitivity' }, - { id: 'CWE-179', name: 'Incorrect Behavior Order: Early Validation' }, - { - id: 'CWE-180', - name: 'Incorrect Behavior Order: Validate Before Canonicalize', - }, - { id: 'CWE-181', name: 'Incorrect Behavior Order: Validate Before Filter' }, - { id: 'CWE-182', name: 'Collapse of Data into Unsafe Value' }, - { id: 'CWE-183', name: 'Permissive List of Allowed Inputs' }, - { id: 'CWE-184', name: 'Incomplete List of Disallowed Inputs' }, - { id: 'CWE-185', name: 'Incorrect Regular Expression' }, - { id: 'CWE-186', name: 'Overly Restrictive Regular Expression' }, - { id: 'CWE-187', name: 'Partial String Comparison' }, - { id: 'CWE-188', name: 'Reliance on Data/Memory Layout' }, - { id: 'CWE-190', name: 'Integer Overflow or Wraparound' }, - { id: 'CWE-191', name: 'Integer Underflow (Wrap or Wraparound)' }, - { id: 'CWE-192', name: 'Integer Coercion Error' }, - { id: 'CWE-193', name: 'Off-by-one Error' }, - { id: 'CWE-194', name: 'Unexpected Sign Extension' }, - { id: 'CWE-195', name: 'Signed to Unsigned Conversion Error' }, - { id: 'CWE-196', name: 'Unsigned to Signed Conversion Error' }, - { id: 'CWE-197', name: 'Numeric Truncation Error' }, - { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering' }, - { id: 'CWE-20', name: 'Improper Input Validation' }, - { - id: 'CWE-200', - name: 'Exposure of Sensitive Information to an Unauthorized Actor', - }, - { - id: 'CWE-201', - name: 'Insertion of Sensitive Information Into Sent Data', - }, - { - id: 'CWE-202', - name: 'Exposure of Sensitive Information Through Data Queries', - }, - { id: 'CWE-203', name: 'Observable Discrepancy' }, - { id: 'CWE-204', name: 'Observable Response Discrepancy' }, - { id: 'CWE-205', name: 'Observable Behavioral Discrepancy' }, - { id: 'CWE-206', name: 'Observable Internal Behavioral Discrepancy' }, - { - id: 'CWE-207', - name: 'Observable Behavioral Discrepancy With Equivalent Products', - }, - { id: 'CWE-208', name: 'Observable Timing Discrepancy' }, - { - id: 'CWE-209', - name: 'Generation of Error Message Containing Sensitive Information', - }, - { - id: 'CWE-210', - name: 'Self-generated Error Message Containing Sensitive Information', - }, - { - id: 'CWE-211', - name: 'Externally-Generated Error Message Containing Sensitive Information', - }, - { - id: 'CWE-212', - name: 'Improper Removal of Sensitive Information Before Storage or Transfer', - }, - { - id: 'CWE-213', - name: 'Exposure of Sensitive Information Due to Incompatible Policies', - }, - { - id: 'CWE-214', - name: 'Invocation of Process Using Visible Sensitive Information', - }, - { - id: 'CWE-215', - name: 'Insertion of Sensitive Information Into Debugging Code', - }, - { - id: 'CWE-216', - name: 'DEPRECATED: Containment Errors (Container Errors)', - }, - { - id: 'CWE-217', - name: 'DEPRECATED: Failure to Protect Stored Data from Modification', - }, - { - id: 'CWE-218', - name: 'DEPRECATED: Failure to provide confidentiality for stored data', - }, - { - id: 'CWE-219', - name: 'Storage of File with Sensitive Data Under Web Root', - }, - { - id: 'CWE-22', - name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - }, - { - id: 'CWE-220', - name: 'Storage of File With Sensitive Data Under FTP Root', - }, - { id: 'CWE-221', name: 'Information Loss or Omission' }, - { id: 'CWE-222', name: 'Truncation of Security-relevant Information' }, - { id: 'CWE-223', name: 'Omission of Security-relevant Information' }, - { - id: 'CWE-224', - name: 'Obscured Security-relevant Information by Alternate Name', - }, - { - id: 'CWE-225', - name: 'DEPRECATED: General Information Management Problems', - }, - { - id: 'CWE-226', - name: 'Sensitive Information in Resource Not Removed Before Reuse', - }, - { - id: 'CWE-228', - name: 'Improper Handling of Syntactically Invalid Structure', - }, - { id: 'CWE-229', name: 'Improper Handling of Values' }, - { id: 'CWE-23', name: 'Relative Path Traversal' }, - { id: 'CWE-230', name: 'Improper Handling of Missing Values' }, - { id: 'CWE-231', name: 'Improper Handling of Extra Values' }, - { id: 'CWE-232', name: 'Improper Handling of Undefined Values' }, - { id: 'CWE-233', name: 'Improper Handling of Parameters' }, - { id: 'CWE-234', name: 'Failure to Handle Missing Parameter' }, - { id: 'CWE-235', name: 'Improper Handling of Extra Parameters' }, - { id: 'CWE-236', name: 'Improper Handling of Undefined Parameters' }, - { id: 'CWE-237', name: 'Improper Handling of Structural Elements' }, - { - id: 'CWE-238', - name: 'Improper Handling of Incomplete Structural Elements', - }, - { id: 'CWE-239', name: 'Failure to Handle Incomplete Element' }, - { id: 'CWE-24', name: "Path Traversal: '../filedir'" }, - { - id: 'CWE-240', - name: 'Improper Handling of Inconsistent Structural Elements', - }, - { id: 'CWE-241', name: 'Improper Handling of Unexpected Data Type' }, - { id: 'CWE-242', name: 'Use of Inherently Dangerous Function' }, - { - id: 'CWE-243', - name: 'Creation of chroot Jail Without Changing Working Directory', - }, - { - id: 'CWE-244', - name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", - }, - { - id: 'CWE-245', - name: 'J2EE Bad Practices: Direct Management of Connections', - }, - { id: 'CWE-246', name: 'J2EE Bad Practices: Direct Use of Sockets' }, - { - id: 'CWE-247', - name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', - }, - { id: 'CWE-248', name: 'Uncaught Exception' }, - { id: 'CWE-249', name: 'DEPRECATED: Often Misused: Path Manipulation' }, - { id: 'CWE-25', name: "Path Traversal: '/../filedir'" }, - { id: 'CWE-250', name: 'Execution with Unnecessary Privileges' }, - { id: 'CWE-252', name: 'Unchecked Return Value' }, - { id: 'CWE-253', name: 'Incorrect Check of Function Return Value' }, - { id: 'CWE-256', name: 'Plaintext Storage of a Password' }, - { id: 'CWE-257', name: 'Storing Passwords in a Recoverable Format' }, - { id: 'CWE-258', name: 'Empty Password in Configuration File' }, - { id: 'CWE-259', name: 'Use of Hard-coded Password' }, - { id: 'CWE-26', name: "Path Traversal: '/dir/../filename'" }, - { id: 'CWE-260', name: 'Password in Configuration File' }, - { id: 'CWE-261', name: 'Weak Encoding for Password' }, - { id: 'CWE-262', name: 'Not Using Password Aging' }, - { id: 'CWE-263', name: 'Password Aging with Long Expiration' }, - { id: 'CWE-266', name: 'Incorrect Privilege Assignment' }, - { id: 'CWE-267', name: 'Privilege Defined With Unsafe Actions' }, - { id: 'CWE-268', name: 'Privilege Chaining' }, - { id: 'CWE-269', name: 'Improper Privilege Management' }, - { id: 'CWE-27', name: "Path Traversal: 'dir/../../filename'" }, - { id: 'CWE-270', name: 'Privilege Context Switching Error' }, - { id: 'CWE-271', name: 'Privilege Dropping / Lowering Errors' }, - { id: 'CWE-272', name: 'Least Privilege Violation' }, - { id: 'CWE-273', name: 'Improper Check for Dropped Privileges' }, - { id: 'CWE-274', name: 'Improper Handling of Insufficient Privileges' }, - { id: 'CWE-276', name: 'Incorrect Default Permissions' }, - { id: 'CWE-277', name: 'Insecure Inherited Permissions' }, - { id: 'CWE-278', name: 'Insecure Preserved Inherited Permissions' }, - { id: 'CWE-279', name: 'Incorrect Execution-Assigned Permissions' }, - { id: 'CWE-28', name: "Path Traversal: '..\\filedir'" }, - { - id: 'CWE-280', - name: 'Improper Handling of Insufficient Permissions or Privileges', - }, - { id: 'CWE-281', name: 'Improper Preservation of Permissions' }, - { id: 'CWE-282', name: 'Improper Ownership Management' }, - { id: 'CWE-283', name: 'Unverified Ownership' }, - { id: 'CWE-284', name: 'Improper Access Control' }, - { id: 'CWE-285', name: 'Improper Authorization' }, - { id: 'CWE-286', name: 'Incorrect User Management' }, - { id: 'CWE-287', name: 'Improper Authentication' }, - { - id: 'CWE-288', - name: 'Authentication Bypass Using an Alternate Path or Channel', - }, - { id: 'CWE-289', name: 'Authentication Bypass by Alternate Name' }, - { id: 'CWE-29', name: "Path Traversal: '\\..\\filename'" }, - { id: 'CWE-290', name: 'Authentication Bypass by Spoofing' }, - { id: 'CWE-291', name: 'Reliance on IP Address for Authentication' }, - { id: 'CWE-292', name: 'DEPRECATED: Trusting Self-reported DNS Name' }, - { id: 'CWE-293', name: 'Using Referer Field for Authentication' }, - { id: 'CWE-294', name: 'Authentication Bypass by Capture-replay' }, - { id: 'CWE-295', name: 'Improper Certificate Validation' }, - { - id: 'CWE-296', - name: "Improper Following of a Certificate's Chain of Trust", - }, - { - id: 'CWE-297', - name: 'Improper Validation of Certificate with Host Mismatch', - }, - { id: 'CWE-298', name: 'Improper Validation of Certificate Expiration' }, - { id: 'CWE-299', name: 'Improper Check for Certificate Revocation' }, - { id: 'CWE-30', name: "Path Traversal: '\\dir\\..\\filename'" }, - { id: 'CWE-300', name: 'Channel Accessible by Non-Endpoint' }, - { id: 'CWE-301', name: 'Reflection Attack in an Authentication Protocol' }, - { id: 'CWE-302', name: 'Authentication Bypass by Assumed-Immutable Data' }, - { - id: 'CWE-303', - name: 'Incorrect Implementation of Authentication Algorithm', - }, - { id: 'CWE-304', name: 'Missing Critical Step in Authentication' }, - { id: 'CWE-305', name: 'Authentication Bypass by Primary Weakness' }, - { id: 'CWE-306', name: 'Missing Authentication for Critical Function' }, - { - id: 'CWE-307', - name: 'Improper Restriction of Excessive Authentication Attempts', - }, - { id: 'CWE-308', name: 'Use of Single-factor Authentication' }, - { - id: 'CWE-309', - name: 'Use of Password System for Primary Authentication', - }, - { id: 'CWE-31', name: "Path Traversal: 'dir\\..\\..\\filename'" }, - { id: 'CWE-311', name: 'Missing Encryption of Sensitive Data' }, - { id: 'CWE-312', name: 'Cleartext Storage of Sensitive Information' }, - { id: 'CWE-313', name: 'Cleartext Storage in a File or on Disk' }, - { id: 'CWE-314', name: 'Cleartext Storage in the Registry' }, - { - id: 'CWE-315', - name: 'Cleartext Storage of Sensitive Information in a Cookie', - }, - { - id: 'CWE-316', - name: 'Cleartext Storage of Sensitive Information in Memory', - }, - { - id: 'CWE-317', - name: 'Cleartext Storage of Sensitive Information in GUI', - }, - { - id: 'CWE-318', - name: 'Cleartext Storage of Sensitive Information in Executable', - }, - { id: 'CWE-319', name: 'Cleartext Transmission of Sensitive Information' }, - { id: 'CWE-32', name: "Path Traversal: '...' (Triple Dot)" }, - { id: 'CWE-321', name: 'Use of Hard-coded Cryptographic Key' }, - { id: 'CWE-322', name: 'Key Exchange without Entity Authentication' }, - { id: 'CWE-323', name: 'Reusing a Nonce, Key Pair in Encryption' }, - { id: 'CWE-324', name: 'Use of a Key Past its Expiration Date' }, - { id: 'CWE-325', name: 'Missing Cryptographic Step' }, - { id: 'CWE-326', name: 'Inadequate Encryption Strength' }, - { id: 'CWE-327', name: 'Use of a Broken or Risky Cryptographic Algorithm' }, - { id: 'CWE-328', name: 'Use of Weak Hash' }, - { id: 'CWE-329', name: 'Generation of Predictable IV with CBC Mode' }, - { id: 'CWE-33', name: "Path Traversal: '....' (Multiple Dot)" }, - { id: 'CWE-330', name: 'Use of Insufficiently Random Values' }, - { id: 'CWE-331', name: 'Insufficient Entropy' }, - { id: 'CWE-332', name: 'Insufficient Entropy in PRNG' }, - { - id: 'CWE-333', - name: 'Improper Handling of Insufficient Entropy in TRNG', - }, - { id: 'CWE-334', name: 'Small Space of Random Values' }, - { - id: 'CWE-335', - name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', - }, - { - id: 'CWE-336', - name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', - }, - { - id: 'CWE-337', - name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', - }, - { - id: 'CWE-338', - name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', - }, - { id: 'CWE-339', name: 'Small Seed Space in PRNG' }, - { id: 'CWE-34', name: "Path Traversal: '....//'" }, - { id: 'CWE-340', name: 'Generation of Predictable Numbers or Identifiers' }, - { id: 'CWE-341', name: 'Predictable from Observable State' }, - { id: 'CWE-342', name: 'Predictable Exact Value from Previous Values' }, - { id: 'CWE-343', name: 'Predictable Value Range from Previous Values' }, - { - id: 'CWE-344', - name: 'Use of Invariant Value in Dynamically Changing Context', - }, - { id: 'CWE-345', name: 'Insufficient Verification of Data Authenticity' }, - { id: 'CWE-346', name: 'Origin Validation Error' }, - { id: 'CWE-347', name: 'Improper Verification of Cryptographic Signature' }, - { id: 'CWE-348', name: 'Use of Less Trusted Source' }, - { - id: 'CWE-349', - name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', - }, - { id: 'CWE-35', name: "Path Traversal: '.../...//'" }, - { - id: 'CWE-350', - name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', - }, - { id: 'CWE-351', name: 'Insufficient Type Distinction' }, - { id: 'CWE-352', name: 'Cross-Site Request Forgery (CSRF)' }, - { id: 'CWE-353', name: 'Missing Support for Integrity Check' }, - { id: 'CWE-354', name: 'Improper Validation of Integrity Check Value' }, - { id: 'CWE-356', name: 'Product UI does not Warn User of Unsafe Actions' }, - { id: 'CWE-357', name: 'Insufficient UI Warning of Dangerous Operations' }, - { - id: 'CWE-358', - name: 'Improperly Implemented Security Check for Standard', - }, - { - id: 'CWE-359', - name: 'Exposure of Private Personal Information to an Unauthorized Actor', - }, - { id: 'CWE-36', name: 'Absolute Path Traversal' }, - { id: 'CWE-360', name: 'Trust of System Event Data' }, - { - id: 'CWE-362', - name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", - }, - { id: 'CWE-363', name: 'Race Condition Enabling Link Following' }, - { id: 'CWE-364', name: 'Signal Handler Race Condition' }, - { id: 'CWE-365', name: 'DEPRECATED: Race Condition in Switch' }, - { id: 'CWE-366', name: 'Race Condition within a Thread' }, - { - id: 'CWE-367', - name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', - }, - { id: 'CWE-368', name: 'Context Switching Race Condition' }, - { id: 'CWE-369', name: 'Divide By Zero' }, - { id: 'CWE-37', name: "Path Traversal: '/absolute/pathname/here'" }, - { - id: 'CWE-370', - name: 'Missing Check for Certificate Revocation after Initial Check', - }, - { id: 'CWE-372', name: 'Incomplete Internal State Distinction' }, - { id: 'CWE-373', name: 'DEPRECATED: State Synchronization Error' }, - { id: 'CWE-374', name: 'Passing Mutable Objects to an Untrusted Method' }, - { - id: 'CWE-375', - name: 'Returning a Mutable Object to an Untrusted Caller', - }, - { id: 'CWE-377', name: 'Insecure Temporary File' }, - { - id: 'CWE-378', - name: 'Creation of Temporary File With Insecure Permissions', - }, - { - id: 'CWE-379', - name: 'Creation of Temporary File in Directory with Insecure Permissions', - }, - { id: 'CWE-38', name: "Path Traversal: '\\absolute\\pathname\\here'" }, - { id: 'CWE-382', name: 'J2EE Bad Practices: Use of System.exit()' }, - { id: 'CWE-383', name: 'J2EE Bad Practices: Direct Use of Threads' }, - { id: 'CWE-384', name: 'Session Fixation' }, - { id: 'CWE-385', name: 'Covert Timing Channel' }, - { id: 'CWE-386', name: 'Symbolic Name not Mapping to Correct Object' }, - { id: 'CWE-39', name: "Path Traversal: 'C:dirname'" }, - { id: 'CWE-390', name: 'Detection of Error Condition Without Action' }, - { id: 'CWE-391', name: 'Unchecked Error Condition' }, - { id: 'CWE-392', name: 'Missing Report of Error Condition' }, - { id: 'CWE-393', name: 'Return of Wrong Status Code' }, - { id: 'CWE-394', name: 'Unexpected Status Code or Return Value' }, - { - id: 'CWE-395', - name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', - }, - { id: 'CWE-396', name: 'Declaration of Catch for Generic Exception' }, - { id: 'CWE-397', name: 'Declaration of Throws for Generic Exception' }, - { - id: 'CWE-40', - name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", - }, - { id: 'CWE-400', name: 'Uncontrolled Resource Consumption' }, - { - id: 'CWE-401', - name: 'Missing Release of Memory after Effective Lifetime', - }, - { - id: 'CWE-402', - name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", - }, - { - id: 'CWE-403', - name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", - }, - { id: 'CWE-404', name: 'Improper Resource Shutdown or Release' }, - { id: 'CWE-405', name: 'Asymmetric Resource Consumption (Amplification)' }, - { - id: 'CWE-406', - name: 'Insufficient Control of Network Message Volume (Network Amplification)', - }, - { id: 'CWE-407', name: 'Inefficient Algorithmic Complexity' }, - { id: 'CWE-408', name: 'Incorrect Behavior Order: Early Amplification' }, - { - id: 'CWE-409', - name: 'Improper Handling of Highly Compressed Data (Data Amplification)', - }, - { id: 'CWE-41', name: 'Improper Resolution of Path Equivalence' }, - { id: 'CWE-410', name: 'Insufficient Resource Pool' }, - { id: 'CWE-412', name: 'Unrestricted Externally Accessible Lock' }, - { id: 'CWE-413', name: 'Improper Resource Locking' }, - { id: 'CWE-414', name: 'Missing Lock Check' }, - { id: 'CWE-415', name: 'Double Free' }, - { id: 'CWE-416', name: 'Use After Free' }, - { id: 'CWE-419', name: 'Unprotected Primary Channel' }, - { id: 'CWE-42', name: "Path Equivalence: 'filename.' (Trailing Dot)" }, - { id: 'CWE-420', name: 'Unprotected Alternate Channel' }, - { - id: 'CWE-421', - name: 'Race Condition During Access to Alternate Channel', - }, - { - id: 'CWE-422', - name: "Unprotected Windows Messaging Channel ('Shatter')", - }, - { id: 'CWE-423', name: 'DEPRECATED: Proxied Trusted Channel' }, - { id: 'CWE-424', name: 'Improper Protection of Alternate Path' }, - { id: 'CWE-425', name: "Direct Request ('Forced Browsing')" }, - { id: 'CWE-426', name: 'Untrusted Search Path' }, - { id: 'CWE-427', name: 'Uncontrolled Search Path Element' }, - { id: 'CWE-428', name: 'Unquoted Search Path or Element' }, - { - id: 'CWE-43', - name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", - }, - { id: 'CWE-430', name: 'Deployment of Wrong Handler' }, - { id: 'CWE-431', name: 'Missing Handler' }, - { - id: 'CWE-432', - name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', - }, - { id: 'CWE-433', name: 'Unparsed Raw Web Content Delivery' }, - { id: 'CWE-434', name: 'Unrestricted Upload of File with Dangerous Type' }, - { - id: 'CWE-435', - name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', - }, - { id: 'CWE-436', name: 'Interpretation Conflict' }, - { id: 'CWE-437', name: 'Incomplete Model of Endpoint Features' }, - { id: 'CWE-439', name: 'Behavioral Change in New Version or Environment' }, - { id: 'CWE-44', name: "Path Equivalence: 'file.name' (Internal Dot)" }, - { id: 'CWE-440', name: 'Expected Behavior Violation' }, - { - id: 'CWE-441', - name: "Unintended Proxy or Intermediary ('Confused Deputy')", - }, - { id: 'CWE-443', name: 'DEPRECATED: HTTP response splitting' }, - { - id: 'CWE-444', - name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", - }, - { id: 'CWE-446', name: 'UI Discrepancy for Security Feature' }, - { id: 'CWE-447', name: 'Unimplemented or Unsupported Feature in UI' }, - { id: 'CWE-448', name: 'Obsolete Feature in UI' }, - { id: 'CWE-449', name: 'The UI Performs the Wrong Action' }, - { - id: 'CWE-45', - name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", - }, - { id: 'CWE-450', name: 'Multiple Interpretations of UI Input' }, - { - id: 'CWE-451', - name: 'User Interface (UI) Misrepresentation of Critical Information', - }, - { id: 'CWE-453', name: 'Insecure Default Variable Initialization' }, - { - id: 'CWE-454', - name: 'External Initialization of Trusted Variables or Data Stores', - }, - { id: 'CWE-455', name: 'Non-exit on Failed Initialization' }, - { id: 'CWE-456', name: 'Missing Initialization of a Variable' }, - { id: 'CWE-457', name: 'Use of Uninitialized Variable' }, - { id: 'CWE-458', name: 'DEPRECATED: Incorrect Initialization' }, - { id: 'CWE-459', name: 'Incomplete Cleanup' }, - { id: 'CWE-46', name: "Path Equivalence: 'filename ' (Trailing Space)" }, - { id: 'CWE-460', name: 'Improper Cleanup on Thrown Exception' }, - { id: 'CWE-462', name: 'Duplicate Key in Associative List (Alist)' }, - { id: 'CWE-463', name: 'Deletion of Data Structure Sentinel' }, - { id: 'CWE-464', name: 'Addition of Data Structure Sentinel' }, - { - id: 'CWE-466', - name: 'Return of Pointer Value Outside of Expected Range', - }, - { id: 'CWE-467', name: 'Use of sizeof() on a Pointer Type' }, - { id: 'CWE-468', name: 'Incorrect Pointer Scaling' }, - { id: 'CWE-469', name: 'Use of Pointer Subtraction to Determine Size' }, - { id: 'CWE-47', name: "Path Equivalence: ' filename' (Leading Space)" }, - { - id: 'CWE-470', - name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", - }, - { id: 'CWE-471', name: 'Modification of Assumed-Immutable Data (MAID)' }, - { - id: 'CWE-472', - name: 'External Control of Assumed-Immutable Web Parameter', - }, - { id: 'CWE-473', name: 'PHP External Variable Modification' }, - { - id: 'CWE-474', - name: 'Use of Function with Inconsistent Implementations', - }, - { id: 'CWE-475', name: 'Undefined Behavior for Input to API' }, - { id: 'CWE-476', name: 'NULL Pointer Dereference' }, - { id: 'CWE-477', name: 'Use of Obsolete Function' }, - { - id: 'CWE-478', - name: 'Missing Default Case in Multiple Condition Expression', - }, - { id: 'CWE-479', name: 'Signal Handler Use of a Non-reentrant Function' }, - { - id: 'CWE-48', - name: "Path Equivalence: 'file name' (Internal Whitespace)", - }, - { id: 'CWE-480', name: 'Use of Incorrect Operator' }, - { id: 'CWE-481', name: 'Assigning instead of Comparing' }, - { id: 'CWE-482', name: 'Comparing instead of Assigning' }, - { id: 'CWE-483', name: 'Incorrect Block Delimitation' }, - { id: 'CWE-484', name: 'Omitted Break Statement in Switch' }, - { id: 'CWE-486', name: 'Comparison of Classes by Name' }, - { id: 'CWE-487', name: 'Reliance on Package-level Scope' }, - { id: 'CWE-488', name: 'Exposure of Data Element to Wrong Session' }, - { id: 'CWE-489', name: 'Active Debug Code' }, - { id: 'CWE-49', name: "Path Equivalence: 'filename/' (Trailing Slash)" }, - { - id: 'CWE-491', - name: "Public cloneable() Method Without Final ('Object Hijack')", - }, - { id: 'CWE-492', name: 'Use of Inner Class Containing Sensitive Data' }, - { id: 'CWE-493', name: 'Critical Public Variable Without Final Modifier' }, - { id: 'CWE-494', name: 'Download of Code Without Integrity Check' }, - { - id: 'CWE-495', - name: 'Private Data Structure Returned From A Public Method', - }, - { - id: 'CWE-496', - name: 'Public Data Assigned to Private Array-Typed Field', - }, - { - id: 'CWE-497', - name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', - }, - { id: 'CWE-498', name: 'Cloneable Class Containing Sensitive Information' }, - { id: 'CWE-499', name: 'Serializable Class Containing Sensitive Data' }, - { - id: 'CWE-5', - name: 'J2EE Misconfiguration: Data Transmission Without Encryption', - }, - { id: 'CWE-50', name: "Path Equivalence: '//multiple/leading/slash'" }, - { id: 'CWE-500', name: 'Public Static Field Not Marked Final' }, - { id: 'CWE-501', name: 'Trust Boundary Violation' }, - { id: 'CWE-502', name: 'Deserialization of Untrusted Data' }, - { id: 'CWE-506', name: 'Embedded Malicious Code' }, - { id: 'CWE-507', name: 'Trojan Horse' }, - { id: 'CWE-508', name: 'Non-Replicating Malicious Code' }, - { id: 'CWE-509', name: 'Replicating Malicious Code (Virus or Worm)' }, - { id: 'CWE-51', name: "Path Equivalence: '/multiple//internal/slash'" }, - { id: 'CWE-510', name: 'Trapdoor' }, - { id: 'CWE-511', name: 'Logic/Time Bomb' }, - { id: 'CWE-512', name: 'Spyware' }, - { id: 'CWE-514', name: 'Covert Channel' }, - { id: 'CWE-515', name: 'Covert Storage Channel' }, - { id: 'CWE-516', name: 'DEPRECATED: Covert Timing Channel' }, - { id: 'CWE-52', name: "Path Equivalence: '/multiple/trailing/slash//'" }, - { id: 'CWE-520', name: '.NET Misconfiguration: Use of Impersonation' }, - { id: 'CWE-521', name: 'Weak Password Requirements' }, - { id: 'CWE-522', name: 'Insufficiently Protected Credentials' }, - { id: 'CWE-523', name: 'Unprotected Transport of Credentials' }, - { id: 'CWE-524', name: 'Use of Cache Containing Sensitive Information' }, - { - id: 'CWE-525', - name: 'Use of Web Browser Cache Containing Sensitive Information', - }, - { - id: 'CWE-526', - name: 'Cleartext Storage of Sensitive Information in an Environment Variable', - }, - { - id: 'CWE-527', - name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', - }, - { - id: 'CWE-528', - name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', - }, - { - id: 'CWE-529', - name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', - }, - { - id: 'CWE-53', - name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", - }, - { - id: 'CWE-530', - name: 'Exposure of Backup File to an Unauthorized Control Sphere', - }, - { id: 'CWE-531', name: 'Inclusion of Sensitive Information in Test Code' }, - { id: 'CWE-532', name: 'Insertion of Sensitive Information into Log File' }, - { - id: 'CWE-533', - name: 'DEPRECATED: Information Exposure Through Server Log Files', - }, - { - id: 'CWE-534', - name: 'DEPRECATED: Information Exposure Through Debug Log Files', - }, - { - id: 'CWE-535', - name: 'Exposure of Information Through Shell Error Message', - }, - { - id: 'CWE-536', - name: 'Servlet Runtime Error Message Containing Sensitive Information', - }, - { - id: 'CWE-537', - name: 'Java Runtime Error Message Containing Sensitive Information', - }, - { - id: 'CWE-538', - name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', - }, - { - id: 'CWE-539', - name: 'Use of Persistent Cookies Containing Sensitive Information', - }, - { - id: 'CWE-54', - name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", - }, - { - id: 'CWE-540', - name: 'Inclusion of Sensitive Information in Source Code', - }, - { - id: 'CWE-541', - name: 'Inclusion of Sensitive Information in an Include File', - }, - { - id: 'CWE-542', - name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', - }, - { - id: 'CWE-543', - name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', - }, - { id: 'CWE-544', name: 'Missing Standardized Error Handling Mechanism' }, - { id: 'CWE-545', name: 'DEPRECATED: Use of Dynamic Class Loading' }, - { id: 'CWE-546', name: 'Suspicious Comment' }, - { id: 'CWE-547', name: 'Use of Hard-coded, Security-relevant Constants' }, - { - id: 'CWE-548', - name: 'Exposure of Information Through Directory Listing', - }, - { id: 'CWE-549', name: 'Missing Password Field Masking' }, - { id: 'CWE-55', name: "Path Equivalence: '/./' (Single Dot Directory)" }, - { - id: 'CWE-550', - name: 'Server-generated Error Message Containing Sensitive Information', - }, - { - id: 'CWE-551', - name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', - }, - { - id: 'CWE-552', - name: 'Files or Directories Accessible to External Parties', - }, - { id: 'CWE-553', name: 'Command Shell in Externally Accessible Directory' }, - { - id: 'CWE-554', - name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', - }, - { - id: 'CWE-555', - name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', - }, - { - id: 'CWE-556', - name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', - }, - { id: 'CWE-558', name: 'Use of getlogin() in Multithreaded Application' }, - { id: 'CWE-56', name: "Path Equivalence: 'filedir*' (Wildcard)" }, - { id: 'CWE-560', name: 'Use of umask() with chmod-style Argument' }, - { id: 'CWE-561', name: 'Dead Code' }, - { id: 'CWE-562', name: 'Return of Stack Variable Address' }, - { id: 'CWE-563', name: 'Assignment to Variable without Use' }, - { id: 'CWE-564', name: 'SQL Injection: Hibernate' }, - { - id: 'CWE-565', - name: 'Reliance on Cookies without Validation and Integrity Checking', - }, - { - id: 'CWE-566', - name: 'Authorization Bypass Through User-Controlled SQL Primary Key', - }, - { - id: 'CWE-567', - name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', - }, - { id: 'CWE-568', name: 'finalize() Method Without super.finalize()' }, - { id: 'CWE-57', name: "Path Equivalence: 'fakedir/../realdir/filename'" }, - { id: 'CWE-570', name: 'Expression is Always False' }, - { id: 'CWE-571', name: 'Expression is Always True' }, - { id: 'CWE-572', name: 'Call to Thread run() instead of start()' }, - { id: 'CWE-573', name: 'Improper Following of Specification by Caller' }, - { - id: 'CWE-574', - name: 'EJB Bad Practices: Use of Synchronization Primitives', - }, - { id: 'CWE-575', name: 'EJB Bad Practices: Use of AWT Swing' }, - { id: 'CWE-576', name: 'EJB Bad Practices: Use of Java I/O' }, - { id: 'CWE-577', name: 'EJB Bad Practices: Use of Sockets' }, - { id: 'CWE-578', name: 'EJB Bad Practices: Use of Class Loader' }, - { - id: 'CWE-579', - name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', - }, - { id: 'CWE-58', name: 'Path Equivalence: Windows 8.3 Filename' }, - { id: 'CWE-580', name: 'clone() Method Without super.clone()' }, - { - id: 'CWE-581', - name: 'Object Model Violation: Just One of Equals and Hashcode Defined', - }, - { id: 'CWE-582', name: 'Array Declared Public, Final, and Static' }, - { id: 'CWE-583', name: 'finalize() Method Declared Public' }, - { id: 'CWE-584', name: 'Return Inside Finally Block' }, - { id: 'CWE-585', name: 'Empty Synchronized Block' }, - { id: 'CWE-586', name: 'Explicit Call to Finalize()' }, - { id: 'CWE-587', name: 'Assignment of a Fixed Address to a Pointer' }, - { - id: 'CWE-588', - name: 'Attempt to Access Child of a Non-structure Pointer', - }, - { id: 'CWE-589', name: 'Call to Non-ubiquitous API' }, - { - id: 'CWE-59', - name: "Improper Link Resolution Before File Access ('Link Following')", - }, - { id: 'CWE-590', name: 'Free of Memory not on the Heap' }, - { - id: 'CWE-591', - name: 'Sensitive Data Storage in Improperly Locked Memory', - }, - { id: 'CWE-592', name: 'DEPRECATED: Authentication Bypass Issues' }, - { - id: 'CWE-593', - name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', - }, - { - id: 'CWE-594', - name: 'J2EE Framework: Saving Unserializable Objects to Disk', - }, - { - id: 'CWE-595', - name: 'Comparison of Object References Instead of Object Contents', - }, - { id: 'CWE-596', name: 'DEPRECATED: Incorrect Semantic Object Comparison' }, - { id: 'CWE-597', name: 'Use of Wrong Operator in String Comparison' }, - { - id: 'CWE-598', - name: 'Use of GET Request Method With Sensitive Query Strings', - }, - { id: 'CWE-599', name: 'Missing Validation of OpenSSL Certificate' }, - { - id: 'CWE-6', - name: 'J2EE Misconfiguration: Insufficient Session-ID Length', - }, - { id: 'CWE-600', name: 'Uncaught Exception in Servlet' }, - { - id: 'CWE-601', - name: "URL Redirection to Untrusted Site ('Open Redirect')", - }, - { id: 'CWE-602', name: 'Client-Side Enforcement of Server-Side Security' }, - { id: 'CWE-603', name: 'Use of Client-Side Authentication' }, - { id: 'CWE-605', name: 'Multiple Binds to the Same Port' }, - { id: 'CWE-606', name: 'Unchecked Input for Loop Condition' }, - { - id: 'CWE-607', - name: 'Public Static Final Field References Mutable Object', - }, - { id: 'CWE-608', name: 'Struts: Non-private Field in ActionForm Class' }, - { id: 'CWE-609', name: 'Double-Checked Locking' }, - { id: 'CWE-61', name: 'UNIX Symbolic Link (Symlink) Following' }, - { - id: 'CWE-610', - name: 'Externally Controlled Reference to a Resource in Another Sphere', - }, - { - id: 'CWE-611', - name: 'Improper Restriction of XML External Entity Reference', - }, - { - id: 'CWE-612', - name: 'Improper Authorization of Index Containing Sensitive Information', - }, - { id: 'CWE-613', name: 'Insufficient Session Expiration' }, - { - id: 'CWE-614', - name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", - }, - { - id: 'CWE-615', - name: 'Inclusion of Sensitive Information in Source Code Comments', - }, - { - id: 'CWE-616', - name: 'Incomplete Identification of Uploaded File Variables (PHP)', - }, - { id: 'CWE-617', name: 'Reachable Assertion' }, - { id: 'CWE-618', name: 'Exposed Unsafe ActiveX Method' }, - { id: 'CWE-619', name: "Dangling Database Cursor ('Cursor Injection')" }, - { id: 'CWE-62', name: 'UNIX Hard Link' }, - { id: 'CWE-620', name: 'Unverified Password Change' }, - { id: 'CWE-621', name: 'Variable Extraction Error' }, - { id: 'CWE-622', name: 'Improper Validation of Function Hook Arguments' }, - { id: 'CWE-623', name: 'Unsafe ActiveX Control Marked Safe For Scripting' }, - { id: 'CWE-624', name: 'Executable Regular Expression Error' }, - { id: 'CWE-625', name: 'Permissive Regular Expression' }, - { id: 'CWE-626', name: 'Null Byte Interaction Error (Poison Null Byte)' }, - { id: 'CWE-627', name: 'Dynamic Variable Evaluation' }, - { - id: 'CWE-628', - name: 'Function Call with Incorrectly Specified Arguments', - }, - { id: 'CWE-636', name: "Not Failing Securely ('Failing Open')" }, - { - id: 'CWE-637', - name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", - }, - { id: 'CWE-638', name: 'Not Using Complete Mediation' }, - { id: 'CWE-639', name: 'Authorization Bypass Through User-Controlled Key' }, - { id: 'CWE-64', name: 'Windows Shortcut Following (.LNK)' }, - { - id: 'CWE-640', - name: 'Weak Password Recovery Mechanism for Forgotten Password', - }, - { - id: 'CWE-641', - name: 'Improper Restriction of Names for Files and Other Resources', - }, - { id: 'CWE-642', name: 'External Control of Critical State Data' }, - { - id: 'CWE-643', - name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", - }, - { - id: 'CWE-644', - name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', - }, - { id: 'CWE-645', name: 'Overly Restrictive Account Lockout Mechanism' }, - { - id: 'CWE-646', - name: 'Reliance on File Name or Extension of Externally-Supplied File', - }, - { - id: 'CWE-647', - name: 'Use of Non-Canonical URL Paths for Authorization Decisions', - }, - { id: 'CWE-648', name: 'Incorrect Use of Privileged APIs' }, - { - id: 'CWE-649', - name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', - }, - { id: 'CWE-65', name: 'Windows Hard Link' }, - { - id: 'CWE-650', - name: 'Trusting HTTP Permission Methods on the Server Side', - }, - { - id: 'CWE-651', - name: 'Exposure of WSDL File Containing Sensitive Information', - }, - { - id: 'CWE-652', - name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", - }, - { id: 'CWE-653', name: 'Improper Isolation or Compartmentalization' }, - { - id: 'CWE-654', - name: 'Reliance on a Single Factor in a Security Decision', - }, - { id: 'CWE-655', name: 'Insufficient Psychological Acceptability' }, - { id: 'CWE-656', name: 'Reliance on Security Through Obscurity' }, - { id: 'CWE-657', name: 'Violation of Secure Design Principles' }, - { - id: 'CWE-66', - name: 'Improper Handling of File Names that Identify Virtual Resources', - }, - { id: 'CWE-662', name: 'Improper Synchronization' }, - { - id: 'CWE-663', - name: 'Use of a Non-reentrant Function in a Concurrent Context', - }, - { - id: 'CWE-664', - name: 'Improper Control of a Resource Through its Lifetime', - }, - { id: 'CWE-665', name: 'Improper Initialization' }, - { id: 'CWE-666', name: 'Operation on Resource in Wrong Phase of Lifetime' }, - { id: 'CWE-667', name: 'Improper Locking' }, - { id: 'CWE-668', name: 'Exposure of Resource to Wrong Sphere' }, - { id: 'CWE-669', name: 'Incorrect Resource Transfer Between Spheres' }, - { id: 'CWE-67', name: 'Improper Handling of Windows Device Names' }, - { id: 'CWE-670', name: 'Always-Incorrect Control Flow Implementation' }, - { id: 'CWE-671', name: 'Lack of Administrator Control over Security' }, - { - id: 'CWE-672', - name: 'Operation on a Resource after Expiration or Release', - }, - { id: 'CWE-673', name: 'External Influence of Sphere Definition' }, - { id: 'CWE-674', name: 'Uncontrolled Recursion' }, - { - id: 'CWE-675', - name: 'Multiple Operations on Resource in Single-Operation Context', - }, - { id: 'CWE-676', name: 'Use of Potentially Dangerous Function' }, - { id: 'CWE-680', name: 'Integer Overflow to Buffer Overflow' }, - { id: 'CWE-681', name: 'Incorrect Conversion between Numeric Types' }, - { id: 'CWE-682', name: 'Incorrect Calculation' }, - { id: 'CWE-683', name: 'Function Call With Incorrect Order of Arguments' }, - { id: 'CWE-684', name: 'Incorrect Provision of Specified Functionality' }, - { id: 'CWE-685', name: 'Function Call With Incorrect Number of Arguments' }, - { id: 'CWE-686', name: 'Function Call With Incorrect Argument Type' }, - { - id: 'CWE-687', - name: 'Function Call With Incorrectly Specified Argument Value', - }, - { - id: 'CWE-688', - name: 'Function Call With Incorrect Variable or Reference as Argument', - }, - { id: 'CWE-689', name: 'Permission Race Condition During Resource Copy' }, - { - id: 'CWE-69', - name: 'Improper Handling of Windows ::DATA Alternate Data Stream', - }, - { - id: 'CWE-690', - name: 'Unchecked Return Value to NULL Pointer Dereference', - }, - { id: 'CWE-691', name: 'Insufficient Control Flow Management' }, - { id: 'CWE-692', name: 'Incomplete Denylist to Cross-Site Scripting' }, - { id: 'CWE-693', name: 'Protection Mechanism Failure' }, - { - id: 'CWE-694', - name: 'Use of Multiple Resources with Duplicate Identifier', - }, - { id: 'CWE-695', name: 'Use of Low-Level Functionality' }, - { id: 'CWE-696', name: 'Incorrect Behavior Order' }, - { id: 'CWE-697', name: 'Incorrect Comparison' }, - { id: 'CWE-698', name: 'Execution After Redirect (EAR)' }, - { id: 'CWE-7', name: 'J2EE Misconfiguration: Missing Custom Error Page' }, - { - id: 'CWE-703', - name: 'Improper Check or Handling of Exceptional Conditions', - }, - { id: 'CWE-704', name: 'Incorrect Type Conversion or Cast' }, - { id: 'CWE-705', name: 'Incorrect Control Flow Scoping' }, - { id: 'CWE-706', name: 'Use of Incorrectly-Resolved Name or Reference' }, - { id: 'CWE-707', name: 'Improper Neutralization' }, - { id: 'CWE-708', name: 'Incorrect Ownership Assignment' }, - { id: 'CWE-71', name: "DEPRECATED: Apple '.DS_Store'" }, - { id: 'CWE-710', name: 'Improper Adherence to Coding Standards' }, - { - id: 'CWE-72', - name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', - }, - { id: 'CWE-73', name: 'External Control of File Name or Path' }, - { - id: 'CWE-732', - name: 'Incorrect Permission Assignment for Critical Resource', - }, - { - id: 'CWE-733', - name: 'Compiler Optimization Removal or Modification of Security-critical Code', - }, - { - id: 'CWE-74', - name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - }, - { id: 'CWE-749', name: 'Exposed Dangerous Method or Function' }, - { - id: 'CWE-75', - name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', - }, - { - id: 'CWE-754', - name: 'Improper Check for Unusual or Exceptional Conditions', - }, - { id: 'CWE-755', name: 'Improper Handling of Exceptional Conditions' }, - { id: 'CWE-756', name: 'Missing Custom Error Page' }, - { - id: 'CWE-757', - name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", - }, - { - id: 'CWE-758', - name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', - }, - { id: 'CWE-759', name: 'Use of a One-Way Hash without a Salt' }, - { - id: 'CWE-76', - name: 'Improper Neutralization of Equivalent Special Elements', - }, - { id: 'CWE-760', name: 'Use of a One-Way Hash with a Predictable Salt' }, - { id: 'CWE-761', name: 'Free of Pointer not at Start of Buffer' }, - { id: 'CWE-762', name: 'Mismatched Memory Management Routines' }, - { id: 'CWE-763', name: 'Release of Invalid Pointer or Reference' }, - { id: 'CWE-764', name: 'Multiple Locks of a Critical Resource' }, - { id: 'CWE-765', name: 'Multiple Unlocks of a Critical Resource' }, - { id: 'CWE-766', name: 'Critical Data Element Declared Public' }, - { - id: 'CWE-767', - name: 'Access to Critical Private Variable via Public Method', - }, - { id: 'CWE-768', name: 'Incorrect Short Circuit Evaluation' }, - { - id: 'CWE-769', - name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', - }, - { - id: 'CWE-77', - name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", - }, - { - id: 'CWE-770', - name: 'Allocation of Resources Without Limits or Throttling', - }, - { id: 'CWE-771', name: 'Missing Reference to Active Allocated Resource' }, - { - id: 'CWE-772', - name: 'Missing Release of Resource after Effective Lifetime', - }, - { - id: 'CWE-773', - name: 'Missing Reference to Active File Descriptor or Handle', - }, - { - id: 'CWE-774', - name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', - }, - { - id: 'CWE-775', - name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', - }, - { - id: 'CWE-776', - name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", - }, - { id: 'CWE-777', name: 'Regular Expression without Anchors' }, - { id: 'CWE-778', name: 'Insufficient Logging' }, - { id: 'CWE-779', name: 'Logging of Excessive Data' }, - { - id: 'CWE-78', - name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", - }, - { id: 'CWE-780', name: 'Use of RSA Algorithm without OAEP' }, - { - id: 'CWE-781', - name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', - }, - { id: 'CWE-782', name: 'Exposed IOCTL with Insufficient Access Control' }, - { id: 'CWE-783', name: 'Operator Precedence Logic Error' }, - { - id: 'CWE-784', - name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', - }, - { - id: 'CWE-785', - name: 'Use of Path Manipulation Function without Maximum-sized Buffer', - }, - { id: 'CWE-786', name: 'Access of Memory Location Before Start of Buffer' }, - { id: 'CWE-787', name: 'Out-of-bounds Write' }, - { id: 'CWE-788', name: 'Access of Memory Location After End of Buffer' }, - { id: 'CWE-789', name: 'Memory Allocation with Excessive Size Value' }, - { - id: 'CWE-79', - name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - }, - { id: 'CWE-790', name: 'Improper Filtering of Special Elements' }, - { id: 'CWE-791', name: 'Incomplete Filtering of Special Elements' }, - { - id: 'CWE-792', - name: 'Incomplete Filtering of One or More Instances of Special Elements', - }, - { id: 'CWE-793', name: 'Only Filtering One Instance of a Special Element' }, - { - id: 'CWE-794', - name: 'Incomplete Filtering of Multiple Instances of Special Elements', - }, - { - id: 'CWE-795', - name: 'Only Filtering Special Elements at a Specified Location', - }, - { - id: 'CWE-796', - name: 'Only Filtering Special Elements Relative to a Marker', - }, - { - id: 'CWE-797', - name: 'Only Filtering Special Elements at an Absolute Position', - }, - { id: 'CWE-798', name: 'Use of Hard-coded Credentials' }, - { id: 'CWE-799', name: 'Improper Control of Interaction Frequency' }, - { id: 'CWE-8', name: 'J2EE Misconfiguration: Entity Bean Declared Remote' }, - { - id: 'CWE-80', - name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', - }, - { id: 'CWE-804', name: 'Guessable CAPTCHA' }, - { id: 'CWE-805', name: 'Buffer Access with Incorrect Length Value' }, - { id: 'CWE-806', name: 'Buffer Access Using Size of Source Buffer' }, - { - id: 'CWE-807', - name: 'Reliance on Untrusted Inputs in a Security Decision', - }, - { - id: 'CWE-81', - name: 'Improper Neutralization of Script in an Error Message Web Page', - }, - { - id: 'CWE-82', - name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', - }, - { id: 'CWE-820', name: 'Missing Synchronization' }, - { id: 'CWE-821', name: 'Incorrect Synchronization' }, - { id: 'CWE-822', name: 'Untrusted Pointer Dereference' }, - { id: 'CWE-823', name: 'Use of Out-of-range Pointer Offset' }, - { id: 'CWE-824', name: 'Access of Uninitialized Pointer' }, - { id: 'CWE-825', name: 'Expired Pointer Dereference' }, - { - id: 'CWE-826', - name: 'Premature Release of Resource During Expected Lifetime', - }, - { id: 'CWE-827', name: 'Improper Control of Document Type Definition' }, - { - id: 'CWE-828', - name: 'Signal Handler with Functionality that is not Asynchronous-Safe', - }, - { - id: 'CWE-829', - name: 'Inclusion of Functionality from Untrusted Control Sphere', - }, - { - id: 'CWE-83', - name: 'Improper Neutralization of Script in Attributes in a Web Page', - }, - { - id: 'CWE-830', - name: 'Inclusion of Web Functionality from an Untrusted Source', - }, - { - id: 'CWE-831', - name: 'Signal Handler Function Associated with Multiple Signals', - }, - { id: 'CWE-832', name: 'Unlock of a Resource that is not Locked' }, - { id: 'CWE-833', name: 'Deadlock' }, - { id: 'CWE-834', name: 'Excessive Iteration' }, - { - id: 'CWE-835', - name: "Loop with Unreachable Exit Condition ('Infinite Loop')", - }, - { - id: 'CWE-836', - name: 'Use of Password Hash Instead of Password for Authentication', - }, - { id: 'CWE-837', name: 'Improper Enforcement of a Single, Unique Action' }, - { id: 'CWE-838', name: 'Inappropriate Encoding for Output Context' }, - { id: 'CWE-839', name: 'Numeric Range Comparison Without Minimum Check' }, - { - id: 'CWE-84', - name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', - }, - { id: 'CWE-841', name: 'Improper Enforcement of Behavioral Workflow' }, - { id: 'CWE-842', name: 'Placement of User into Incorrect Group' }, - { - id: 'CWE-843', - name: "Access of Resource Using Incompatible Type ('Type Confusion')", - }, - { id: 'CWE-85', name: 'Doubled Character XSS Manipulations' }, - { - id: 'CWE-86', - name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', - }, - { id: 'CWE-862', name: 'Missing Authorization' }, - { id: 'CWE-863', name: 'Incorrect Authorization' }, - { id: 'CWE-87', name: 'Improper Neutralization of Alternate XSS Syntax' }, - { - id: 'CWE-88', - name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", - }, - { - id: 'CWE-89', - name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - }, - { - id: 'CWE-9', - name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', - }, - { - id: 'CWE-90', - name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", - }, - { id: 'CWE-908', name: 'Use of Uninitialized Resource' }, - { id: 'CWE-909', name: 'Missing Initialization of Resource' }, - { id: 'CWE-91', name: 'XML Injection (aka Blind XPath Injection)' }, - { id: 'CWE-910', name: 'Use of Expired File Descriptor' }, - { id: 'CWE-911', name: 'Improper Update of Reference Count' }, - { id: 'CWE-912', name: 'Hidden Functionality' }, - { - id: 'CWE-913', - name: 'Improper Control of Dynamically-Managed Code Resources', - }, - { - id: 'CWE-914', - name: 'Improper Control of Dynamically-Identified Variables', - }, - { - id: 'CWE-915', - name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', - }, - { - id: 'CWE-916', - name: 'Use of Password Hash With Insufficient Computational Effort', - }, - { - id: 'CWE-917', - name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", - }, - { id: 'CWE-918', name: 'Server-Side Request Forgery (SSRF)' }, - { - id: 'CWE-92', - name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', - }, - { id: 'CWE-920', name: 'Improper Restriction of Power Consumption' }, - { - id: 'CWE-921', - name: 'Storage of Sensitive Data in a Mechanism without Access Control', - }, - { id: 'CWE-922', name: 'Insecure Storage of Sensitive Information' }, - { - id: 'CWE-923', - name: 'Improper Restriction of Communication Channel to Intended Endpoints', - }, - { - id: 'CWE-924', - name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', - }, - { - id: 'CWE-925', - name: 'Improper Verification of Intent by Broadcast Receiver', - }, - { - id: 'CWE-926', - name: 'Improper Export of Android Application Components', - }, - { - id: 'CWE-927', - name: 'Use of Implicit Intent for Sensitive Communication', - }, - { - id: 'CWE-93', - name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", - }, - { - id: 'CWE-939', - name: 'Improper Authorization in Handler for Custom URL Scheme', - }, - { - id: 'CWE-94', - name: "Improper Control of Generation of Code ('Code Injection')", - }, - { - id: 'CWE-940', - name: 'Improper Verification of Source of a Communication Channel', - }, - { - id: 'CWE-941', - name: 'Incorrectly Specified Destination in a Communication Channel', - }, - { - id: 'CWE-942', - name: 'Permissive Cross-domain Security Policy with Untrusted Domains', - }, - { - id: 'CWE-943', - name: 'Improper Neutralization of Special Elements in Data Query Logic', - }, - { - id: 'CWE-95', - name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - }, - { - id: 'CWE-96', - name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", - }, - { - id: 'CWE-97', - name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', - }, - { - id: 'CWE-98', - name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - }, - { - id: 'CWE-99', - name: "Improper Control of Resource Identifiers ('Resource Injection')", - }, - ], -}) diff --git a/csaf-validator-lib/lib/shared/dateHelper.js b/csaf-validator-lib/lib/shared/dateHelper.js deleted file mode 100644 index bde9351..0000000 --- a/csaf-validator-lib/lib/shared/dateHelper.js +++ /dev/null @@ -1,33 +0,0 @@ -import { Duration, ZonedDateTime } from '@js-joda/core' - -/** - * compare ZonedDateTimes from js-joda - * returns a negative number if a is less than b, positive if a is greater than b, and zero if they are equal. - * This function also returns 0 if one of the given values could not be parsed. - * - * @param {ZonedDateTime | string} a - * @param {ZonedDateTime | string} b - * @returns {0|1|-1} - * - */ -export const compareZonedDateTimes = (a, b) => { - // catch js-joda exception if a or b can't be parsed - try { - const date1 = a instanceof ZonedDateTime ? a : ZonedDateTime.parse(a) - const date2 = b instanceof ZonedDateTime ? b : ZonedDateTime.parse(b) - const duration = Duration.between(date1, date2) - - // return number based on js sort function - // > negative if a is less than b, positive if a is greater than b, and zero if they are equal. - // [Sort Documentation](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#comparefn) - if (duration.isZero()) { - return 0 - } else if (duration.isNegative()) { - return 1 - } else { - return -1 - } - } catch (e) { - return 0 - } -} diff --git a/csaf-validator-lib/lib/shared/first.js b/csaf-validator-lib/lib/shared/first.js deleted file mode 100644 index aa1fbb8..0000000 --- a/csaf-validator-lib/lib/shared/first.js +++ /dev/null @@ -1,5 +0,0 @@ -import _cvss30 from './first/cvsscalc30.js' -import _cvss31 from './first/cvsscalc31.js' - -export const cvss30 = /** @type {import('./first/types.js').CVSS30} */ (_cvss30) -export const cvss31 = /** @type {import('./first/types.js').CVSS31} */ (_cvss31) diff --git a/csaf-validator-lib/lib/shared/first/cvss40.js b/csaf-validator-lib/lib/shared/first/cvss40.js deleted file mode 100644 index f0d7282..0000000 --- a/csaf-validator-lib/lib/shared/first/cvss40.js +++ /dev/null @@ -1,1265 +0,0 @@ -// @ts-nocheck -// source https://github.com/RedHatProductSecurity/cvss-v4-calculator/blob/main/cvss40.js - -// Copyright FIRST, Red Hat, and contributors -// SPDX-License-Identifier: BSD-2-Clause - -/** - * Rounds a number to a specified number of decimal places using the "Round Half Up" method. - * - * This function shifts the decimal point to the right by the specified number of decimal places, - * rounds the shifted value to the nearest integer using the "Round Half Up" method, and then shifts - * the decimal point back to its original position. The final result is returned as a floating-point - * number with the desired number of decimal places. - * - * The "Round Half Up" method rounds a number to the nearest neighbor, rounding .5 away from zero. - * - * @param {number} value - The number to be rounded. - * @return {number} - The number rounded to one decimal place, using an additive adjustment value (EPSILON) to avoid floating-point misrepresentations of values. - * For example, 8.6 - 7.15 will return 1.4499999999999993 rather than 1.45. When rounded to one decimal place, this will incorrectly produce 1.4, instead of 1.5 (the correct result). - * The specific EPSILON value is based on interval machine epsilon value for single-precision floating point decimals. See https://en.wikipedia.org/wiki/Machine_epsilon. - * - * @example - * roundToDecimalPlaces(4.945833333333333); // returns 4.9 - * roundToDecimalPlaces(4.25); // returns 4.3 - * roundToDecimalPlaces(1.4499999999999993); // returns 1.5 - */ -function roundToDecimalPlaces(value) { - const EPSILON = Math.pow(10, -6) - return Math.round((value + EPSILON) * 10) / 10 -} - -/** - * Class representing a CVSS (Common Vulnerability Scoring System) v4.0 vector. - * - * In mathematics and computer science, a vector is a collection of elements (often numbers) that can represent different dimensions of data. - * Similarly, in CVSS, the vector string represents various dimensions of a vulnerability's characteristics. - * - * The Vector class encapsulates the CVSS v4.0 metrics, allowing for the creation, - * manipulation, and validation of CVSS vectors. It supports generating a vector string - * dynamically based on current metric values, updating metrics from an input vector string, - * and computing equivalent classes for higher-level assessments. - */ -class Vector { - // CVSS40 metrics with defaults values at first key - static METRICS = { - // Base (11 metrics) - BASE: { - AV: ['N', 'A', 'L', 'P'], - AC: ['L', 'H'], - AT: ['N', 'P'], - PR: ['N', 'L', 'H'], - UI: ['N', 'P', 'A'], - VC: ['N', 'L', 'H'], - VI: ['N', 'L', 'H'], - VA: ['N', 'L', 'H'], - SC: ['N', 'L', 'H'], - SI: ['N', 'L', 'H'], - SA: ['N', 'L', 'H'], - }, - // Threat (1 metric) - THREAT: { - E: ['X', 'A', 'P', 'U'], - }, - // Environmental (14 metrics) - ENVIRONMENTAL: { - CR: ['X', 'H', 'M', 'L'], - IR: ['X', 'H', 'M', 'L'], - AR: ['X', 'H', 'M', 'L'], - MAV: ['X', 'N', 'A', 'L', 'P'], - MAC: ['X', 'L', 'H'], - MAT: ['X', 'N', 'P'], - MPR: ['X', 'N', 'L', 'H'], - MUI: ['X', 'N', 'P', 'A'], - MVC: ['X', 'H', 'L', 'N'], - MVI: ['X', 'H', 'L', 'N'], - MVA: ['X', 'H', 'L', 'N'], - MSC: ['X', 'H', 'L', 'N'], - MSI: ['X', 'S', 'H', 'L', 'N'], - MSA: ['X', 'S', 'H', 'L', 'N'], - }, - // Supplemental (6 metrics) - SUPPLEMENTAL: { - S: ['X', 'N', 'P'], - AU: ['X', 'N', 'Y'], - R: ['X', 'A', 'U', 'I'], - V: ['X', 'D', 'C'], - RE: ['X', 'L', 'M', 'H'], - U: ['X', 'Clear', 'Green', 'Amber', 'Red'], - }, - } - - static ALL_METRICS = Object.keys(Vector.METRICS).reduce((order, category) => { - return { ...order, ...Vector.METRICS[category] } - }, {}) - - // Nomenclature base constant - static BASE_NOMENCLATURE = 'CVSS-B' - - /** - * Initializes a new Vector instance with optional CVSS vector string. - * - * This constructor initializes the metrics with their default values based on the CVSS v4.0 specification. - * If a vector string is provided, it parses the string and updates the metrics accordingly. - * - * @param {string} [vectorString=""] - Optional CVSS v4.0 vector string to initialize the metrics (e.g., "CVSS:4.0/AV:L/AC:L/PR:N/UI:R/..."). - */ - constructor(vectorString = '') { - // Initialize the metrics - const selected = {} - for (let category in Vector.METRICS) { - for (let key in Vector.METRICS[category]) { - // Use the first value in the array of allowed values as the default - selected[key] = Vector.METRICS[category][key][0] - } - } - - this.metrics = selected - - if (vectorString) { - // Remove any leading '#' symbol - if (vectorString.startsWith('#')) { - vectorString = vectorString.slice(1) - } - this.updateMetricsFromVectorString(vectorString) - } - } - - /** - * Dynamically generates the `raw` CVSS vector string based on the current state of `metrics`. - * - * This getter constructs the vector string from the `metrics` object, including only those metrics - * that are not set to "X". The string starts with "CVSS:4.0" followed by each metric and its value. - * - * @return {string} - The CVSS vector string in the format "CVSS:4.0/AV:N/AC:L/..." - */ - get raw() { - // Construct the vector string dynamically based on the current state of `metrics` - const baseString = 'CVSS:4.0' - const metricEntries = Object.entries(this.metrics) - .filter(([, value]) => value !== 'X') // Filter out metrics with value "X" - .map(([key, value]) => `/${key}:${value}`) - .join('') - return baseString + metricEntries - } - - /** - * Computes the equivalent classes for the given CVSS metrics. - * - * This method aggregates multiple detailed security metrics into a higher-level - * equivalent classes that represents the overall security posture. - * - * @returns {string} - The equivalent classes (e.g., "002201"). - */ - get equivalentClasses() { - // Helper function to compute EQ1 - const computeEQ1 = () => { - const AV = this.getEffectiveMetricValue('AV') - const PR = this.getEffectiveMetricValue('PR') - const UI = this.getEffectiveMetricValue('UI') - - if (AV === 'N' && PR === 'N' && UI === 'N') { - return '0' - } - if ( - (AV === 'N' || PR === 'N' || UI === 'N') && - !(AV === 'N' && PR === 'N' && UI === 'N') && - AV !== 'P' - ) { - return '1' - } - if (AV === 'P' || !(AV === 'N' || PR === 'N' || UI === 'N')) { - return '2' - } - } - - // Helper function to compute EQ2 - const computeEQ2 = () => { - const AC = this.getEffectiveMetricValue('AC') - const AT = this.getEffectiveMetricValue('AT') - - return AC === 'L' && AT === 'N' ? '0' : '1' - } - - // Helper function to compute EQ3 - const computeEQ3 = () => { - const VC = this.getEffectiveMetricValue('VC') - const VI = this.getEffectiveMetricValue('VI') - const VA = this.getEffectiveMetricValue('VA') - - if (VC === 'H' && VI === 'H') { - return '0' - } - if ( - !(VC === 'H' && VI === 'H') && - (VC === 'H' || VI === 'H' || VA === 'H') - ) { - return '1' - } - if (!(VC === 'H' || VI === 'H' || VA === 'H')) { - return '2' - } - } - - // Helper function to compute EQ4 - const computeEQ4 = () => { - const MSI = this.getEffectiveMetricValue('MSI') - const MSA = this.getEffectiveMetricValue('MSA') - const SC = this.getEffectiveMetricValue('SC') - const SI = this.getEffectiveMetricValue('SI') - const SA = this.getEffectiveMetricValue('SA') - - if (MSI === 'S' || MSA === 'S') { - return '0' - } - if ( - !(MSI === 'S' || MSA === 'S') && - (SC === 'H' || SI === 'H' || SA === 'H') - ) { - return '1' - } - return '2' - } - - // Helper function to compute EQ5 - const computeEQ5 = () => { - const E = this.getEffectiveMetricValue('E') - if (E === 'A') return '0' - if (E === 'P') return '1' - if (E === 'U') return '2' - } - - // Helper function to compute EQ6 - const computeEQ6 = () => { - const CR = this.getEffectiveMetricValue('CR') - const VC = this.getEffectiveMetricValue('VC') - const IR = this.getEffectiveMetricValue('IR') - const VI = this.getEffectiveMetricValue('VI') - const AR = this.getEffectiveMetricValue('AR') - const VA = this.getEffectiveMetricValue('VA') - - if ( - (CR === 'H' && VC === 'H') || - (IR === 'H' && VI === 'H') || - (AR === 'H' && VA === 'H') - ) { - return '0' - } - return '1' - } - - // Compute all equivalency values - const eq1 = computeEQ1() - const eq2 = computeEQ2() - const eq3 = computeEQ3() - const eq4 = computeEQ4() - const eq5 = computeEQ5() - const eq6 = computeEQ6() - - // Combine all EQ values into the equivalent classes - return eq1 + eq2 + eq3 + eq4 + eq5 + eq6 - } - - /** - * Determines the CVSS nomenclature based on the metrics used in the vector. - * - * This method generates the nomenclature string by evaluating whether the vector includes - * threat and/or environmental metrics. The nomenclature helps to categorize the type of vector - * (e.g., "CVSS-B", "CVSS-BE", "CVSS-BT", "CVSS-BTE"). - * - * @returns {string} - The CVSS nomenclature string. - */ - get nomenclature() { - let nomenclature = Vector.BASE_NOMENCLATURE - - const hasThreatMetrics = Object.keys(Vector.METRICS.THREAT).some( - (key) => this.metrics[key] !== 'X' - ) - const hasEnvironmentalMetrics = Object.keys( - Vector.METRICS.ENVIRONMENTAL - ).some((key) => this.metrics[key] !== 'X') - - if (hasThreatMetrics) { - nomenclature += 'T' - } - - if (hasEnvironmentalMetrics) { - nomenclature += 'E' - } - - return nomenclature - } - - /** - * Generates a detailed breakdown of equivalent classes with their associated severity levels. - * - * This method analyzes a vector string representing various dimensions of a vulnerability - * (known as macrovectors) and maps them to their corresponding human-readable severity levels - * ("High", "Medium", "Low"). - * - * @example - * const breakdown = vectorInstance.severityBreakdown(); - * console.log(breakdown["Exploitability"]); // Outputs: "Medium" - * console.log(breakdown["Complexity"]); // Outputs: "High" - * - * @returns {Object} An object where each key is a metric description and each value is the corresponding severity level. - */ - get severityBreakdown() { - const macroVector = this.equivalentClasses - - // Define the macrovectors and their positions - const macroVectorDetails = [ - 'Exploitability', - 'Complexity', - 'Vulnerable system', - 'Subsequent system', - 'Exploitation', - 'Security requirements', - ] - - // Define which macrovectors have only two severity options - const macroVectorsWithTwoSeverities = [ - 'Complexity', - 'Security requirements', - ] - - // Lookup tables for macrovectors with two and three possible severity levels - const threeSeverities = ['High', 'Medium', 'Low'] - const twoSeverities = ['High', 'Low'] - - // Construct the detailed breakdown - return Object.fromEntries( - macroVectorDetails.map((description, index) => { - // Determine which lookup table to use based on the macrovector description - const macroVectorValueOptions = macroVectorsWithTwoSeverities.includes( - description - ) - ? twoSeverities - : threeSeverities - - return [description, macroVectorValueOptions[macroVector[index]]] - }) - ) - } - - /** - * Gets the effective value for a given CVSS metric. - * - * This method determines the effective value of a metric, considering any - * modifications and defaults to the worst-case scenario for certain metrics. - * It checks if the metric has been overridden by an environmental metric and - * returns the appropriate value. - * - * @param {string} metric - The metric for which to get the effective value (e.g., "AV", "PR"). - * @returns {string} - The effective metric value. - */ - getEffectiveMetricValue(metric) { - // Default worst-case scenarios for specific metrics - const worstCaseDefaults = { - E: 'A', // If E=X, it defaults to E=A - CR: 'H', // If CR=X, it defaults to CR=H - IR: 'H', // If IR=X, it defaults to IR=H - AR: 'H', // If AR=X, it defaults to AR=H - } - - // Check if the metric has a worst-case default - if ( - this.metrics[metric] === 'X' && - Object.prototype.hasOwnProperty.call(worstCaseDefaults, metric) - ) { - return worstCaseDefaults[metric] - } - - // Check for environmental metrics that overwrite score values - const modifiedMetric = 'M' + metric - if ( - Object.prototype.hasOwnProperty.call(this.metrics, modifiedMetric) && - this.metrics[modifiedMetric] !== 'X' - ) { - return this.metrics[modifiedMetric] - } - - // Return the selected value for the metric - return this.metrics[metric] - } - - /** - * Validates a CVSS v4.0 vector string. - * - * This method checks the structure of a given CVSS v4.0 vector string to ensure it adheres to the expected format and values. - * It verifies the presence of the "CVSS:4.0" prefix, the mandatory metrics, and their valid values. - * - * @param {string} vector - The CVSS v4.0 vector string to validate (e.g., "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/MAV:A/AU:N/R:A"). - * @returns {boolean} - Returns true if the vector is valid, otherwise false. - */ - validateStringVector(vector) { - const metrics = vector.split('/') - - // Check if the prefix is correct - if (metrics.shift() !== 'CVSS:4.0') { - console.error( - 'Error: invalid vector, missing CVSS v4.0 prefix from vector: ' + vector - ) - return false - } - - const expectedMetrics = Object.entries(Vector.ALL_METRICS) - let mandatoryMetricIndex = 0 - - for (let metric of metrics) { - const [key, value] = metric.split(':') - - // Check if there are too many metric values - if (!expectedMetrics[mandatoryMetricIndex]) { - console.error('Error: invalid vector, too many metric values') - return false - } - - // Find the current expected metric - while ( - expectedMetrics[mandatoryMetricIndex] && - expectedMetrics[mandatoryMetricIndex][0] !== key - ) { - // Check for missing mandatory metrics - if (mandatoryMetricIndex < 11) { - console.error('Error: invalid vector, missing mandatory metrics') - return false - } - mandatoryMetricIndex++ - } - - // Check if the value is valid for the given metric - if (!expectedMetrics[mandatoryMetricIndex][1].includes(value)) { - console.error( - `Error: invalid vector, for key ${key}, value ${value} is not in ${expectedMetrics[mandatoryMetricIndex][1]}` - ) - return false - } - - mandatoryMetricIndex++ - } - - return true - } - - /** - * Updates the `metrics` object with values from a provided CVSS v4.0 vector string. - * - * This method parses a CVSS v4.0 vector string and updates the `metrics` object - * with the corresponding metric values. The method validates the vector string - * to ensure it adheres to the expected CVSS v4.0 format before processing. - * - * Example usage: - * ``` - * vector.updateMetricsFromVectorString("CVSS:4.0/AV:L/AC:L/PR:N/UI:R/..."); - * ``` - * - * @param {string} vectorString - The CVSS v4.0 vector string to be parsed and applied - * (e.g., "CVSS:4.0/AV:L/AC:L/PR:N/UI:N/..."). - * @throws {Error} - Throws an error if the vector string is invalid or does not conform to the expected format. - */ - updateMetricsFromVectorString(vector) { - if (!vector) { - throw new Error('The vector string cannot be null, undefined, or empty.') - } - - // Validate the CVSS v4.0 string vector - if (!this.validateStringVector(vector)) { - throw new Error('Invalid CVSS v4.0 vector: ' + vector) - } - - let metrics = vector.split('/') - - // Remove the "CVSS:4.0" prefix - metrics.shift() - - // Iterate through each metric component and update the corresponding metric in the `metrics` object - for (let metric of metrics) { - let [key, value] = metric.split(':') - this.metrics[key] = value - } - } - - /** - * Updates the value of a specific CVSS metric and automatically refreshes the `raw` vector string. - * - * This method updates the value of the specified metric in the `metrics` object. - * After updating the metric, it updates the `raw` string by replacing the corresponding - * metric value in the existing string without reconstructing the entire string. - * - * Example usage: - * ``` - * vector.updateMetric("AV", "L"); - * console.log(vector.raw); // Output: "CVSS:4.0/AV:L/AC:L/..." - * ``` - * - * @param {string} metric - The abbreviation of the metric to be updated (e.g., "AV", "AC"). - * @param {string} value - The new value to assign to the metric (e.g., "L", "H"). - */ - updateMetric(metric, value) { - if (Object.prototype.hasOwnProperty.call(this.metrics, metric)) { - this.metrics[metric] = value - } else { - console.error(`Metric ${metric} not found.`) - } - } -} - -/** - * Class representing the CVSS (Common Vulnerability Scoring System) version 4.0. - * - * This class encapsulates the CVSS v4.0 scoring logic, enabling the calculation of a score based on a vector string. - * It manages an internal `Vector` object, which represents the individual CVSS metrics and their values. - * The `CVSS40` class leverages this `Vector` object to compute the overall score and severity rating. - * - * - * @example - * let vuln = new CVSS40("CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:A/MAV:A"); - * console.log(vuln.score); // Output the computed CVSS score (8.7) - * console.log(vuln.severity); // Output the severity rating (High) - * console.log(vuln.vector.nomenclature); // Output the corresponding nomenclature (CVSS-BTE) - * console.log(vuln.vector.raw); // Output the raw vector - * @class - */ -export class CVSS40 { - // Lookup table of macro vectors and their pre-computed equivalent classes value. - static LOOKUP_TABLE = { - '000000': 10, - '000001': 9.9, - '000010': 9.8, - '000011': 9.5, - '000020': 9.5, - '000021': 9.2, - '000100': 10, - '000101': 9.6, - '000110': 9.3, - '000111': 8.7, - '000120': 9.1, - '000121': 8.1, - '000200': 9.3, - '000201': 9, - '000210': 8.9, - '000211': 8, - '000220': 8.1, - '000221': 6.8, - '001000': 9.8, - '001001': 9.5, - '001010': 9.5, - '001011': 9.2, - '001020': 9, - '001021': 8.4, - '001100': 9.3, - '001101': 9.2, - '001110': 8.9, - '001111': 8.1, - '001120': 8.1, - '001121': 6.5, - '001200': 8.8, - '001201': 8, - '001210': 7.8, - '001211': 7, - '001220': 6.9, - '001221': 4.8, - '002001': 9.2, - '002011': 8.2, - '002021': 7.2, - '002101': 7.9, - '002111': 6.9, - '002121': 5, - '002201': 6.9, - '002211': 5.5, - '002221': 2.7, - '010000': 9.9, - '010001': 9.7, - '010010': 9.5, - '010011': 9.2, - '010020': 9.2, - '010021': 8.5, - '010100': 9.5, - '010101': 9.1, - '010110': 9, - '010111': 8.3, - '010120': 8.4, - '010121': 7.1, - '010200': 9.2, - '010201': 8.1, - '010210': 8.2, - '010211': 7.1, - '010220': 7.2, - '010221': 5.3, - '011000': 9.5, - '011001': 9.3, - '011010': 9.2, - '011011': 8.5, - '011020': 8.5, - '011021': 7.3, - '011100': 9.2, - '011101': 8.2, - '011110': 8, - '011111': 7.2, - '011120': 7, - '011121': 5.9, - '011200': 8.4, - '011201': 7, - '011210': 7.1, - '011211': 5.2, - '011220': 5, - '011221': 3, - '012001': 8.6, - '012011': 7.5, - '012021': 5.2, - '012101': 7.1, - '012111': 5.2, - '012121': 2.9, - '012201': 6.3, - '012211': 2.9, - '012221': 1.7, - 100000: 9.8, - 100001: 9.5, - 100010: 9.4, - 100011: 8.7, - 100020: 9.1, - 100021: 8.1, - 100100: 9.4, - 100101: 8.9, - 100110: 8.6, - 100111: 7.4, - 100120: 7.7, - 100121: 6.4, - 100200: 8.7, - 100201: 7.5, - 100210: 7.4, - 100211: 6.3, - 100220: 6.3, - 100221: 4.9, - 101000: 9.4, - 101001: 8.9, - 101010: 8.8, - 101011: 7.7, - 101020: 7.6, - 101021: 6.7, - 101100: 8.6, - 101101: 7.6, - 101110: 7.4, - 101111: 5.8, - 101120: 5.9, - 101121: 5, - 101200: 7.2, - 101201: 5.7, - 101210: 5.7, - 101211: 5.2, - 101220: 5.2, - 101221: 2.5, - 102001: 8.3, - 102011: 7, - 102021: 5.4, - 102101: 6.5, - 102111: 5.8, - 102121: 2.6, - 102201: 5.3, - 102211: 2.1, - 102221: 1.3, - 110000: 9.5, - 110001: 9, - 110010: 8.8, - 110011: 7.6, - 110020: 7.6, - 110021: 7, - 110100: 9, - 110101: 7.7, - 110110: 7.5, - 110111: 6.2, - 110120: 6.1, - 110121: 5.3, - 110200: 7.7, - 110201: 6.6, - 110210: 6.8, - 110211: 5.9, - 110220: 5.2, - 110221: 3, - 111000: 8.9, - 111001: 7.8, - 111010: 7.6, - 111011: 6.7, - 111020: 6.2, - 111021: 5.8, - 111100: 7.4, - 111101: 5.9, - 111110: 5.7, - 111111: 5.7, - 111120: 4.7, - 111121: 2.3, - 111200: 6.1, - 111201: 5.2, - 111210: 5.7, - 111211: 2.9, - 111220: 2.4, - 111221: 1.6, - 112001: 7.1, - 112011: 5.9, - 112021: 3, - 112101: 5.8, - 112111: 2.6, - 112121: 1.5, - 112201: 2.3, - 112211: 1.3, - 112221: 0.6, - 200000: 9.3, - 200001: 8.7, - 200010: 8.6, - 200011: 7.2, - 200020: 7.5, - 200021: 5.8, - 200100: 8.6, - 200101: 7.4, - 200110: 7.4, - 200111: 6.1, - 200120: 5.6, - 200121: 3.4, - 200200: 7, - 200201: 5.4, - 200210: 5.2, - 200211: 4, - 200220: 4, - 200221: 2.2, - 201000: 8.5, - 201001: 7.5, - 201010: 7.4, - 201011: 5.5, - 201020: 6.2, - 201021: 5.1, - 201100: 7.2, - 201101: 5.7, - 201110: 5.5, - 201111: 4.1, - 201120: 4.6, - 201121: 1.9, - 201200: 5.3, - 201201: 3.6, - 201210: 3.4, - 201211: 1.9, - 201220: 1.9, - 201221: 0.8, - 202001: 6.4, - 202011: 5.1, - 202021: 2, - 202101: 4.7, - 202111: 2.1, - 202121: 1.1, - 202201: 2.4, - 202211: 0.9, - 202221: 0.4, - 210000: 8.8, - 210001: 7.5, - 210010: 7.3, - 210011: 5.3, - 210020: 6, - 210021: 5, - 210100: 7.3, - 210101: 5.5, - 210110: 5.9, - 210111: 4, - 210120: 4.1, - 210121: 2, - 210200: 5.4, - 210201: 4.3, - 210210: 4.5, - 210211: 2.2, - 210220: 2, - 210221: 1.1, - 211000: 7.5, - 211001: 5.5, - 211010: 5.8, - 211011: 4.5, - 211020: 4, - 211021: 2.1, - 211100: 6.1, - 211101: 5.1, - 211110: 4.8, - 211111: 1.8, - 211120: 2, - 211121: 0.9, - 211200: 4.6, - 211201: 1.8, - 211210: 1.7, - 211211: 0.7, - 211220: 0.8, - 211221: 0.2, - 212001: 5.3, - 212011: 2.4, - 212021: 1.4, - 212101: 2.4, - 212111: 1.2, - 212121: 0.5, - 212201: 1, - 212211: 0.3, - 212221: 0.1, - } - - // The following defines the index of each metric's values. - // It is used when looking for the highest vector part of the - // combinations produced by the MacroVector respective highest - static METRIC_LEVELS = { - AV: { N: 0.0, A: 0.1, L: 0.2, P: 0.3 }, - PR: { N: 0.0, L: 0.1, H: 0.2 }, - UI: { N: 0.0, P: 0.1, A: 0.2 }, - AC: { L: 0.0, H: 0.1 }, - AT: { N: 0.0, P: 0.1 }, - VC: { H: 0.0, L: 0.1, N: 0.2 }, - VI: { H: 0.0, L: 0.1, N: 0.2 }, - VA: { H: 0.0, L: 0.1, N: 0.2 }, - SC: { H: 0.1, L: 0.2, N: 0.3 }, - SI: { S: 0.0, H: 0.1, L: 0.2, N: 0.3 }, - SA: { S: 0.0, H: 0.1, L: 0.2, N: 0.3 }, - CR: { H: 0.0, M: 0.1, L: 0.2 }, - IR: { H: 0.0, M: 0.1, L: 0.2 }, - AR: { H: 0.0, M: 0.1, L: 0.2 }, - E: { U: 0.2, P: 0.1, A: 0 }, - } - - static MAX_COMPOSED = { - // EQ1 - eq1: { - 0: ['AV:N/PR:N/UI:N/'], - 1: ['AV:A/PR:N/UI:N/', 'AV:N/PR:L/UI:N/', 'AV:N/PR:N/UI:P/'], - 2: ['AV:P/PR:N/UI:N/', 'AV:A/PR:L/UI:P/'], - }, - // EQ2 - eq2: { - 0: ['AC:L/AT:N/'], - 1: ['AC:H/AT:N/', 'AC:L/AT:P/'], - }, - // EQ3+EQ6 - eq3: { - 0: { - 0: ['VC:H/VI:H/VA:H/CR:H/IR:H/AR:H/'], - 1: ['VC:H/VI:H/VA:L/CR:M/IR:M/AR:H/', 'VC:H/VI:H/VA:H/CR:M/IR:M/AR:M/'], - }, - 1: { - 0: ['VC:L/VI:H/VA:H/CR:H/IR:H/AR:H/', 'VC:H/VI:L/VA:H/CR:H/IR:H/AR:H/'], - 1: [ - 'VC:L/VI:H/VA:L/CR:H/IR:M/AR:H/', - 'VC:L/VI:H/VA:H/CR:H/IR:M/AR:M/', - 'VC:H/VI:L/VA:H/CR:M/IR:H/AR:M/', - 'VC:H/VI:L/VA:L/CR:M/IR:H/AR:H/', - 'VC:L/VI:L/VA:H/CR:H/IR:H/AR:M/', - ], - }, - 2: { 1: ['VC:L/VI:L/VA:L/CR:H/IR:H/AR:H/'] }, - }, - // EQ4 - eq4: { - 0: ['SC:H/SI:S/SA:S/'], - 1: ['SC:H/SI:H/SA:H/'], - 2: ['SC:L/SI:L/SA:L/'], - }, - // EQ5 - eq5: { - 0: ['E:A/'], - 1: ['E:P/'], - 2: ['E:U/'], - }, - } - - // max severity distances in EQs MacroVectors (+1) - static MAX_SEVERITY = { - eq1: { - 0: 1, - 1: 4, - 2: 5, - }, - eq2: { - 0: 1, - 1: 2, - }, - eq3eq6: { - 0: { 0: 7, 1: 6 }, - 1: { 0: 8, 1: 8 }, - 2: { 1: 10 }, - }, - eq4: { - 0: 6, - 1: 5, - 2: 4, - }, - eq5: { - 0: 1, - 1: 1, - 2: 1, - }, - } - - /** - * Constructs a CVSS40 object and initializes its properties. - * - * This constructor validates the provided CVSS v4.0 vector string against the CVSS v4.0 specification, - * extracts the metrics from the vector string, computes the equivalent classes, - * and calculates the score. - * - * For detailed information on the CVSS v4.0 specification, refer to: - * https://www.first.org/cvss/v4.0/specification-document - * - * @param {string} vectorString - The CVSS v4.0 vector string (e.g., "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/MAV:A/AU:N/R:A"). - * Defaults to an empty string if not provided. - * @throws {Error} - Throws an error if the vector string is invalid according to the CVSS v4.0 schema. - */ - constructor(input = '') { - if (input instanceof Vector) { - // If the input is a Vector object, use it directly - this.vector = input - } else if (typeof input === 'string') { - // If the input is a string, create a new Vector object from the string - this.vector = new Vector(input) - } else { - throw new Error( - `Invalid input type for CVSSv4.0 constructor. Expected a string or a Vector object in ${this.vector}` - ) - } - - // Calculate the score - this.score = this.calculateScore() - - // Save the severity - this.severity = this.calculateSeverityRating(this.score) - } - - /** - * Calculates the qualitative severity rating based on the CVSS score. - * - * The rating is determined according to the following scale: - * - None: 0.0 - * - Low: 0.1 - 3.9 - * - Medium: 4.0 - 6.9 - * - High: 7.0 - 8.9 - * - Critical: 9.0 - 10.0 - * - * @param {number} score - The CVSS score. - * @returns {string} - The qualitative severity rating. - */ - calculateSeverityRating(score) { - if (score === 0.0) { - return 'None' - } else if (score >= 0.1 && score <= 3.9) { - return 'Low' - } else if (score >= 4.0 && score <= 6.9) { - return 'Medium' - } else if (score >= 7.0 && score <= 8.9) { - return 'High' - } else if (score >= 9.0 && score <= 10.0) { - return 'Critical' - } - return 'Unknown' // In case of an unexpected score value - } - - /** - * Calculates the severity distances between the effective metric values and the extracted metric values - * for a given maximum vector. - * - * This method computes the difference between the effective value of each metric in the CVSS vector and - * the corresponding value in the provided maximum vector. The differences are stored in an object where - * the keys are the metric names and the values are the calculated distances. - * - * @param {string} maxVector - The maximum vector string representing the highest severity levels. - * @returns {object} - An object with keys as metric names and values as the calculated severity distances. - */ - calculateSeverityDistances(maxVector) { - const distances = {} - for (const metric in CVSS40.METRIC_LEVELS) { - const effectiveMetricValue = this.vector.getEffectiveMetricValue(metric) - const extractedMetricValue = this.extractValueMetric(metric, maxVector) - distances[metric] = - CVSS40.METRIC_LEVELS[metric][effectiveMetricValue] - - CVSS40.METRIC_LEVELS[metric][extractedMetricValue] - } - return distances - } - - /** - * Calculates the CVSS v4.0 score for the given vector. - * - * This method follows the CVSS v4.0 specification to determine the score for a given vector. - * It handles the case where there is no impact on the system by returning a score of 0.0. - * Otherwise, it calculates the score based on the maximal scoring differences (MSD) for each EQ - * (Equivalency) and the severity distances from the highest severity vector in the same MacroVector. - * - * The process involves the following steps: - * 1. Determine the maximal scoring difference (MSD) for each EQ by computing the difference between - * the current MacroVector and the next lower MacroVector. - * 2. Retrieve the highest severity vectors for each EQ and compute the severity distances from the - * to-be-scored vector. - * 3. Calculate the current severity distances for each EQ and determine the proportion of the distance. - * 4. Compute the mean of the proportional distances. - * 5. Subtract the mean distance from the score of the highest severity vector to obtain the final score. - * - * For detailed information on the CVSS v4.0 specification, refer to: - * https://www.first.org/cvss/v4.0/specification-document - * - * @returns {number} - The calculated CVSS v4.0 score, rounded to one decimal place. - */ - calculateScore() { - // Constants - // When CIA triad is None - const NO_IMPACT_METRICS = ['VC', 'VI', 'VA', 'SC', 'SI', 'SA'] - const STEP = 0.1 - - // Exception for no impact on system - if ( - NO_IMPACT_METRICS.every( - (metric) => this.vector.getEffectiveMetricValue(metric) === 'N' - ) - ) { - return 0.0 - } - - // Ensure to retrieve up-to-date equivalent classes and store-it inside a variable - const equivalentClasses = this.vector.equivalentClasses - - let value = CVSS40.LOOKUP_TABLE[equivalentClasses] - - // 1. For each of the EQs: - // a. The maximal scoring difference is determined as the difference - // between the current MacroVector and the lower MacroVector. - // i. If there is no lower MacroVector the available distance is - // set to NaN and then ignored in the further calculations. - - // EQ values - const [eq1, eq2, eq3, eq4, eq5, eq6] = equivalentClasses - .split('') - .map(Number) - - // Compute the next lower macro; it may also not exist. - const eq1_next_lower_macro = `${eq1 + 1}${eq2}${eq3}${eq4}${eq5}${eq6}` - const eq2_next_lower_macro = `${eq1}${eq2 + 1}${eq3}${eq4}${eq5}${eq6}` - - let eq3eq6_next_lower_macro - let eq3eq6_next_lower_macro_left - let eq3eq6_next_lower_macro_right - - // eq3 and eq6 are related - if (eq3 === 1 && eq6 === 1) { - // 11 --> 21 - eq3eq6_next_lower_macro = `${eq1}${eq2}${eq3 + 1}${eq4}${eq5}${eq6}` - } else if (eq3 === 0 && eq6 === 1) { - // 01 --> 11 - eq3eq6_next_lower_macro = `${eq1}${eq2}${eq3 + 1}${eq4}${eq5}${eq6}` - } else if (eq3 === 1 && eq6 === 0) { - // 10 --> 11 - eq3eq6_next_lower_macro = `${eq1}${eq2}${eq3}${eq4}${eq5}${eq6 + 1}` - } else if (eq3 === 0 && eq6 === 0) { - // 00 --> 01 - // 00 --> 10 - eq3eq6_next_lower_macro_left = `${eq1}${eq2}${eq3}${eq4}${eq5}${eq6 + 1}` - eq3eq6_next_lower_macro_right = `${eq1}${eq2}${eq3 + 1}${eq4}${eq5}${eq6}` - } else { - // 21 --> 32 (does not exist) - eq3eq6_next_lower_macro = `${eq1}${eq2}${eq3 + 1}${eq4}${eq5}${eq6 + 1}` - } - - const eq4_next_lower_macro = `${eq1}${eq2}${eq3}${eq4 + 1}${eq5}${eq6}` - const eq5_next_lower_macro = `${eq1}${eq2}${eq3}${eq4}${eq5 + 1}${eq6}` - - // get their score, if the next lower macro score do not exist the result is NaN - const score_eq1_next_lower_macro = CVSS40.LOOKUP_TABLE[eq1_next_lower_macro] - const score_eq2_next_lower_macro = CVSS40.LOOKUP_TABLE[eq2_next_lower_macro] - - let score_eq3eq6_next_lower_macro - if (eq3 == 0 && eq6 == 0) { - // multiple path take the one with higher score - const score_eq3eq6_next_lower_macro_left = - CVSS40.LOOKUP_TABLE[eq3eq6_next_lower_macro_left] - const score_eq3eq6_next_lower_macro_right = - CVSS40.LOOKUP_TABLE[eq3eq6_next_lower_macro_right] - - score_eq3eq6_next_lower_macro = Math.max( - score_eq3eq6_next_lower_macro_left, - score_eq3eq6_next_lower_macro_right - ) - } else { - score_eq3eq6_next_lower_macro = - CVSS40.LOOKUP_TABLE[eq3eq6_next_lower_macro] - } - - const score_eq4_next_lower_macro = CVSS40.LOOKUP_TABLE[eq4_next_lower_macro] - const score_eq5_next_lower_macro = CVSS40.LOOKUP_TABLE[eq5_next_lower_macro] - - // b. The severity distance of the to-be scored vector from a - // highest severity vector in the same MacroVector is determined. - const eqMaxes = [ - this.getMaxSeverityVectorsForEQ(equivalentClasses, 1), - this.getMaxSeverityVectorsForEQ(equivalentClasses, 2), - this.getMaxSeverityVectorsForEQ(equivalentClasses, 3)[eq6], - this.getMaxSeverityVectorsForEQ(equivalentClasses, 4), - this.getMaxSeverityVectorsForEQ(equivalentClasses, 5), - ] - - // Compose maximum vectors - const maxVectors = [] - for (const eq1Max of eqMaxes[0]) { - for (const eq2Max of eqMaxes[1]) { - for (const eq3Max of eqMaxes[2]) { - for (const eq4Max of eqMaxes[3]) { - for (const eq5Max of eqMaxes[4]) { - maxVectors.push(eq1Max + eq2Max + eq3Max + eq4Max + eq5Max) - } - } - } - } - } - - // Find the max vector to use i.e. one in the combination of all the highest - // that is greater or equal (severity distance) than the to-be scored vector. - let maxVector, distances - for (const vector of maxVectors) { - distances = this.calculateSeverityDistances(vector) - if (Object.values(distances).every((distance) => distance >= 0)) { - maxVector = vector - break - } - } - - // Calculate the current severity distances - const current_severity_distance_eq1 = - distances['AV'] + distances['PR'] + distances['UI'] - const current_severity_distance_eq2 = distances['AC'] + distances['AT'] - const current_severity_distance_eq3eq6 = - distances['VC'] + - distances['VI'] + - distances['VA'] + - distances['CR'] + - distances['IR'] + - distances['AR'] - const current_severity_distance_eq4 = - distances['SC'] + distances['SI'] + distances['SA'] - // const current_severity_distance_eq5 = 0; // EQ5 is always 0 in this context - - // if the next lower macro score do not exist the result is Nan - // Rename to maximal scoring difference (aka MSD) - const available_distance_eq1 = value - score_eq1_next_lower_macro - const available_distance_eq2 = value - score_eq2_next_lower_macro - const available_distance_eq3eq6 = value - score_eq3eq6_next_lower_macro - const available_distance_eq4 = value - score_eq4_next_lower_macro - const available_distance_eq5 = value - score_eq5_next_lower_macro - - let percent_to_next_eq1_severity = 0 - let percent_to_next_eq2_severity = 0 - let percent_to_next_eq3eq6_severity = 0 - let percent_to_next_eq4_severity = 0 - let percent_to_next_eq5_severity = 0 - - // some of them do not exist, we will find them by retrieving the score. If score null then do not exist - let n_existing_lower = 0 - - let normalized_severity_eq1 = 0 - let normalized_severity_eq2 = 0 - let normalized_severity_eq3eq6 = 0 - let normalized_severity_eq4 = 0 - let normalized_severity_eq5 = 0 - - // multiply by step because distance is pure - const maxSeverity_eq1 = CVSS40.MAX_SEVERITY['eq1'][eq1] * STEP - const maxSeverity_eq2 = CVSS40.MAX_SEVERITY['eq2'][eq2] * STEP - const maxSeverity_eq3eq6 = CVSS40.MAX_SEVERITY['eq3eq6'][eq3][eq6] * STEP - const maxSeverity_eq4 = CVSS40.MAX_SEVERITY['eq4'][eq4] * STEP - - // c. The proportion of the distance is determined by dividing - // the severity distance of the to-be-scored vector by the depth - // of the MacroVector. - // d. The maximal scoring difference is multiplied by the proportion of - // distance. - if (!isNaN(available_distance_eq1)) { - n_existing_lower = n_existing_lower + 1 - percent_to_next_eq1_severity = - current_severity_distance_eq1 / maxSeverity_eq1 - normalized_severity_eq1 = - available_distance_eq1 * percent_to_next_eq1_severity - } - - if (!isNaN(available_distance_eq2)) { - n_existing_lower = n_existing_lower + 1 - percent_to_next_eq2_severity = - current_severity_distance_eq2 / maxSeverity_eq2 - normalized_severity_eq2 = - available_distance_eq2 * percent_to_next_eq2_severity - } - - if (!isNaN(available_distance_eq3eq6)) { - n_existing_lower = n_existing_lower + 1 - percent_to_next_eq3eq6_severity = - current_severity_distance_eq3eq6 / maxSeverity_eq3eq6 - normalized_severity_eq3eq6 = - available_distance_eq3eq6 * percent_to_next_eq3eq6_severity - } - - if (!isNaN(available_distance_eq4)) { - n_existing_lower = n_existing_lower + 1 - percent_to_next_eq4_severity = - current_severity_distance_eq4 / maxSeverity_eq4 - normalized_severity_eq4 = - available_distance_eq4 * percent_to_next_eq4_severity - } - - if (!isNaN(available_distance_eq5)) { - // for eq5 is always 0 the percentage - n_existing_lower = n_existing_lower + 1 - percent_to_next_eq5_severity = 0 - normalized_severity_eq5 = - available_distance_eq5 * percent_to_next_eq5_severity - } - - // 2. The mean of the above computed proportional distances is computed. - let meanDistance - if (n_existing_lower == 0) { - meanDistance = 0 - } else { - // sometimes we need to go up but there is nothing there, or down but there is nothing there so it's a change of 0. - meanDistance = - (normalized_severity_eq1 + - normalized_severity_eq2 + - normalized_severity_eq3eq6 + - normalized_severity_eq4 + - normalized_severity_eq5) / - n_existing_lower - } - - // 3. The score of the vector is the score of the MacroVector - // (i.e. the score of the highest severity vector) minus the mean - // distance so computed. This score is rounded to one decimal place. - return roundToDecimalPlaces( - Math.max(0, Math.min(10, value - meanDistance)), - 1 - ) - } - - /** - * Utility method to get the maximum vectors for a given equivalency (EQ) number. - * - * This method retrieves the highest severity vectors corresponding to the provided - * EQ number based on the lookup table. - * - * @param {string} macroVector - The macro vector string representing the equivalent classes. - * @param {number} eqNumber - The EQ number to look up (1-based index). - * @returns {Array} - An array of highest severity vectors for the given EQ number. - * @throws {Error} - Throws an error if the lookup key is not found for the given EQ number. - */ - getMaxSeverityVectorsForEQ(macroVector, eqNumber) { - return CVSS40.MAX_COMPOSED['eq' + eqNumber][macroVector[eqNumber - 1]] - } - - /** - * Extracts the value of a specified metric from a given string. - * - * This method finds the value of the specified metric within the provided string. - * The metric value is expected to be followed by a colon and may be terminated by a slash. - * - * @param {string} metric - The metric to extract the value for. - * @param {string} str - The string containing the metric and its value. - * @returns {string} - The extracted metric value. - */ - extractValueMetric(metric, str) { - const metricIndex = str.indexOf(metric) + metric.length + 1 - const extracted = str.slice(metricIndex) - return extracted.indexOf('/') > 0 - ? extracted.substring(0, extracted.indexOf('/')) - : extracted - } -} diff --git a/csaf-validator-lib/lib/shared/first/cvsscalc30.js b/csaf-validator-lib/lib/shared/first/cvsscalc30.js deleted file mode 100644 index aebcbd0..0000000 --- a/csaf-validator-lib/lib/shared/first/cvsscalc30.js +++ /dev/null @@ -1,693 +0,0 @@ -// @ts-nocheck - -/* Copyright (c) 2015, FIRST.ORG, INC. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the - * following conditions are met: - * 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following - * disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the - * following disclaimer in the documentation and/or other materials provided with the distribution. - * 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote - * products derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* This JavaScript contains two main functions. Both take CVSS metric values and calculate CVSS scores for Base, - * Temporal and Environmental metric groups, their associated severity ratings, and an overall Vector String. - * - * Use CVSS.calculateCVSSFromMetrics if you wish to pass metric values as individual parameters. - * Use CVSS.calculateCVSSFromVector if you wish to pass metric values as a single Vector String. - * - * Changelog - * - * 2018-02-15 Darius Wiles Added a missing pair of parantheses in the Environmental score, specifically - * in the code setting envScore in the main clause (not the else clause). It was changed - * from "min (...), 10" to "min ((...), 10)". This correction does not alter any final - * Environmental scores. - * - * 2015-08-04 Darius Wiles Added CVSS.generateXMLFromMetrics and CVSS.generateXMLFromVector functions to return - * XML string representations of: a set of metric values; or a Vector String respectively. - * Moved all constants and functions to an object named "CVSS" to - * reduce the chance of conflicts in global variables when this file is combined with - * other JavaScript code. This will break all existing code that uses this file until - * the string "CVSS." is prepended to all references. The "Exploitability" metric has been - * renamed "Exploit Code Maturity" in the specification, so the same change has been made - * in the code in this file. - * - * 2015-04-24 Darius Wiles Environmental formula modified to eliminate undesirable behavior caused by subtle - * differences in rounding between Temporal and Environmental formulas that often - * caused the latter to be 0.1 lower than than the former when all Environmental - * metrics are "Not defined". Also added a RoundUp1 function to simplify formulas. - * - * 2015-04-09 Darius Wiles Added calculateCVSSFromVector function, license information, cleaned up code and improved - * comments. - * - * 2014-12-12 Darius Wiles Initial release for CVSS 3.0 Preview 2. - */ - -// Constants used in the formula. They are not declared as "const" to avoid problems in older browsers. - -var CVSS = {}; - -CVSS.CVSSVersionIdentifier = "CVSS:3.0"; -CVSS.exploitabilityCoefficient = 8.22; -CVSS.scopeCoefficient = 1.08; - -// A regular expression to validate that a CVSS 3.0 vector string is well formed. It checks metrics and metric -// values. It does not check that a metric is specified more than once and it does not check that all base -// metrics are present. These checks need to be performed separately. - -CVSS.vectorStringRegex_30 = /^CVSS:3\.0\/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])\/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$/; - - -// Associative arrays mapping each metric value to the constant defined in the CVSS scoring formula in the CVSS v3.0 -// specification. - -CVSS.Weight = { - AV: { N: 0.85, A: 0.62, L: 0.55, P: 0.2}, - AC: { H: 0.44, L: 0.77}, - PR: { U: {N: 0.85, L: 0.62, H: 0.27}, // These values are used if Scope is Unchanged - C: {N: 0.85, L: 0.68, H: 0.5}}, // These values are used if Scope is Changed - UI: { N: 0.85, R: 0.62}, - S: { U: 6.42, C: 7.52}, // Note: not defined as constants in specification - CIA: { N: 0, L: 0.22, H: 0.56}, // C, I and A have the same weights - - E: { X: 1, U: 0.91, P: 0.94, F: 0.97, H: 1}, - RL: { X: 1, O: 0.95, T: 0.96, W: 0.97, U: 1}, - RC: { X: 1, U: 0.92, R: 0.96, C: 1}, - - CIAR: { X: 1, L: 0.5, M: 1, H: 1.5} // CR, IR and AR have the same weights -}; - - -// Severity rating bands, as defined in the CVSS v3.0 specification. - -CVSS.severityRatings = [ { name: "None", bottom: 0.0, top: 0.0}, - { name: "Low", bottom: 0.1, top: 3.9}, - { name: "Medium", bottom: 4.0, top: 6.9}, - { name: "High", bottom: 7.0, top: 8.9}, - { name: "Critical", bottom: 9.0, top: 10.0} ]; - - - - -/* ** CVSS.calculateCVSSFromMetrics ** - * - * Takes Base, Temporal and Environmental metric values as individual parameters. Their values are in the short format - * defined in the CVSS v3.0 standard definition of the Vector String. For example, the AttackComplexity parameter - * should be either "H" or "L". - * - * Returns Base, Temporal and Environmental scores, severity ratings, and an overall Vector String. All Base metrics - * are required to generate this output. All Temporal and Environmental metric values are optional. Any that are not - * passed default to "X" ("Not Defined"). - * - * The output is an object which always has a property named "success". - * - * If no errors are encountered, success is Boolean "true", and the following other properties are defined containing - * scores, severities and a vector string: - * baseMetricScore, baseSeverity, - * temporalMetricScore, temporalSeverity, - * environmentalMetricScore, environmentalSeverity, - * vectorString - * - * If errors are encountered, success is Boolean "false", and the following other properties are defined: - * errorType - a string indicating the error. Either: - * "MissingBaseMetric", if at least one Base metric has not been defined; or - * "UnknownMetricValue", if at least one metric value is invalid. - * errorMetrics - an array of strings representing the metrics at fault. The strings are abbreviated versions of the - * metrics, as defined in the CVSS v3.0 standard definition of the Vector String. - */ -CVSS.calculateCVSSFromMetrics = function ( - AttackVector, AttackComplexity, PrivilegesRequired, UserInteraction, Scope, Confidentiality, Integrity, Availability, - ExploitCodeMaturity, RemediationLevel, ReportConfidence, - ConfidentialityRequirement, IntegrityRequirement, AvailabilityRequirement, - ModifiedAttackVector, ModifiedAttackComplexity, ModifiedPrivilegesRequired, ModifiedUserInteraction, ModifiedScope, - ModifiedConfidentiality, ModifiedIntegrity, ModifiedAvailability) { - - // If input validation fails, this array is populated with strings indicating which metrics failed validation. - var badMetrics = []; - - // ENSURE ALL BASE METRICS ARE DEFINED - // - // We need values for all Base Score metrics to calculate scores. - // If any Base Score parameters are undefined, create an array of missing metrics and return it with an error. - - if (typeof AttackVector === "undefined" || AttackVector === "") { badMetrics.push("AV"); } - if (typeof AttackComplexity === "undefined" || AttackComplexity === "") { badMetrics.push("AC"); } - if (typeof PrivilegesRequired === "undefined" || PrivilegesRequired === "") { badMetrics.push("PR"); } - if (typeof UserInteraction === "undefined" || UserInteraction === "") { badMetrics.push("UI"); } - if (typeof Scope === "undefined" || Scope === "") { badMetrics.push("S"); } - if (typeof Confidentiality === "undefined" || Confidentiality === "") { badMetrics.push("C"); } - if (typeof Integrity === "undefined" || Integrity === "") { badMetrics.push("I"); } - if (typeof Availability === "undefined" || Availability === "") { badMetrics.push("A"); } - - if (badMetrics.length > 0) { - return { success: false, errorType: "MissingBaseMetric", errorMetrics: badMetrics }; - } - - - // STORE THE METRIC VALUES THAT WERE PASSED AS PARAMETERS - // - // Temporal and Environmental metrics are optional, so set them to "X" ("Not Defined") if no value was passed. - - var AV = AttackVector; - var AC = AttackComplexity; - var PR = PrivilegesRequired; - var UI = UserInteraction; - var S = Scope; - var C = Confidentiality; - var I = Integrity; - var A = Availability; - - var E = ExploitCodeMaturity || "X"; - var RL = RemediationLevel || "X"; - var RC = ReportConfidence || "X"; - - var CR = ConfidentialityRequirement || "X"; - var IR = IntegrityRequirement || "X"; - var AR = AvailabilityRequirement || "X"; - var MAV = ModifiedAttackVector || "X"; - var MAC = ModifiedAttackComplexity || "X"; - var MPR = ModifiedPrivilegesRequired || "X"; - var MUI = ModifiedUserInteraction || "X"; - var MS = ModifiedScope || "X"; - var MC = ModifiedConfidentiality || "X"; - var MI = ModifiedIntegrity || "X"; - var MA = ModifiedAvailability || "X"; - - - // CHECK VALIDITY OF METRIC VALUES - // - // Use the Weight object to ensure that, for every metric, the metric value passed is valid. - // If any invalid values are found, create an array of their metrics and return it with an error. - // - // The Privileges Required (PR) weight depends on Scope, but when checking the validity of PR we must not assume - // that the given value for Scope is valid. We therefore always look at the weights for Unchanged Scope when - // performing this check. The same applies for validation of Modified Privileges Required (MPR). - // - // The Weights object does not contain "X" ("Not Defined") values for Environmental metrics because we replace them - // with their Base metric equivalents later in the function. For example, an MAV of "X" will be replaced with the - // value given for AV. We therefore need to explicitly allow a value of "X" for Environmental metrics. - - if (!CVSS.Weight.AV.hasOwnProperty(AV)) { badMetrics.push("AV"); } - if (!CVSS.Weight.AC.hasOwnProperty(AC)) { badMetrics.push("AC"); } - if (!CVSS.Weight.PR.U.hasOwnProperty(PR)) { badMetrics.push("PR"); } - if (!CVSS.Weight.UI.hasOwnProperty(UI)) { badMetrics.push("UI"); } - if (!CVSS.Weight.S.hasOwnProperty(S)) { badMetrics.push("S"); } - if (!CVSS.Weight.CIA.hasOwnProperty(C)) { badMetrics.push("C"); } - if (!CVSS.Weight.CIA.hasOwnProperty(I)) { badMetrics.push("I"); } - if (!CVSS.Weight.CIA.hasOwnProperty(A)) { badMetrics.push("A"); } - - if (!CVSS.Weight.E.hasOwnProperty(E)) { badMetrics.push("E"); } - if (!CVSS.Weight.RL.hasOwnProperty(RL)) { badMetrics.push("RL"); } - if (!CVSS.Weight.RC.hasOwnProperty(RC)) { badMetrics.push("RC"); } - - if (!(CR === "X" || CVSS.Weight.CIAR.hasOwnProperty(CR))) { badMetrics.push("CR"); } - if (!(IR === "X" || CVSS.Weight.CIAR.hasOwnProperty(IR))) { badMetrics.push("IR"); } - if (!(AR === "X" || CVSS.Weight.CIAR.hasOwnProperty(AR))) { badMetrics.push("AR"); } - if (!(MAV === "X" || CVSS.Weight.AV.hasOwnProperty(MAV))) { badMetrics.push("MAV"); } - if (!(MAC === "X" || CVSS.Weight.AC.hasOwnProperty(MAC))) { badMetrics.push("MAC"); } - if (!(MPR === "X" || CVSS.Weight.PR.U.hasOwnProperty(MPR))) { badMetrics.push("MPR"); } - if (!(MUI === "X" || CVSS.Weight.UI.hasOwnProperty(MUI))) { badMetrics.push("MUI"); } - if (!(MS === "X" || CVSS.Weight.S.hasOwnProperty(MS))) { badMetrics.push("MS"); } - if (!(MC === "X" || CVSS.Weight.CIA.hasOwnProperty(MC))) { badMetrics.push("MC"); } - if (!(MI === "X" || CVSS.Weight.CIA.hasOwnProperty(MI))) { badMetrics.push("MI"); } - if (!(MA === "X" || CVSS.Weight.CIA.hasOwnProperty(MA))) { badMetrics.push("MA"); } - - if (badMetrics.length > 0) { - return { success: false, errorType: "UnknownMetricValue", errorMetrics: badMetrics }; - } - - - - // GATHER WEIGHTS FOR ALL METRICS - - var metricWeightAV = CVSS.Weight.AV [AV]; - var metricWeightAC = CVSS.Weight.AC [AC]; - var metricWeightPR = CVSS.Weight.PR [S][PR]; // PR depends on the value of Scope (S). - var metricWeightUI = CVSS.Weight.UI [UI]; - var metricWeightS = CVSS.Weight.S [S]; - var metricWeightC = CVSS.Weight.CIA [C]; - var metricWeightI = CVSS.Weight.CIA [I]; - var metricWeightA = CVSS.Weight.CIA [A]; - - var metricWeightE = CVSS.Weight.E [E]; - var metricWeightRL = CVSS.Weight.RL [RL]; - var metricWeightRC = CVSS.Weight.RC [RC]; - - // For metrics that are modified versions of Base Score metrics, e.g. Modified Attack Vector, use the value of - // the Base Score metric if the modified version value is "X" ("Not Defined"). - var metricWeightCR = CVSS.Weight.CIAR [CR]; - var metricWeightIR = CVSS.Weight.CIAR [IR]; - var metricWeightAR = CVSS.Weight.CIAR [AR]; - var metricWeightMAV = CVSS.Weight.AV [MAV !== "X" ? MAV : AV]; - var metricWeightMAC = CVSS.Weight.AC [MAC !== "X" ? MAC : AC]; - var metricWeightMPR = CVSS.Weight.PR [MS !== "X" ? MS : S] [MPR !== "X" ? MPR : PR]; // Depends on MS. - var metricWeightMUI = CVSS.Weight.UI [MUI !== "X" ? MUI : UI]; - var metricWeightMS = CVSS.Weight.S [MS !== "X" ? MS : S]; - var metricWeightMC = CVSS.Weight.CIA [MC !== "X" ? MC : C]; - var metricWeightMI = CVSS.Weight.CIA [MI !== "X" ? MI : I]; - var metricWeightMA = CVSS.Weight.CIA [MA !== "X" ? MA : A]; - - - - // CALCULATE THE CVSS BASE SCORE - - var baseScore; - var impactSubScore; - var exploitabalitySubScore = CVSS.exploitabilityCoefficient * metricWeightAV * metricWeightAC * metricWeightPR * metricWeightUI; - var impactSubScoreMultiplier = (1 - ((1 - metricWeightC) * (1 - metricWeightI) * (1 - metricWeightA))); - - if (S === 'U') { - impactSubScore = metricWeightS * impactSubScoreMultiplier; - } else { - impactSubScore = metricWeightS * (impactSubScoreMultiplier - 0.029) - 3.25 * Math.pow(impactSubScoreMultiplier - 0.02, 15); - } - - if (impactSubScore <= 0) { - baseScore = 0; - } else { - if (S === 'U') { - baseScore = CVSS.roundUp1(Math.min((exploitabalitySubScore + impactSubScore), 10)); - } else { - baseScore = CVSS.roundUp1(Math.min((exploitabalitySubScore + impactSubScore) * CVSS.scopeCoefficient, 10)); - } - } - - - - // CALCULATE THE CVSS TEMPORAL SCORE - - var temporalScore = CVSS.roundUp1(baseScore * metricWeightE * metricWeightRL * metricWeightRC); - - - // CALCULATE THE CVSS ENVIRONMENTAL SCORE - // - // - envExploitabalitySubScore recalculates the Base Score Exploitability sub-score using any modified values from the - // Environmental metrics group in place of the values specified in the Base Score, if any have been defined. - // - envAdjustedImpactSubScore recalculates the Base Score Impact sub-score using any modified values from the - // Environmental metrics group in place of the values specified in the Base Score, and any additional weightings - // given in the Environmental metrics group. - - var envScore; - var envModifiedImpactSubScore; - var envModifiedExploitabalitySubScore = CVSS.exploitabilityCoefficient * metricWeightMAV * metricWeightMAC * metricWeightMPR * metricWeightMUI; - - var envImpactSubScoreMultiplier = Math.min (1 - ( - (1 - metricWeightMC * metricWeightCR) * - (1 - metricWeightMI * metricWeightIR) * - (1 - metricWeightMA * metricWeightAR)), 0.915); - - if (MS === "U" || - (MS === "X" && S === "U")) { - envModifiedImpactSubScore = metricWeightMS * envImpactSubScoreMultiplier; - envScore = CVSS.roundUp1(CVSS.roundUp1(Math.min((envModifiedImpactSubScore + envModifiedExploitabalitySubScore), 10)) * - metricWeightE * metricWeightRL * metricWeightRC); - } else { - envModifiedImpactSubScore = metricWeightMS * (envImpactSubScoreMultiplier - 0.029) - 3.25 * Math.pow(envImpactSubScoreMultiplier - 0.02, 15); - envScore = CVSS.roundUp1(CVSS.roundUp1(Math.min(CVSS.scopeCoefficient * (envModifiedImpactSubScore + envModifiedExploitabalitySubScore), 10)) * - metricWeightE * metricWeightRL * metricWeightRC); - } - - if (envModifiedImpactSubScore <= 0) { - envScore = 0; - } - - - // CONSTRUCT THE VECTOR STRING - - var vectorString = - CVSS.CVSSVersionIdentifier + - "/AV:" + AV + - "/AC:" + AC + - "/PR:" + PR + - "/UI:" + UI + - "/S:" + S + - "/C:" + C + - "/I:" + I + - "/A:" + A; - - if (E !== "X") {vectorString = vectorString + "/E:" + E;} - if (RL !== "X") {vectorString = vectorString + "/RL:" + RL;} - if (RC !== "X") {vectorString = vectorString + "/RC:" + RC;} - - if (CR !== "X") {vectorString = vectorString + "/CR:" + CR;} - if (IR !== "X") {vectorString = vectorString + "/IR:" + IR;} - if (AR !== "X") {vectorString = vectorString + "/AR:" + AR;} - if (MAV !== "X") {vectorString = vectorString + "/MAV:" + MAV;} - if (MAC !== "X") {vectorString = vectorString + "/MAC:" + MAC;} - if (MPR !== "X") {vectorString = vectorString + "/MPR:" + MPR;} - if (MUI !== "X") {vectorString = vectorString + "/MUI:" + MUI;} - if (MS !== "X") {vectorString = vectorString + "/MS:" + MS;} - if (MC !== "X") {vectorString = vectorString + "/MC:" + MC;} - if (MI !== "X") {vectorString = vectorString + "/MI:" + MI;} - if (MA !== "X") {vectorString = vectorString + "/MA:" + MA;} - - - // Return an object containing the scores for all three metric groups, and an overall vector string. - - return { - success: true, - baseMetricScore: baseScore.toFixed(1), - baseSeverity: CVSS.severityRating( baseScore.toFixed(1) ), - - temporalMetricScore: temporalScore.toFixed(1), - temporalSeverity: CVSS.severityRating( temporalScore.toFixed(1) ), - - environmentalMetricScore: envScore.toFixed(1), - environmentalSeverity: CVSS.severityRating( envScore.toFixed(1) ), - - vectorString: vectorString - }; -}; - - - - -/* ** CVSS.calculateCVSSFromVector ** - * - * Takes Base, Temporal and Environmental metric values as a single string in the Vector String format defined - * in the CVSS v3.0 standard definition of the Vector String. - * - * Returns Base, Temporal and Environmental scores, severity ratings, and an overall Vector String. All Base metrics - * are required to generate this output. All Temporal and Environmental metric values are optional. Any that are not - * passed default to "X" ("Not Defined"). - * - * See the comment for the CVSS.calculateCVSSFromMetrics function for details on the function output. In addition to - * the error conditions listed for that function, this function can also return: - * "MalformedVectorString", if the Vector String passed is does not conform to the format in the standard; or - * "MultipleDefinitionsOfMetric", if the Vector String is well formed but defines the same metric (or metrics), - * more than once. - */ -CVSS.calculateCVSSFromVector = function ( vectorString ) { - - var metricValues = { - AV: undefined, AC: undefined, PR: undefined, UI: undefined, S: undefined, - C: undefined, I: undefined, A: undefined, - E: undefined, RL: undefined, RC: undefined, - CR: undefined, IR: undefined, AR: undefined, - MAV: undefined, MAC: undefined, MPR: undefined, MUI: undefined, MS: undefined, - MC: undefined, MI: undefined, MA: undefined - }; - - // If input validation fails, this array is populated with strings indicating which metrics failed validation. - var badMetrics = []; - - if (!CVSS.vectorStringRegex_30.test(vectorString)) { - return { success: false, errorType: "MalformedVectorString" }; - } - - var metricNameValue = vectorString.substring(CVSS.CVSSVersionIdentifier.length).split("/"); - - for (var i in metricNameValue) { - if (metricNameValue.hasOwnProperty(i)) { - - var singleMetric = metricNameValue[i].split(":"); - - if (typeof metricValues[singleMetric[0]] === "undefined") { - metricValues[singleMetric[0]] = singleMetric[1]; - } else { - badMetrics.push(singleMetric[0]); - } - } - } - - if (badMetrics.length > 0) { - return { success: false, errorType: "MultipleDefinitionsOfMetric", errorMetrics: badMetrics }; - } - - return CVSS.calculateCVSSFromMetrics ( - metricValues.AV, metricValues.AC, metricValues.PR, metricValues.UI, metricValues.S, - metricValues.C, metricValues.I, metricValues.A, - metricValues.E, metricValues.RL, metricValues.RC, - metricValues.CR, metricValues.IR, metricValues.AR, - metricValues.MAV, metricValues.MAC, metricValues.MPR, metricValues.MUI, metricValues.MS, - metricValues.MC, metricValues.MI, metricValues.MA); -}; - - - - -/* ** CVSS.roundUp1 ** - * - * Rounds up the number passed as a parameter to 1 decimal place and returns the result. - * - * Standard JavaScript errors thrown when arithmetic operations are performed on non-numbers will be returned if the - * given input is not a number. - */ -CVSS.roundUp1 = function (d) { - return Math.ceil (d * 10) / 10; -}; - - - - -/* ** CVSS.severityRating ** - * - * Given a CVSS score, returns the name of the severity rating as defined in the CVSS standard. - * The input needs to be a number between 0.0 to 10.0, to one decimal place of precision. - * - * The following error values may be returned instead of a severity rating name: - * NaN (JavaScript "Not a Number") - if the input is not a number. - * undefined - if the input is a number that is not within the range of any defined severity rating. - */ -CVSS.severityRating = function (score) { - var severityRatingLength = CVSS.severityRatings.length; - - var validatedScore = Number(score); - - if (isNaN(validatedScore)) { - return validatedScore; - } - - for (var i = 0; i < severityRatingLength; i++) { - if (score >= CVSS.severityRatings[i].bottom && score <= CVSS.severityRatings[i].top) { - return CVSS.severityRatings[i].name; - } - } - - return undefined; -}; - - - -/////////////////////////////////////////////////////////////////////////// -// DATA AND FUNCTIONS FOR CREATING AN XML REPRESENTATION OF A CVSS SCORE // -/////////////////////////////////////////////////////////////////////////// - -// A mapping between abbreviated metric values and the string used in the XML representation. -// For example, a Remediation Level (RL) abbreviated metric value of "W" maps to "WORKAROUND". -// For brevity, Base metric values their modified equivalents in the Environmental metric group. We can do this -// because the latter is the same as the former, except it also includes a "NOT_DEFINED" value. - -CVSS.XML_MetricNames = { - E: { X: "NOT_DEFINED", U: "UNPROVEN", P: "PROOF_OF_CONCEPT", F: "FUNCTIONAL", H: "HIGH"}, - RL: { X: "NOT_DEFINED", O: "OFFICIAL_FIX", T: "TEMPORARY_FIX", W: "WORKAROUND", U: "UNAVAILABLE"}, - RC: { X: "NOT_DEFINED", U: "UNKNOWN", R: "REASONABLE", C: "CONFIRMED"}, - - CIAR: { X: "NOT_DEFINED", L: "LOW", M: "MEDIUM", H: "HIGH"}, // CR, IR and AR use the same metric names - MAV: { N: "NETWORK", A: "ADJACENT_NETWORK", L: "LOCAL", P: "PHYSICAL", X: "NOT_DEFINED" }, - MAC: { H: "HIGH", L: "LOW", X: "NOT_DEFINED" }, - MPR: { N: "NONE", L: "LOW", H: "HIGH", X: "NOT_DEFINED" }, - MUI: { N: "NONE", R: "REQUIRED", X: "NOT_DEFINED" }, - MS: { U: "UNCHANGED", C: "CHANGED", X: "NOT_DEFINED" }, - MCIA: { N: "NONE", L: "LOW", H: "HIGH", X: "NOT_DEFINED" } // C, I and A use the same metric names -}; - - - -/* ** CVSS.generateXMLFromMetrics ** - * - * Takes Base, Temporal and Environmental metric values as individual parameters. Their values are in the short format - * defined in the CVSS v3.0 standard definition of the Vector String. For example, the AttackComplexity parameter - * should be either "H" or "L". - * - * Returns a single string containing the metric values in XML form. All Base metrics are required to generate this - * output. All Temporal and Environmental metric values are optional. Any that are not passed will be represented in - * the XML as NOT_DEFINED. The function returns a string for simplicity. It is arguably better to return the XML as - * a DOM object, but at the time of writing this leads to complexity due to older browsers using different JavaScript - * interfaces to do this. Also for simplicity, all Temporal and Environmental metrics are include in the string, - * even though those with a value of "Not Defined" do not need to be included. - * - * The output of this function is an object which always has a property named "success". - * - * If no errors are encountered, success is Boolean "true", and the "xmlString" property contains the XML string - * representation. - * - * If errors are encountered, success is Boolean "false", and other properties are defined as per the - * CVSS.calculateCVSSFromMetrics function. Refer to the comment for that function for more details. - */ -CVSS.generateXMLFromMetrics = function ( - AttackVector, AttackComplexity, PrivilegesRequired, UserInteraction, Scope, Confidentiality, Integrity, Availability, - ExploitCodeMaturity, RemediationLevel, ReportConfidence, - ConfidentialityRequirement, IntegrityRequirement, AvailabilityRequirement, - ModifiedAttackVector, ModifiedAttackComplexity, ModifiedPrivilegesRequired, ModifiedUserInteraction, ModifiedScope, - ModifiedConfidentiality, ModifiedIntegrity, ModifiedAvailability) { - - // A string containing the XML we wish to output, with placeholders for the CVSS metrics we will substitute for - // their values, based on the inputs passed to this function. - var xmlTemplate = - '\n' + - '\n' + - '\n' + - ' \n' + - ' __AttackVector__\n' + - ' __AttackComplexity__\n' + - ' __PrivilegesRequired__\n' + - ' __UserInteraction__\n' + - ' __Scope__\n' + - ' __Confidentiality__\n' + - ' __Integrity__\n' + - ' __Availability__\n' + - ' __BaseScore__\n' + - ' __BaseSeverityRating__\n' + - ' \n' + - '\n' + - ' \n' + - ' __ExploitCodeMaturity__\n' + - ' __RemediationLevel__\n' + - ' __ReportConfidence__\n' + - ' __TemporalScore__\n' + - ' __TemporalSeverityRating__\n' + - ' \n' + - '\n' + - ' \n' + - ' __ConfidentialityRequirement__\n' + - ' __IntegrityRequirement__\n' + - ' __AvailabilityRequirement__\n' + - ' __ModifiedAttackVector__\n' + - ' __ModifiedAttackComplexity__\n' + - ' __ModifiedPrivilegesRequired__\n' + - ' __ModifiedUserInteraction__\n' + - ' __ModifiedScope__\n' + - ' __ModifiedConfidentiality__\n' + - ' __ModifiedIntegrity__\n' + - ' __ModifiedAvailability__\n' + - ' __EnvironmentalScore__\n' + - ' __EnvironmentalSeverityRating__\n' + - ' \n' + - '\n' + - '\n'; - - - // Call CVSS.calculateCVSSFromMetrics to validate all the parameters and generate scores and severity ratings. - // If that function returns an error, immediately return it to the caller of this function. - var result = CVSS.calculateCVSSFromMetrics ( - AttackVector, AttackComplexity, PrivilegesRequired, UserInteraction, Scope, Confidentiality, Integrity, Availability, - ExploitCodeMaturity, RemediationLevel, ReportConfidence, - ConfidentialityRequirement, IntegrityRequirement, AvailabilityRequirement, - ModifiedAttackVector, ModifiedAttackComplexity, ModifiedPrivilegesRequired, ModifiedUserInteraction, ModifiedScope, - ModifiedConfidentiality, ModifiedIntegrity, ModifiedAvailability); - - if (result.success !== true) { - return result; - } - - var xmlOutput = xmlTemplate; - xmlOutput = xmlOutput.replace ("__AttackVector__", CVSS.XML_MetricNames["MAV"][AttackVector]); - xmlOutput = xmlOutput.replace ("__AttackComplexity__", CVSS.XML_MetricNames["MAC"][AttackComplexity]); - xmlOutput = xmlOutput.replace ("__PrivilegesRequired__", CVSS.XML_MetricNames["MPR"][PrivilegesRequired]); - xmlOutput = xmlOutput.replace ("__UserInteraction__", CVSS.XML_MetricNames["MUI"][UserInteraction]); - xmlOutput = xmlOutput.replace ("__Scope__", CVSS.XML_MetricNames["MS"][Scope]); - xmlOutput = xmlOutput.replace ("__Confidentiality__", CVSS.XML_MetricNames["MCIA"][Confidentiality]); - xmlOutput = xmlOutput.replace ("__Integrity__", CVSS.XML_MetricNames["MCIA"][Integrity]); - xmlOutput = xmlOutput.replace ("__Availability__", CVSS.XML_MetricNames["MCIA"][Availability]); - xmlOutput = xmlOutput.replace ("__BaseScore__", result.baseMetricScore); - xmlOutput = xmlOutput.replace ("__BaseSeverityRating__", result.baseSeverity); - - xmlOutput = xmlOutput.replace ("__ExploitCodeMaturity__", CVSS.XML_MetricNames["E"][ExploitCodeMaturity || "X"]); - xmlOutput = xmlOutput.replace ("__RemediationLevel__", CVSS.XML_MetricNames["RL"][RemediationLevel || "X"]); - xmlOutput = xmlOutput.replace ("__ReportConfidence__", CVSS.XML_MetricNames["RC"][ReportConfidence || "X"]); - xmlOutput = xmlOutput.replace ("__TemporalScore__", result.temporalMetricScore); - xmlOutput = xmlOutput.replace ("__TemporalSeverityRating__", result.temporalSeverity); - - xmlOutput = xmlOutput.replace ("__ConfidentialityRequirement__", CVSS.XML_MetricNames["CIAR"][ConfidentialityRequirement || "X"]); - xmlOutput = xmlOutput.replace ("__IntegrityRequirement__", CVSS.XML_MetricNames["CIAR"][IntegrityRequirement || "X"]); - xmlOutput = xmlOutput.replace ("__AvailabilityRequirement__", CVSS.XML_MetricNames["CIAR"][AvailabilityRequirement || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedAttackVector__", CVSS.XML_MetricNames["MAV"][ModifiedAttackVector || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedAttackComplexity__", CVSS.XML_MetricNames["MAC"][ModifiedAttackComplexity || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedPrivilegesRequired__", CVSS.XML_MetricNames["MPR"][ModifiedPrivilegesRequired || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedUserInteraction__", CVSS.XML_MetricNames["MUI"][ModifiedUserInteraction || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedScope__", CVSS.XML_MetricNames["MS"][ModifiedScope || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedConfidentiality__", CVSS.XML_MetricNames["MCIA"][ModifiedConfidentiality || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedIntegrity__", CVSS.XML_MetricNames["MCIA"][ModifiedIntegrity || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedAvailability__", CVSS.XML_MetricNames["MCIA"][ModifiedAvailability || "X"]); - xmlOutput = xmlOutput.replace ("__EnvironmentalScore__", result.environmentalMetricScore); - xmlOutput = xmlOutput.replace ("__EnvironmentalSeverityRating__", result.environmentalSeverity); - - return { success: true, xmlString: xmlOutput }; -}; - - - -/* ** CVSS.generateXMLFromVector ** - * - * Takes Base, Temporal and Environmental metric values as a single string in the Vector String format defined - * in the CVSS v3.0 standard definition of the Vector String. - * - * Returns an XML string representation of this input. See the comment for CVSS.generateXMLFromMetrics for more - * detail on inputs, return values and errors. In addition to the error conditions listed for that function, this - * function can also return: - * "MalformedVectorString", if the Vector String passed is does not conform to the format in the standard; or - * "MultipleDefinitionsOfMetric", if the Vector String is well formed but defines the same metric (or metrics), - * more than once. - */ -CVSS.generateXMLFromVector = function ( vectorString ) { - - var metricValues = { - AV: undefined, AC: undefined, PR: undefined, UI: undefined, S: undefined, - C: undefined, I: undefined, A: undefined, - E: undefined, RL: undefined, RC: undefined, - CR: undefined, IR: undefined, AR: undefined, - MAV: undefined, MAC: undefined, MPR: undefined, MUI: undefined, MS: undefined, - MC: undefined, MI: undefined, MA: undefined - }; - - // If input validation fails, this array is populated with strings indicating which metrics failed validation. - var badMetrics = []; - - if (!CVSS.vectorStringRegex_30.test(vectorString)) { - return { success: false, errorType: "MalformedVectorString" }; - } - - var metricNameValue = vectorString.substring(CVSS.CVSSVersionIdentifier.length).split("/"); - - for (var i in metricNameValue) { - if (metricNameValue.hasOwnProperty(i)) { - - var singleMetric = metricNameValue[i].split(":"); - - if (typeof metricValues[singleMetric[0]] === "undefined") { - metricValues[singleMetric[0]] = singleMetric[1]; - } else { - badMetrics.push(singleMetric[0]); - } - } - } - - if (badMetrics.length > 0) { - return { success: false, errorType: "MultipleDefinitionsOfMetric", errorMetrics: badMetrics }; - } - - return CVSS.generateXMLFromMetrics ( - metricValues.AV, metricValues.AC, metricValues.PR, metricValues.UI, metricValues.S, - metricValues.C, metricValues.I, metricValues.A, - metricValues.E, metricValues.RL, metricValues.RC, - metricValues.CR, metricValues.IR, metricValues.AR, - metricValues.MAV, metricValues.MAC, metricValues.MPR, metricValues.MUI, metricValues.MS, - metricValues.MC, metricValues.MI, metricValues.MA); -}; - -export default CVSS diff --git a/csaf-validator-lib/lib/shared/first/cvsscalc31.js b/csaf-validator-lib/lib/shared/first/cvsscalc31.js deleted file mode 100644 index 86f466b..0000000 --- a/csaf-validator-lib/lib/shared/first/cvsscalc31.js +++ /dev/null @@ -1,757 +0,0 @@ -// @ts-nocheck - -/* Copyright (c) 2019, FIRST.ORG, INC. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the - * following conditions are met: - * 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following - * disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the - * following disclaimer in the documentation and/or other materials provided with the distribution. - * 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote - * products derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* This JavaScript contains two main functions. Both take CVSS metric values and calculate CVSS scores for Base, - * Temporal and Environmental metric groups, their associated severity ratings, and an overall Vector String. - * - * Use CVSS31.calculateCVSSFromMetrics if you wish to pass metric values as individual parameters. - * Use CVSS31.calculateCVSSFromVector if you wish to pass metric values as a single Vector String. - * - * Changelog - * - * 2019-06-01 Darius Wiles Updates for CVSS version 3.1: - * - * 1) The CVSS31.roundUp1 function now performs rounding using integer arithmetic to - * eliminate problems caused by tiny errors introduced during JavaScript math - * operations. Thanks to Stanislav Kontar of Red Hat for suggesting and testing - * various implementations. - * - * 2) Environmental formulas changed to prevent the Environmental Score decreasing when - * the value of an Environmental metric is raised. The problem affected a small - * percentage of CVSS v3.0 metrics. The change is to the modifiedImpact - * formula, but only affects scores where the Modified Scope is Changed (or the - * Scope is Changed if Modified Scope is Not Defined). - * - * 3) The JavaScript object containing everything in this file has been renamed from - * "CVSS" to "CVSS31" to allow both objects to be included without causing a - * naming conflict. - * - * 4) Variable names and code order have changed to more closely reflect the formulas - * in the CVSS v3.1 Specification Document. - * - * 5) A successful call to calculateCVSSFromMetrics now returns sub-formula values. - * - * Note that some sets of metrics will produce different scores between CVSS v3.0 and - * v3.1 as a result of changes 1 and 2. See the explanation of changes between these - * two standards in the CVSS v3.1 User Guide for more details. - * - * 2018-02-15 Darius Wiles Added a missing pair of parentheses in the Environmental score, specifically - * in the code setting envScore in the main clause (not the else clause). It was changed - * from "min (...), 10" to "min ((...), 10)". This correction does not alter any final - * Environmental scores. - * - * 2015-08-04 Darius Wiles Added CVSS.generateXMLFromMetrics and CVSS.generateXMLFromVector functions to return - * XML string representations of: a set of metric values; or a Vector String respectively. - * Moved all constants and functions to an object named "CVSS" to - * reduce the chance of conflicts in global variables when this file is combined with - * other JavaScript code. This will break all existing code that uses this file until - * the string "CVSS." is prepended to all references. The "Exploitability" metric has been - * renamed "Exploit Code Maturity" in the specification, so the same change has been made - * in the code in this file. - * - * 2015-04-24 Darius Wiles Environmental formula modified to eliminate undesirable behavior caused by subtle - * differences in rounding between Temporal and Environmental formulas that often - * caused the latter to be 0.1 lower than than the former when all Environmental - * metrics are "Not defined". Also added a RoundUp1 function to simplify formulas. - * - * 2015-04-09 Darius Wiles Added calculateCVSSFromVector function, license information, cleaned up code and improved - * comments. - * - * 2014-12-12 Darius Wiles Initial release for CVSS 3.0 Preview 2. - */ - -// Constants used in the formula. They are not declared as "const" to avoid problems in older browsers. - -var CVSS31 = {}; - -CVSS31.CVSSVersionIdentifier = "CVSS:3.1"; -CVSS31.exploitabilityCoefficient = 8.22; -CVSS31.scopeCoefficient = 1.08; - -// A regular expression to validate that a CVSS 3.1 vector string is well formed. It checks metrics and metric -// values. It does not check that a metric is specified more than once and it does not check that all base -// metrics are present. These checks need to be performed separately. - -CVSS31.vectorStringRegex_31 = /^CVSS:3\.1\/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])\/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$/; - - -// Associative arrays mapping each metric value to the constant defined in the CVSS scoring formula in the CVSS v3.1 -// specification. - -CVSS31.Weight = { - AV: { N: 0.85, A: 0.62, L: 0.55, P: 0.2}, - AC: { H: 0.44, L: 0.77}, - PR: { U: {N: 0.85, L: 0.62, H: 0.27}, // These values are used if Scope is Unchanged - C: {N: 0.85, L: 0.68, H: 0.5}}, // These values are used if Scope is Changed - UI: { N: 0.85, R: 0.62}, - S: { U: 6.42, C: 7.52}, // Note: not defined as constants in specification - CIA: { N: 0, L: 0.22, H: 0.56}, // C, I and A have the same weights - - E: { X: 1, U: 0.91, P: 0.94, F: 0.97, H: 1}, - RL: { X: 1, O: 0.95, T: 0.96, W: 0.97, U: 1}, - RC: { X: 1, U: 0.92, R: 0.96, C: 1}, - - CIAR: { X: 1, L: 0.5, M: 1, H: 1.5} // CR, IR and AR have the same weights -}; - - -// Severity rating bands, as defined in the CVSS v3.1 specification. - -CVSS31.severityRatings = [ { name: "None", bottom: 0.0, top: 0.0}, - { name: "Low", bottom: 0.1, top: 3.9}, - { name: "Medium", bottom: 4.0, top: 6.9}, - { name: "High", bottom: 7.0, top: 8.9}, - { name: "Critical", bottom: 9.0, top: 10.0} ]; - - - - -/* ** CVSS31.calculateCVSSFromMetrics ** - * - * Takes Base, Temporal and Environmental metric values as individual parameters. Their values are in the short format - * defined in the CVSS v3.1 standard definition of the Vector String. For example, the AttackComplexity parameter - * should be either "H" or "L". - * - * Returns Base, Temporal and Environmental scores, severity ratings, and an overall Vector String. All Base metrics - * are required to generate this output. All Temporal and Environmental metric values are optional. Any that are not - * passed default to "X" ("Not Defined"). - * - * The output is an object which always has a property named "success". - * - * If no errors are encountered, success is Boolean "true", and the following other properties are defined containing - * scores, severities and a vector string: - * baseMetricScore, baseSeverity, - * temporalMetricScore, temporalSeverity, - * environmentalMetricScore, environmentalSeverity, - * vectorString - * - * The following properties are also defined, and contain sub-formula values: - * baseISS, baseImpact, baseExploitability, - * environmentalMISS, environmentalModifiedImpact, environmentalModifiedExploitability - * - * - * If errors are encountered, success is Boolean "false", and the following other properties are defined: - * errorType - a string indicating the error. Either: - * "MissingBaseMetric", if at least one Base metric has not been defined; or - * "UnknownMetricValue", if at least one metric value is invalid. - * errorMetrics - an array of strings representing the metrics at fault. The strings are abbreviated versions of the - * metrics, as defined in the CVSS v3.1 standard definition of the Vector String. - */ -CVSS31.calculateCVSSFromMetrics = function ( - AttackVector, AttackComplexity, PrivilegesRequired, UserInteraction, Scope, Confidentiality, Integrity, Availability, - ExploitCodeMaturity, RemediationLevel, ReportConfidence, - ConfidentialityRequirement, IntegrityRequirement, AvailabilityRequirement, - ModifiedAttackVector, ModifiedAttackComplexity, ModifiedPrivilegesRequired, ModifiedUserInteraction, ModifiedScope, - ModifiedConfidentiality, ModifiedIntegrity, ModifiedAvailability) { - - // If input validation fails, this array is populated with strings indicating which metrics failed validation. - var badMetrics = []; - - // ENSURE ALL BASE METRICS ARE DEFINED - // - // We need values for all Base Score metrics to calculate scores. - // If any Base Score parameters are undefined, create an array of missing metrics and return it with an error. - - if (typeof AttackVector === "undefined" || AttackVector === "") { badMetrics.push("AV"); } - if (typeof AttackComplexity === "undefined" || AttackComplexity === "") { badMetrics.push("AC"); } - if (typeof PrivilegesRequired === "undefined" || PrivilegesRequired === "") { badMetrics.push("PR"); } - if (typeof UserInteraction === "undefined" || UserInteraction === "") { badMetrics.push("UI"); } - if (typeof Scope === "undefined" || Scope === "") { badMetrics.push("S"); } - if (typeof Confidentiality === "undefined" || Confidentiality === "") { badMetrics.push("C"); } - if (typeof Integrity === "undefined" || Integrity === "") { badMetrics.push("I"); } - if (typeof Availability === "undefined" || Availability === "") { badMetrics.push("A"); } - - if (badMetrics.length > 0) { - return { success: false, errorType: "MissingBaseMetric", errorMetrics: badMetrics }; - } - - - // STORE THE METRIC VALUES THAT WERE PASSED AS PARAMETERS - // - // Temporal and Environmental metrics are optional, so set them to "X" ("Not Defined") if no value was passed. - - var AV = AttackVector; - var AC = AttackComplexity; - var PR = PrivilegesRequired; - var UI = UserInteraction; - var S = Scope; - var C = Confidentiality; - var I = Integrity; - var A = Availability; - - var E = ExploitCodeMaturity || "X"; - var RL = RemediationLevel || "X"; - var RC = ReportConfidence || "X"; - - var CR = ConfidentialityRequirement || "X"; - var IR = IntegrityRequirement || "X"; - var AR = AvailabilityRequirement || "X"; - var MAV = ModifiedAttackVector || "X"; - var MAC = ModifiedAttackComplexity || "X"; - var MPR = ModifiedPrivilegesRequired || "X"; - var MUI = ModifiedUserInteraction || "X"; - var MS = ModifiedScope || "X"; - var MC = ModifiedConfidentiality || "X"; - var MI = ModifiedIntegrity || "X"; - var MA = ModifiedAvailability || "X"; - - - // CHECK VALIDITY OF METRIC VALUES - // - // Use the Weight object to ensure that, for every metric, the metric value passed is valid. - // If any invalid values are found, create an array of their metrics and return it with an error. - // - // The Privileges Required (PR) weight depends on Scope, but when checking the validity of PR we must not assume - // that the given value for Scope is valid. We therefore always look at the weights for Unchanged Scope when - // performing this check. The same applies for validation of Modified Privileges Required (MPR). - // - // The Weights object does not contain "X" ("Not Defined") values for Environmental metrics because we replace them - // with their Base metric equivalents later in the function. For example, an MAV of "X" will be replaced with the - // value given for AV. We therefore need to explicitly allow a value of "X" for Environmental metrics. - - if (!CVSS31.Weight.AV.hasOwnProperty(AV)) { badMetrics.push("AV"); } - if (!CVSS31.Weight.AC.hasOwnProperty(AC)) { badMetrics.push("AC"); } - if (!CVSS31.Weight.PR.U.hasOwnProperty(PR)) { badMetrics.push("PR"); } - if (!CVSS31.Weight.UI.hasOwnProperty(UI)) { badMetrics.push("UI"); } - if (!CVSS31.Weight.S.hasOwnProperty(S)) { badMetrics.push("S"); } - if (!CVSS31.Weight.CIA.hasOwnProperty(C)) { badMetrics.push("C"); } - if (!CVSS31.Weight.CIA.hasOwnProperty(I)) { badMetrics.push("I"); } - if (!CVSS31.Weight.CIA.hasOwnProperty(A)) { badMetrics.push("A"); } - - if (!CVSS31.Weight.E.hasOwnProperty(E)) { badMetrics.push("E"); } - if (!CVSS31.Weight.RL.hasOwnProperty(RL)) { badMetrics.push("RL"); } - if (!CVSS31.Weight.RC.hasOwnProperty(RC)) { badMetrics.push("RC"); } - - if (!(CR === "X" || CVSS31.Weight.CIAR.hasOwnProperty(CR))) { badMetrics.push("CR"); } - if (!(IR === "X" || CVSS31.Weight.CIAR.hasOwnProperty(IR))) { badMetrics.push("IR"); } - if (!(AR === "X" || CVSS31.Weight.CIAR.hasOwnProperty(AR))) { badMetrics.push("AR"); } - if (!(MAV === "X" || CVSS31.Weight.AV.hasOwnProperty(MAV))) { badMetrics.push("MAV"); } - if (!(MAC === "X" || CVSS31.Weight.AC.hasOwnProperty(MAC))) { badMetrics.push("MAC"); } - if (!(MPR === "X" || CVSS31.Weight.PR.U.hasOwnProperty(MPR))) { badMetrics.push("MPR"); } - if (!(MUI === "X" || CVSS31.Weight.UI.hasOwnProperty(MUI))) { badMetrics.push("MUI"); } - if (!(MS === "X" || CVSS31.Weight.S.hasOwnProperty(MS))) { badMetrics.push("MS"); } - if (!(MC === "X" || CVSS31.Weight.CIA.hasOwnProperty(MC))) { badMetrics.push("MC"); } - if (!(MI === "X" || CVSS31.Weight.CIA.hasOwnProperty(MI))) { badMetrics.push("MI"); } - if (!(MA === "X" || CVSS31.Weight.CIA.hasOwnProperty(MA))) { badMetrics.push("MA"); } - - if (badMetrics.length > 0) { - return { success: false, errorType: "UnknownMetricValue", errorMetrics: badMetrics }; - } - - - - // GATHER WEIGHTS FOR ALL METRICS - - var metricWeightAV = CVSS31.Weight.AV [AV]; - var metricWeightAC = CVSS31.Weight.AC [AC]; - var metricWeightPR = CVSS31.Weight.PR [S][PR]; // PR depends on the value of Scope (S). - var metricWeightUI = CVSS31.Weight.UI [UI]; - var metricWeightS = CVSS31.Weight.S [S]; - var metricWeightC = CVSS31.Weight.CIA [C]; - var metricWeightI = CVSS31.Weight.CIA [I]; - var metricWeightA = CVSS31.Weight.CIA [A]; - - var metricWeightE = CVSS31.Weight.E [E]; - var metricWeightRL = CVSS31.Weight.RL [RL]; - var metricWeightRC = CVSS31.Weight.RC [RC]; - - // For metrics that are modified versions of Base Score metrics, e.g. Modified Attack Vector, use the value of - // the Base Score metric if the modified version value is "X" ("Not Defined"). - var metricWeightCR = CVSS31.Weight.CIAR [CR]; - var metricWeightIR = CVSS31.Weight.CIAR [IR]; - var metricWeightAR = CVSS31.Weight.CIAR [AR]; - var metricWeightMAV = CVSS31.Weight.AV [MAV !== "X" ? MAV : AV]; - var metricWeightMAC = CVSS31.Weight.AC [MAC !== "X" ? MAC : AC]; - var metricWeightMPR = CVSS31.Weight.PR [MS !== "X" ? MS : S] [MPR !== "X" ? MPR : PR]; // Depends on MS. - var metricWeightMUI = CVSS31.Weight.UI [MUI !== "X" ? MUI : UI]; - var metricWeightMS = CVSS31.Weight.S [MS !== "X" ? MS : S]; - var metricWeightMC = CVSS31.Weight.CIA [MC !== "X" ? MC : C]; - var metricWeightMI = CVSS31.Weight.CIA [MI !== "X" ? MI : I]; - var metricWeightMA = CVSS31.Weight.CIA [MA !== "X" ? MA : A]; - - - - // CALCULATE THE CVSS BASE SCORE - - var iss; /* Impact Sub-Score */ - var impact; - var exploitability; - var baseScore; - - iss = (1 - ((1 - metricWeightC) * (1 - metricWeightI) * (1 - metricWeightA))); - - if (S === 'U') { - impact = metricWeightS * iss; - } else { - impact = metricWeightS * (iss - 0.029) - 3.25 * Math.pow(iss - 0.02, 15); - } - - exploitability = CVSS31.exploitabilityCoefficient * metricWeightAV * metricWeightAC * metricWeightPR * metricWeightUI; - - if (impact <= 0) { - baseScore = 0; - } else { - if (S === 'U') { - baseScore = CVSS31.roundUp1(Math.min((exploitability + impact), 10)); - } else { - baseScore = CVSS31.roundUp1(Math.min(CVSS31.scopeCoefficient * (exploitability + impact), 10)); - } - } - - - // CALCULATE THE CVSS TEMPORAL SCORE - - var temporalScore = CVSS31.roundUp1(baseScore * metricWeightE * metricWeightRL * metricWeightRC); - - - // CALCULATE THE CVSS ENVIRONMENTAL SCORE - // - // - modifiedExploitability recalculates the Base Score Exploitability sub-score using any modified values from the - // Environmental metrics group in place of the values specified in the Base Score, if any have been defined. - // - modifiedImpact recalculates the Base Score Impact sub-score using any modified values from the - // Environmental metrics group in place of the values specified in the Base Score, and any additional weightings - // given in the Environmental metrics group. - - var miss; /* Modified Impact Sub-Score */ - var modifiedImpact; - var envScore; - var modifiedExploitability; - - miss = Math.min (1 - - ( (1 - metricWeightMC * metricWeightCR) * - (1 - metricWeightMI * metricWeightIR) * - (1 - metricWeightMA * metricWeightAR)), 0.915); - - if (MS === "U" || - (MS === "X" && S === "U")) { - modifiedImpact = metricWeightMS * miss; - } else { - modifiedImpact = metricWeightMS * (miss - 0.029) - 3.25 * Math.pow(miss * 0.9731 - 0.02, 13); - } - - modifiedExploitability = CVSS31.exploitabilityCoefficient * metricWeightMAV * metricWeightMAC * metricWeightMPR * metricWeightMUI; - - if (modifiedImpact <= 0) { - envScore = 0; - } else if (MS === "U" || (MS === "X" && S === "U")) { - envScore = CVSS31.roundUp1(CVSS31.roundUp1(Math.min((modifiedImpact + modifiedExploitability), 10)) * - metricWeightE * metricWeightRL * metricWeightRC); - } else { - envScore = CVSS31.roundUp1(CVSS31.roundUp1(Math.min(CVSS31.scopeCoefficient * (modifiedImpact + modifiedExploitability), 10)) * - metricWeightE * metricWeightRL * metricWeightRC); - } - - - // CONSTRUCT THE VECTOR STRING - - var vectorString = - CVSS31.CVSSVersionIdentifier + - "/AV:" + AV + - "/AC:" + AC + - "/PR:" + PR + - "/UI:" + UI + - "/S:" + S + - "/C:" + C + - "/I:" + I + - "/A:" + A; - - if (E !== "X") {vectorString = vectorString + "/E:" + E;} - if (RL !== "X") {vectorString = vectorString + "/RL:" + RL;} - if (RC !== "X") {vectorString = vectorString + "/RC:" + RC;} - - if (CR !== "X") {vectorString = vectorString + "/CR:" + CR;} - if (IR !== "X") {vectorString = vectorString + "/IR:" + IR;} - if (AR !== "X") {vectorString = vectorString + "/AR:" + AR;} - if (MAV !== "X") {vectorString = vectorString + "/MAV:" + MAV;} - if (MAC !== "X") {vectorString = vectorString + "/MAC:" + MAC;} - if (MPR !== "X") {vectorString = vectorString + "/MPR:" + MPR;} - if (MUI !== "X") {vectorString = vectorString + "/MUI:" + MUI;} - if (MS !== "X") {vectorString = vectorString + "/MS:" + MS;} - if (MC !== "X") {vectorString = vectorString + "/MC:" + MC;} - if (MI !== "X") {vectorString = vectorString + "/MI:" + MI;} - if (MA !== "X") {vectorString = vectorString + "/MA:" + MA;} - - - // Return an object containing the scores for all three metric groups, and an overall vector string. - // Sub-formula values are also included. - - return { - success: true, - - baseMetricScore: baseScore.toFixed(1), - baseSeverity: CVSS31.severityRating( baseScore.toFixed(1) ), - baseISS: iss, - baseImpact: impact, - baseExploitability: exploitability, - - temporalMetricScore: temporalScore.toFixed(1), - temporalSeverity: CVSS31.severityRating( temporalScore.toFixed(1) ), - - environmentalMetricScore: envScore.toFixed(1), - environmentalSeverity: CVSS31.severityRating( envScore.toFixed(1) ), - environmentalMISS: miss, - environmentalModifiedImpact: modifiedImpact, - environmentalModifiedExploitability: modifiedExploitability, - - vectorString: vectorString - }; -}; - - - - -/* ** CVSS31.calculateCVSSFromVector ** - * - * Takes Base, Temporal and Environmental metric values as a single string in the Vector String format defined - * in the CVSS v3.1 standard definition of the Vector String. - * - * Returns Base, Temporal and Environmental scores, severity ratings, and an overall Vector String. All Base metrics - * are required to generate this output. All Temporal and Environmental metric values are optional. Any that are not - * passed default to "X" ("Not Defined"). - * - * See the comment for the CVSS31.calculateCVSSFromMetrics function for details on the function output. In addition to - * the error conditions listed for that function, this function can also return: - * "MalformedVectorString", if the Vector String passed does not conform to the format in the standard; or - * "MultipleDefinitionsOfMetric", if the Vector String is well formed but defines the same metric (or metrics), - * more than once. - */ -CVSS31.calculateCVSSFromVector = function ( vectorString ) { - - var metricValues = { - AV: undefined, AC: undefined, PR: undefined, UI: undefined, S: undefined, - C: undefined, I: undefined, A: undefined, - E: undefined, RL: undefined, RC: undefined, - CR: undefined, IR: undefined, AR: undefined, - MAV: undefined, MAC: undefined, MPR: undefined, MUI: undefined, MS: undefined, - MC: undefined, MI: undefined, MA: undefined - }; - - // If input validation fails, this array is populated with strings indicating which metrics failed validation. - var badMetrics = []; - - if (!CVSS31.vectorStringRegex_31.test(vectorString)) { - return { success: false, errorType: "MalformedVectorString" }; - } - - var metricNameValue = vectorString.substring(CVSS31.CVSSVersionIdentifier.length).split("/"); - - for (var i in metricNameValue) { - if (metricNameValue.hasOwnProperty(i)) { - - var singleMetric = metricNameValue[i].split(":"); - - if (typeof metricValues[singleMetric[0]] === "undefined") { - metricValues[singleMetric[0]] = singleMetric[1]; - } else { - badMetrics.push(singleMetric[0]); - } - } - } - - if (badMetrics.length > 0) { - return { success: false, errorType: "MultipleDefinitionsOfMetric", errorMetrics: badMetrics }; - } - - return CVSS31.calculateCVSSFromMetrics ( - metricValues.AV, metricValues.AC, metricValues.PR, metricValues.UI, metricValues.S, - metricValues.C, metricValues.I, metricValues.A, - metricValues.E, metricValues.RL, metricValues.RC, - metricValues.CR, metricValues.IR, metricValues.AR, - metricValues.MAV, metricValues.MAC, metricValues.MPR, metricValues.MUI, metricValues.MS, - metricValues.MC, metricValues.MI, metricValues.MA); -}; - - - - -/* ** CVSS31.roundUp1 ** - * - * Rounds up its parameter to 1 decimal place and returns the result. - * - * Standard JavaScript errors thrown when arithmetic operations are performed on non-numbers will be returned if the - * given input is not a number. - * - * Implementation note: Tiny representation errors in floating point numbers makes rounding complex. For example, - * consider calculating Math.ceil((1-0.58)*100) by hand. It can be simplified to Math.ceil(0.42*100), then - * Math.ceil(42), and finally 42. Most JavaScript implementations give 43. The problem is that, on many systems, - * 1-0.58 = 0.42000000000000004, and the tiny error is enough to push ceil up to the next integer. The implementation - * below avoids such problems by performing the rounding using integers. The input is first multiplied by 100,000 - * and rounded to the nearest integer to consider 6 decimal places of accuracy, so 0.000001 results in 0.0, but - * 0.000009 results in 0.1. - * - * A more elegant solution may be possible, but the following gives answers consistent with results from an arbitrary - * precision library. - */ -CVSS31.roundUp1 = function Roundup (input) { - var int_input = Math.round(input * 100000); - - if (int_input % 10000 === 0) { - return int_input / 100000; - } else { - return (Math.floor(int_input / 10000) + 1) / 10; - } -}; - - - -/* ** CVSS31.severityRating ** - * - * Given a CVSS score, returns the name of the severity rating as defined in the CVSS standard. - * The input needs to be a number between 0.0 to 10.0, to one decimal place of precision. - * - * The following error values may be returned instead of a severity rating name: - * NaN (JavaScript "Not a Number") - if the input is not a number. - * undefined - if the input is a number that is not within the range of any defined severity rating. - */ -CVSS31.severityRating = function (score) { - var severityRatingLength = CVSS31.severityRatings.length; - - var validatedScore = Number(score); - - if (isNaN(validatedScore)) { - return validatedScore; - } - - for (var i = 0; i < severityRatingLength; i++) { - if (score >= CVSS31.severityRatings[i].bottom && score <= CVSS31.severityRatings[i].top) { - return CVSS31.severityRatings[i].name; - } - } - - return undefined; -}; - - - -/////////////////////////////////////////////////////////////////////////// -// DATA AND FUNCTIONS FOR CREATING AN XML REPRESENTATION OF A CVSS SCORE // -/////////////////////////////////////////////////////////////////////////// - -// A mapping between abbreviated metric values and the string used in the XML representation. -// For example, a Remediation Level (RL) abbreviated metric value of "W" maps to "WORKAROUND". -// For brevity, every Base metric shares its definition with its equivalent Environmental metric. This is possible -// because the metric values are same between these groups, except that the latter have an additional metric value -// of "NOT_DEFINED". - -CVSS31.XML_MetricNames = { - E: { X: "NOT_DEFINED", U: "UNPROVEN", P: "PROOF_OF_CONCEPT", F: "FUNCTIONAL", H: "HIGH"}, - RL: { X: "NOT_DEFINED", O: "OFFICIAL_FIX", T: "TEMPORARY_FIX", W: "WORKAROUND", U: "UNAVAILABLE"}, - RC: { X: "NOT_DEFINED", U: "UNKNOWN", R: "REASONABLE", C: "CONFIRMED"}, - - CIAR: { X: "NOT_DEFINED", L: "LOW", M: "MEDIUM", H: "HIGH"}, // CR, IR and AR use the same values - MAV: { N: "NETWORK", A: "ADJACENT_NETWORK", L: "LOCAL", P: "PHYSICAL", X: "NOT_DEFINED" }, - MAC: { H: "HIGH", L: "LOW", X: "NOT_DEFINED" }, - MPR: { N: "NONE", L: "LOW", H: "HIGH", X: "NOT_DEFINED" }, - MUI: { N: "NONE", R: "REQUIRED", X: "NOT_DEFINED" }, - MS: { U: "UNCHANGED", C: "CHANGED", X: "NOT_DEFINED" }, - MCIA: { N: "NONE", L: "LOW", H: "HIGH", X: "NOT_DEFINED" } // C, I and A use the same values -}; - - - -/* ** CVSS31.generateXMLFromMetrics ** - * - * Takes Base, Temporal and Environmental metric values as individual parameters. Their values are in the short format - * defined in the CVSS v3.1 standard definition of the Vector String. For example, the AttackComplexity parameter - * should be either "H" or "L". - * - * Returns a single string containing the metric values in XML form. All Base metrics are required to generate this - * output. All Temporal and Environmental metric values are optional. Any that are not passed will be represented in - * the XML as NOT_DEFINED. The function returns a string for simplicity. It is arguably better to return the XML as - * a DOM object, but at the time of writing this leads to complexity due to older browsers using different JavaScript - * interfaces to do this. Also for simplicity, all Temporal and Environmental metrics are included in the string, - * even though those with a value of "Not Defined" do not need to be included. - * - * The output of this function is an object which always has a property named "success". - * - * If no errors are encountered, success is Boolean "true", and the "xmlString" property contains the XML string - * representation. - * - * If errors are encountered, success is Boolean "false", and other properties are defined as per the - * CVSS31.calculateCVSSFromMetrics function. Refer to the comment for that function for more details. - */ -CVSS31.generateXMLFromMetrics = function ( - AttackVector, AttackComplexity, PrivilegesRequired, UserInteraction, Scope, Confidentiality, Integrity, Availability, - ExploitCodeMaturity, RemediationLevel, ReportConfidence, - ConfidentialityRequirement, IntegrityRequirement, AvailabilityRequirement, - ModifiedAttackVector, ModifiedAttackComplexity, ModifiedPrivilegesRequired, ModifiedUserInteraction, ModifiedScope, - ModifiedConfidentiality, ModifiedIntegrity, ModifiedAvailability) { - - // A string containing the XML we wish to output, with placeholders for the CVSS metrics we will substitute for - // their values, based on the inputs passed to this function. - var xmlTemplate = - '\n' + - '\n' + - '\n' + - ' \n' + - ' __AttackVector__\n' + - ' __AttackComplexity__\n' + - ' __PrivilegesRequired__\n' + - ' __UserInteraction__\n' + - ' __Scope__\n' + - ' __Confidentiality__\n' + - ' __Integrity__\n' + - ' __Availability__\n' + - ' __BaseScore__\n' + - ' __BaseSeverityRating__\n' + - ' \n' + - '\n' + - ' \n' + - ' __ExploitCodeMaturity__\n' + - ' __RemediationLevel__\n' + - ' __ReportConfidence__\n' + - ' __TemporalScore__\n' + - ' __TemporalSeverityRating__\n' + - ' \n' + - '\n' + - ' \n' + - ' __ConfidentialityRequirement__\n' + - ' __IntegrityRequirement__\n' + - ' __AvailabilityRequirement__\n' + - ' __ModifiedAttackVector__\n' + - ' __ModifiedAttackComplexity__\n' + - ' __ModifiedPrivilegesRequired__\n' + - ' __ModifiedUserInteraction__\n' + - ' __ModifiedScope__\n' + - ' __ModifiedConfidentiality__\n' + - ' __ModifiedIntegrity__\n' + - ' __ModifiedAvailability__\n' + - ' __EnvironmentalScore__\n' + - ' __EnvironmentalSeverityRating__\n' + - ' \n' + - '\n' + - '\n'; - - - // Call CVSS31.calculateCVSSFromMetrics to validate all the parameters and generate scores and severity ratings. - // If that function returns an error, immediately return it to the caller of this function. - var result = CVSS31.calculateCVSSFromMetrics ( - AttackVector, AttackComplexity, PrivilegesRequired, UserInteraction, Scope, Confidentiality, Integrity, Availability, - ExploitCodeMaturity, RemediationLevel, ReportConfidence, - ConfidentialityRequirement, IntegrityRequirement, AvailabilityRequirement, - ModifiedAttackVector, ModifiedAttackComplexity, ModifiedPrivilegesRequired, ModifiedUserInteraction, ModifiedScope, - ModifiedConfidentiality, ModifiedIntegrity, ModifiedAvailability); - - if (result.success !== true) { - return result; - } - - var xmlOutput = xmlTemplate; - xmlOutput = xmlOutput.replace ("__AttackVector__", CVSS31.XML_MetricNames["MAV"][AttackVector]); - xmlOutput = xmlOutput.replace ("__AttackComplexity__", CVSS31.XML_MetricNames["MAC"][AttackComplexity]); - xmlOutput = xmlOutput.replace ("__PrivilegesRequired__", CVSS31.XML_MetricNames["MPR"][PrivilegesRequired]); - xmlOutput = xmlOutput.replace ("__UserInteraction__", CVSS31.XML_MetricNames["MUI"][UserInteraction]); - xmlOutput = xmlOutput.replace ("__Scope__", CVSS31.XML_MetricNames["MS"][Scope]); - xmlOutput = xmlOutput.replace ("__Confidentiality__", CVSS31.XML_MetricNames["MCIA"][Confidentiality]); - xmlOutput = xmlOutput.replace ("__Integrity__", CVSS31.XML_MetricNames["MCIA"][Integrity]); - xmlOutput = xmlOutput.replace ("__Availability__", CVSS31.XML_MetricNames["MCIA"][Availability]); - xmlOutput = xmlOutput.replace ("__BaseScore__", result.baseMetricScore); - xmlOutput = xmlOutput.replace ("__BaseSeverityRating__", result.baseSeverity); - - xmlOutput = xmlOutput.replace ("__ExploitCodeMaturity__", CVSS31.XML_MetricNames["E"][ExploitCodeMaturity || "X"]); - xmlOutput = xmlOutput.replace ("__RemediationLevel__", CVSS31.XML_MetricNames["RL"][RemediationLevel || "X"]); - xmlOutput = xmlOutput.replace ("__ReportConfidence__", CVSS31.XML_MetricNames["RC"][ReportConfidence || "X"]); - xmlOutput = xmlOutput.replace ("__TemporalScore__", result.temporalMetricScore); - xmlOutput = xmlOutput.replace ("__TemporalSeverityRating__", result.temporalSeverity); - - xmlOutput = xmlOutput.replace ("__ConfidentialityRequirement__", CVSS31.XML_MetricNames["CIAR"][ConfidentialityRequirement || "X"]); - xmlOutput = xmlOutput.replace ("__IntegrityRequirement__", CVSS31.XML_MetricNames["CIAR"][IntegrityRequirement || "X"]); - xmlOutput = xmlOutput.replace ("__AvailabilityRequirement__", CVSS31.XML_MetricNames["CIAR"][AvailabilityRequirement || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedAttackVector__", CVSS31.XML_MetricNames["MAV"][ModifiedAttackVector || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedAttackComplexity__", CVSS31.XML_MetricNames["MAC"][ModifiedAttackComplexity || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedPrivilegesRequired__", CVSS31.XML_MetricNames["MPR"][ModifiedPrivilegesRequired || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedUserInteraction__", CVSS31.XML_MetricNames["MUI"][ModifiedUserInteraction || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedScope__", CVSS31.XML_MetricNames["MS"][ModifiedScope || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedConfidentiality__", CVSS31.XML_MetricNames["MCIA"][ModifiedConfidentiality || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedIntegrity__", CVSS31.XML_MetricNames["MCIA"][ModifiedIntegrity || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedAvailability__", CVSS31.XML_MetricNames["MCIA"][ModifiedAvailability || "X"]); - xmlOutput = xmlOutput.replace ("__EnvironmentalScore__", result.environmentalMetricScore); - xmlOutput = xmlOutput.replace ("__EnvironmentalSeverityRating__", result.environmentalSeverity); - - return { success: true, xmlString: xmlOutput }; -}; - - - -/* ** CVSS31.generateXMLFromVector ** - * - * Takes Base, Temporal and Environmental metric values as a single string in the Vector String format defined - * in the CVSS v3.1 standard definition of the Vector String. - * - * Returns an XML string representation of this input. See the comment for CVSS31.generateXMLFromMetrics for more - * detail on inputs, return values and errors. In addition to the error conditions listed for that function, this - * function can also return: - * "MalformedVectorString", if the Vector String passed is does not conform to the format in the standard; or - * "MultipleDefinitionsOfMetric", if the Vector String is well formed but defines the same metric (or metrics), - * more than once. - */ -CVSS31.generateXMLFromVector = function ( vectorString ) { - - var metricValues = { - AV: undefined, AC: undefined, PR: undefined, UI: undefined, S: undefined, - C: undefined, I: undefined, A: undefined, - E: undefined, RL: undefined, RC: undefined, - CR: undefined, IR: undefined, AR: undefined, - MAV: undefined, MAC: undefined, MPR: undefined, MUI: undefined, MS: undefined, - MC: undefined, MI: undefined, MA: undefined - }; - - // If input validation fails, this array is populated with strings indicating which metrics failed validation. - var badMetrics = []; - - if (!CVSS31.vectorStringRegex_31.test(vectorString)) { - return { success: false, errorType: "MalformedVectorString" }; - } - - var metricNameValue = vectorString.substring(CVSS31.CVSSVersionIdentifier.length).split("/"); - - for (var i in metricNameValue) { - if (metricNameValue.hasOwnProperty(i)) { - - var singleMetric = metricNameValue[i].split(":"); - - if (typeof metricValues[singleMetric[0]] === "undefined") { - metricValues[singleMetric[0]] = singleMetric[1]; - } else { - badMetrics.push(singleMetric[0]); - } - } - } - - if (badMetrics.length > 0) { - return { success: false, errorType: "MultipleDefinitionsOfMetric", errorMetrics: badMetrics }; - } - - return CVSS31.generateXMLFromMetrics ( - metricValues.AV, metricValues.AC, metricValues.PR, metricValues.UI, metricValues.S, - metricValues.C, metricValues.I, metricValues.A, - metricValues.E, metricValues.RL, metricValues.RC, - metricValues.CR, metricValues.IR, metricValues.AR, - metricValues.MAV, metricValues.MAC, metricValues.MPR, metricValues.MUI, metricValues.MS, - metricValues.MC, metricValues.MI, metricValues.MA); -}; - -export default CVSS31 \ No newline at end of file diff --git a/csaf-validator-lib/lib/shared/first/types.ts b/csaf-validator-lib/lib/shared/first/types.ts deleted file mode 100644 index efdbf59..0000000 --- a/csaf-validator-lib/lib/shared/first/types.ts +++ /dev/null @@ -1,72 +0,0 @@ -declare type CVSSObject = { - success: boolean - - baseMetricScore: string - baseSeverity: string - - temporalMetricScore: string - temporalSeverity: string - - environmentalMetricScore: string - environmentalSeverity: string - - vectorString: string -} - -export interface CVSS31 { - calculateCVSSFromMetrics( - AttackVector: string, - AttackComplexity: string, - PrivilegesRequired: string, - UserInteraction: string, - Scope: string, - Confidentiality: string, - Integrity: string, - Availability: any, - ExploitCodeMaturity: string, - RemediationLevel: string, - ReportConfidence: any, - ConfidentialityRequirement: string, - IntegrityRequirement: string, - AvailabilityRequirement: any, - ModifiedAttackVector: string, - ModifiedAttackComplexity: string, - ModifiedPrivilegesRequire: string, - ModifiedUserInteraction: string, - ModifiedScope: any, - ModifiedConfidentiality: string, - ModifiedIntegrity: string, - ModifiedAvailability: string - ): CVSSObject - - calculateCVSSFromVector(vectorString: string): CVSSObject -} - -export interface CVSS30 { - calculateCVSSFromMetrics( - AttackVector: string, - AttackComplexity: string, - PrivilegesRequired: string, - UserInteraction: string, - Scope: string, - Confidentiality: string, - Integrity: string, - Availability: any, - ExploitCodeMaturity: string, - RemediationLevel: string, - ReportConfidence: any, - ConfidentialityRequirement: string, - IntegrityRequirement: string, - AvailabilityRequirement: any, - ModifiedAttackVector: string, - ModifiedAttackComplexity: string, - ModifiedPrivilegesRequire: string, - ModifiedUserInteraction: string, - ModifiedScope: any, - ModifiedConfidentiality: string, - ModifiedIntegrity: string, - ModifiedAvailability: string - ): CVSSObject - - calculateCVSSFromVector(vectorString: string): CVSSObject -} diff --git a/csaf-validator-lib/lib/shared/languageSpecificTranslation.js b/csaf-validator-lib/lib/shared/languageSpecificTranslation.js deleted file mode 100644 index 69c8cd6..0000000 --- a/csaf-validator-lib/lib/shared/languageSpecificTranslation.js +++ /dev/null @@ -1,102 +0,0 @@ -import bcp47 from 'bcp47' -import translations from '../../lib/language_specific_translation/translations.js' - -const csafTranslationMaps = new Map( - Object.entries(translations.translation).map(([key, value]) => [ - key, - new Map(Object.entries(value)), - ]) -) - -/** - * Checks if the document language is specified and not English - * - * @param {string | undefined} language - The language expression to check - * @returns {boolean} False if language is English, true if the language is valid, false otherwise - */ -export function isLangSpecifiedAndNotEnglish(language) { - return ( - !!language && !(bcp47.parse(language)?.langtag.language.language === 'en') - ) -} - -/** - * test whether exactly one item in document notes exists that has the given title. - * and the given category. - * @param {Array<{ category?: string | undefined; title?: string | undefined; }>} notes - * @param {string} titleToFind - * @param {string} category - * @returns {boolean} True if the language is valid, false otherwise - */ -export function containsOneNoteWithTitleAndCategory( - notes, - titleToFind, - category -) { - return ( - notes.filter( - (note) => note.category === category && note.title === titleToFind - ).length === 1 - ) -} - -/** - * test whether at least one item in document references exists that starts with the given summary - * and has the given category. - * @param {({} & { category?: string | undefined; summary?: string | undefined; } & Record)[]} references - * @param {string} summaryStartsWith - * @param {string} category - * @returns {boolean} True if the reference was found, false otherwise - */ -export function existsReferenceWithSummaryAndCategory( - references, - summaryStartsWith, - category -) { - return ( - references.filter( - (reference) => - reference.category === category && - reference.summary && - reference.summary.startsWith(summaryStartsWith) - ).length > 0 - ) -} - -/** - * Get the language specific translation of the given i18nKey - * @param {{ document: { lang?: string; }; }} doc - * @param {string} i18nKey - */ -export function getTranslationInDocumentLang(doc, i18nKey) { - return doc.document.lang - ? getTranslationInMap(doc.document.lang, i18nKey, csafTranslationMaps) - : undefined -} - -/** - * Get the language specific translation of the given i18nKey in translationMaps - * @param {string} langToTranslate - * @param {string} i18nKey - * @param {Map>} translationMaps - */ -export function getTranslationInMap(langToTranslate, i18nKey, translationMaps) { - const langtag = bcp47.parse(langToTranslate)?.langtag - const languageCode = langtag?.language.language - let transMapForLanguage - if (langtag && languageCode) { - if (langtag.region) { - if (langtag.script) { - transMapForLanguage = translationMaps.get( - `${languageCode}-${langtag.script}-${langtag.region}` - ) - } - transMapForLanguage = - transMapForLanguage ?? - translationMaps.get(`${languageCode}-${langtag.region}`) - } - transMapForLanguage = - transMapForLanguage ?? translationMaps.get(languageCode) - } - return transMapForLanguage?.get(i18nKey) -} diff --git a/csaf-validator-lib/lib/shared/sortObjectKeys.js b/csaf-validator-lib/lib/shared/sortObjectKeys.js deleted file mode 100644 index 5c95b1b..0000000 --- a/csaf-validator-lib/lib/shared/sortObjectKeys.js +++ /dev/null @@ -1,14 +0,0 @@ -/** - * @param {Intl.Collator} collator - * @param {unknown} obj - * @returns {unknown} - */ -export default function sortObjectKeys(collator, obj) { - if (typeof obj !== 'object' || obj == null) return obj - if (Array.isArray(obj)) return obj.map((e) => sortObjectKeys(collator, e)) - return Object.fromEntries( - Object.entries(obj) - .sort((a, z) => collator.compare(a[0], z[0])) - .map(([key, obj]) => [key, sortObjectKeys(collator, obj)]) - ) -} diff --git a/csaf-validator-lib/lib/shared/types.ts b/csaf-validator-lib/lib/shared/types.ts deleted file mode 100644 index 59d813a..0000000 --- a/csaf-validator-lib/lib/shared/types.ts +++ /dev/null @@ -1,15 +0,0 @@ -export interface Result { - isValid: boolean - warnings: Array<{ message: string; instancePath: string }> - errors: Array<{ message: string; instancePath: string }> - infos: Array<{ message: string; instancePath: string }> -} - -interface TestResult { - isValid?: boolean - warnings?: Array<{ message: string; instancePath: string }> - errors?: Array<{ message: string; instancePath: string }> - infos?: Array<{ message: string; instancePath: string }> -} - -export type DocumentTest = (doc: any) => TestResult | Promise diff --git a/csaf-validator-lib/lib/shared/urlHelper.js b/csaf-validator-lib/lib/shared/urlHelper.js deleted file mode 100644 index 2ba8cd6..0000000 --- a/csaf-validator-lib/lib/shared/urlHelper.js +++ /dev/null @@ -1,54 +0,0 @@ -import { Ajv } from 'ajv/dist/jtd.js' - -const ajv = new Ajv() - -const referenceSchema = /** @type {const} */ ({ - additionalProperties: true, - properties: { - category: { type: 'string' }, - url: { type: 'string' }, - }, -}) -const validateReference = ajv.compile(referenceSchema) - -/** - * Convert the tracking id to apply the csaf filename conventions - * - The value trackingId is converted into lower case - * - Any character sequence which is not part of one of the following groups MUST be replaced by a single underscore (_) - * Lower case ASCII letters (0x61 - 0x7A) - * digits (0x30 - 0x39) - * special characters: + (0x2B), - (0x2D) - * @param {string} trackingId - * @return {string} - */ -export function convertTrackingIdToFilename(trackingId) { - return trackingId.toLowerCase().replace(/[^+\-a-z0-9]+/g, '_') -} - -/** - * Checks whether a reference contains a canonical URL - * It works for CSAF 2.0 and CSAF 2.1 - * A canonical URL fulfills all the following: - * - It has the category self - * - The url starts with https:// - * - The url ends with the valid filename for the CSAF document - * A filename must apply the following rules - * - The value trackingId is converted into lower case - * - Any character sequence which is not part of one of the following groups MUST be replaced by a single underscore (_) - * Lower case ASCII letters (0x61 - 0x7A) - * digits (0x30 - 0x39) - * special characters: + (0x2B), - (0x2D) - * - The file extension .json MUST be appended. - * @param {{url?: string, category?: string}} reference - * @param {string} trackingId - * @return {boolean} - */ -export function isCanonicalUrl(reference, trackingId) { - return ( - validateReference(reference) && - reference.category === 'self' && - reference.url !== undefined && - reference.url.startsWith('https://') && - reference.url.endsWith(convertTrackingIdToFilename(trackingId) + '.json') - ) -} diff --git a/csaf-validator-lib/lib/strip.js b/csaf-validator-lib/lib/strip.js deleted file mode 100644 index e08927e..0000000 --- a/csaf-validator-lib/lib/strip.js +++ /dev/null @@ -1,98 +0,0 @@ -import isEmpty from 'lodash/isEmpty.js' -import unset from 'lodash/fp/unset.js' -import jsonPointer from 'json-pointer' -import validate from './validate.js' -import sortObjectKeys from './shared/sortObjectKeys.js' - -const { parse } = jsonPointer - -/** - * @param {Array} tests - * @param {any} document - */ -export default async function (tests, document) { - /** @type {Array<{ instancePath: string; message: string; error: boolean }>} */ - const strippedPaths = [] - - /** - * @param {{}} doc - * @param {string} instancePath - * @returns {{}} - */ - const deleteEmptyNodes = (doc, instancePath) => { - if (typeof doc === 'string' || typeof doc === 'number') return doc - if (Array.isArray(doc)) - return doc.map((item, i) => - deleteEmptyNodes(item, `${instancePath}/${i}`) - ) - return { - ...Object.fromEntries( - Object.entries(doc) - .filter(([key, value]) => { - const valueIsEmpty = - value === '' || - value === null || - (typeof value === 'object' && isEmpty(value)) - - if (valueIsEmpty) { - strippedPaths.push({ - instancePath: `${instancePath}/${key}`, - message: 'value was empty', - error: false, - }) - } - return !valueIsEmpty - }) - .map(([key, value]) => [ - key, - deleteEmptyNodes(value, `${instancePath}/${key}`), - ]) - ), - } - } - - const documentWithoutEmptyNodes = deleteEmptyNodes(document, '') - let errorStrippedDocument = documentWithoutEmptyNodes - /** - * @type {Array<{ - * message?: string - * instancePath: string - * }>} - */ - let errors - do { - errors = (await validate(tests, errorStrippedDocument)).tests.flatMap( - (t) => t.errors - ) - errorStrippedDocument = JSON.parse( - JSON.stringify( - errors.reduce((updatedDoc, error) => { - strippedPaths.push({ - instancePath: error.instancePath, - error: true, - message: /** @type {string} */ (error.message), - }) - const parsedInstancePath = parse(error.instancePath).join('.') - if (parsedInstancePath === '') return {} - return unset(parsedInstancePath, updatedDoc) - }, errorStrippedDocument), - (_, value) => { - if (Array.isArray(value)) { - return value.filter((e) => e !== undefined) - } - return value - } - ) - ) - } while ( - errors && - errors.length && - Object.keys(errorStrippedDocument).length > 0 - ) - return { - document: /** @type {any} */ ( - sortObjectKeys(new Intl.Collator(), errorStrippedDocument) - ), - strippedPaths, - } -} diff --git a/csaf-validator-lib/lib/validate.js b/csaf-validator-lib/lib/validate.js deleted file mode 100644 index 5b967ce..0000000 --- a/csaf-validator-lib/lib/validate.js +++ /dev/null @@ -1,25 +0,0 @@ -/** - * @param {Array} tests - * @param {any} doc - */ -export default async function (tests, doc) { - let isValid = true - const testResults = - /** @type {({ name: string } & import('./shared/types.js').Result)[]} */ ([]) - - for (const test of tests) { - const result = await test(doc) - const testIsValid = - typeof result.isValid === 'boolean' ? result.isValid : true - testResults.push({ - isValid: testIsValid, - errors: result.errors ?? [], - warnings: result.warnings ?? [], - infos: result.infos ?? [], - name: test.name, - }) - isValid = isValid && testIsValid - } - - return { tests: testResults, isValid } -} diff --git a/csaf-validator-lib/mandatoryTests.js b/csaf-validator-lib/mandatoryTests.js deleted file mode 100644 index 657d0b3..0000000 --- a/csaf-validator-lib/mandatoryTests.js +++ /dev/null @@ -1 +0,0 @@ -export * from './lib/mandatoryTests.js' diff --git a/csaf-validator-lib/optionalTests.js b/csaf-validator-lib/optionalTests.js deleted file mode 100644 index c188e3e..0000000 --- a/csaf-validator-lib/optionalTests.js +++ /dev/null @@ -1 +0,0 @@ -export * from './lib/optionalTests.js' diff --git a/csaf-validator-lib/package-lock.json b/csaf-validator-lib/package-lock.json deleted file mode 100644 index b2f16e9..0000000 --- a/csaf-validator-lib/package-lock.json +++ /dev/null @@ -1,1669 +0,0 @@ -{ - "name": "@secvisogram/csaf-validator-lib", - "version": "2.0.23", - "lockfileVersion": 3, - "requires": true, - "packages": { - "": { - "name": "@secvisogram/csaf-validator-lib", - "version": "2.0.23", - "license": "MIT", - "dependencies": { - "@js-joda/core": "^5.6.1", - "@js-joda/timezone": "^2.18.2", - "ajv": "^8.11.2", - "ajv-formats": "^3.0.1", - "bcp47": "^1.1.2", - "cvss2js": "^1.1.0", - "json-pointer": "^0.6.1", - "lodash": "^4.17.21", - "packageurl-js": "^2.0.1", - "semver": "^7.5.4", - "temporal-polyfill": "^0.3.0", - "undici": "^6.23.0" - }, - "devDependencies": { - "@types/chai": "^4.3.5", - "@types/json-pointer": "^1.0.31", - "@types/lodash": "^4.14.195", - "@types/mocha": "^10.0.10", - "@types/node": "^24.1.0", - "@types/prettier": "^2.7.3", - "@types/semver": "^7.5.0", - "@types/xml2js": "^0.4.11", - "c8": "^10.1.3", - "chai": "^4.3.7", - "mocha": "^12.0.0-beta-9", - "prettier": "^2.8.1", - "typescript": "^6.0.3", - "xml2js": "^0.5.0" - } - }, - "node_modules/@bcoe/v8-coverage": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-1.0.2.tgz", - "integrity": "sha512-6zABk/ECA/QYSCQ1NGiVwwbQerUCZ+TQbp64Q3AgmfNvurHH0j8TtXa1qbShXA6qqkpAj4V5W8pP6mLe1mcMqA==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=18" - } - }, - "node_modules/@isaacs/cliui": { - "version": "8.0.2", - "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", - "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==", - "dev": true, - "license": "ISC", - "dependencies": { - "string-width": "^5.1.2", - "string-width-cjs": "npm:string-width@^4.2.0", - "strip-ansi": "^7.0.1", - "strip-ansi-cjs": "npm:strip-ansi@^6.0.1", - "wrap-ansi": "^8.1.0", - "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/@isaacs/cliui/node_modules/ansi-regex": { - "version": "6.2.2", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz", - "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/chalk/ansi-regex?sponsor=1" - } - }, - "node_modules/@isaacs/cliui/node_modules/ansi-styles": { - "version": "6.2.3", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz", - "integrity": "sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" - } - }, - "node_modules/@isaacs/cliui/node_modules/emoji-regex": { - "version": "9.2.2", - "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", - "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==", - "dev": true, - "license": "MIT" - }, - "node_modules/@isaacs/cliui/node_modules/string-width": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", - "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==", - "dev": true, - "license": "MIT", - "dependencies": { - "eastasianwidth": "^0.2.0", - "emoji-regex": "^9.2.2", - "strip-ansi": "^7.0.1" - }, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/@isaacs/cliui/node_modules/strip-ansi": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz", - "integrity": "sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==", - "dev": true, - "license": "MIT", - "dependencies": { - "ansi-regex": "^6.2.2" - }, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/chalk/strip-ansi?sponsor=1" - } - }, - "node_modules/@isaacs/cliui/node_modules/wrap-ansi": { - "version": "8.1.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", - "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==", - "dev": true, - "license": "MIT", - "dependencies": { - "ansi-styles": "^6.1.0", - "string-width": "^5.0.1", - "strip-ansi": "^7.0.1" - }, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/chalk/wrap-ansi?sponsor=1" - } - }, - "node_modules/@istanbuljs/schema": { - "version": "0.1.6", - "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.6.tgz", - "integrity": "sha512-+Sg6GCR/wy1oSmQDFq4LQDAhm3ETKnorxN+y5nbLULOR3P0c14f2Wurzj3/xqPXtasLFfHd5iRFQ7AJt4KH2cw==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/@jridgewell/resolve-uri": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", - "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=6.0.0" - } - }, - "node_modules/@jridgewell/sourcemap-codec": { - "version": "1.5.5", - "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz", - "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==", - "dev": true, - "license": "MIT" - }, - "node_modules/@jridgewell/trace-mapping": { - "version": "0.3.31", - "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz", - "integrity": "sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==", - "dev": true, - "license": "MIT", - "dependencies": { - "@jridgewell/resolve-uri": "^3.1.0", - "@jridgewell/sourcemap-codec": "^1.4.14" - } - }, - "node_modules/@js-joda/core": { - "version": "5.7.0", - "resolved": "https://registry.npmjs.org/@js-joda/core/-/core-5.7.0.tgz", - "integrity": "sha512-WBu4ULVVxySLLzK1Ppq+OdfP+adRS4ntmDQT915rzDJ++i95gc2jZkM5B6LWEAwN3lGXpfie3yPABozdD3K3Vg==", - "license": "BSD-3-Clause" - }, - "node_modules/@js-joda/timezone": { - "version": "2.25.1", - "resolved": "https://registry.npmjs.org/@js-joda/timezone/-/timezone-2.25.1.tgz", - "integrity": "sha512-s79ts8bXrWqM9dIBKc0AdgGuAUFpu9gmzYhOCPHJlks/Sf7FSbJHRauWlFYUwjSTZevimqthEvJycrwrVz5m4g==", - "license": "BSD-3-Clause", - "peerDependencies": { - "@js-joda/core": ">=5.7.0" - } - }, - "node_modules/@pkgjs/parseargs": { - "version": "0.11.0", - "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", - "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==", - "dev": true, - "license": "MIT", - "optional": true, - "engines": { - "node": ">=14" - } - }, - "node_modules/@types/chai": { - "version": "4.3.20", - "resolved": "https://registry.npmjs.org/@types/chai/-/chai-4.3.20.tgz", - "integrity": "sha512-/pC9HAB5I/xMlc5FP77qjCnI16ChlJfW0tGa0IUcFn38VJrTV6DeZ60NU5KZBtaOZqjdpwTWohz5HU1RrhiYxQ==", - "dev": true, - "license": "MIT" - }, - "node_modules/@types/istanbul-lib-coverage": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", - "integrity": "sha512-2QF/t/auWm0lsy8XtKVPG19v3sSOQlJe/YHZgfjb/KBBHOGSV+J2q/S671rcq9uTBrLAXmZpqJiaQbMT+zNU1w==", - "dev": true, - "license": "MIT" - }, - "node_modules/@types/json-pointer": { - "version": "1.0.34", - "resolved": "https://registry.npmjs.org/@types/json-pointer/-/json-pointer-1.0.34.tgz", - "integrity": "sha512-JRnWcxzXSaLei98xgw1B7vAeBVOrkyw0+Rt9j1QoJrczE78OpHsyQC8GNbuhw+/2vxxDe58QvWnngS86CoIbRg==", - "dev": true, - "license": "MIT" - }, - "node_modules/@types/lodash": { - "version": "4.17.24", - "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.24.tgz", - "integrity": "sha512-gIW7lQLZbue7lRSWEFql49QJJWThrTFFeIMJdp3eH4tKoxm1OvEPg02rm4wCCSHS0cL3/Fizimb35b7k8atwsQ==", - "dev": true, - "license": "MIT" - }, - "node_modules/@types/mocha": { - "version": "10.0.10", - "resolved": "https://registry.npmjs.org/@types/mocha/-/mocha-10.0.10.tgz", - "integrity": "sha512-xPyYSz1cMPnJQhl0CLMH68j3gprKZaTjG3s5Vi+fDgx+uhG9NOXwbVt52eFS8ECyXhyKcjDLCBEqBExKuiZb7Q==", - "dev": true, - "license": "MIT" - }, - "node_modules/@types/node": { - "version": "24.12.2", - "resolved": "https://registry.npmjs.org/@types/node/-/node-24.12.2.tgz", - "integrity": "sha512-A1sre26ke7HDIuY/M23nd9gfB+nrmhtYyMINbjI1zHJxYteKR6qSMX56FsmjMcDb3SMcjJg5BiRRgOCC/yBD0g==", - "dev": true, - "license": "MIT", - "dependencies": { - "undici-types": "~7.16.0" - } - }, - "node_modules/@types/prettier": { - "version": "2.7.3", - "resolved": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.3.tgz", - "integrity": "sha512-+68kP9yzs4LMp7VNh8gdzMSPZFL44MLGqiHWvttYJe+6qnuVr4Ek9wSBQoveqY/r+LwjCcU29kNVkidwim+kYA==", - "dev": true, - "license": "MIT" - }, - "node_modules/@types/semver": { - "version": "7.7.1", - "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.7.1.tgz", - "integrity": "sha512-FmgJfu+MOcQ370SD0ev7EI8TlCAfKYU+B4m5T3yXc1CiRN94g/SZPtsCkk506aUDtlMnFZvasDwHHUcZUEaYuA==", - "dev": true, - "license": "MIT" - }, - "node_modules/@types/xml2js": { - "version": "0.4.14", - "resolved": "https://registry.npmjs.org/@types/xml2js/-/xml2js-0.4.14.tgz", - "integrity": "sha512-4YnrRemBShWRO2QjvUin8ESA41rH+9nQGLUGZV/1IDhi3SL9OhdpNC/MrulTWuptXKwhx/aDxE7toV0f/ypIXQ==", - "dev": true, - "license": "MIT", - "dependencies": { - "@types/node": "*" - } - }, - "node_modules/ajv": { - "version": "8.20.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.20.0.tgz", - "integrity": "sha512-Thbli+OlOj+iMPYFBVBfJ3OmCAnaSyNn4M1vz9T6Gka5Jt9ba/HIR56joy65tY6kx/FCF5VXNB819Y7/GUrBGA==", - "license": "MIT", - "dependencies": { - "fast-deep-equal": "^3.1.3", - "fast-uri": "^3.0.1", - "json-schema-traverse": "^1.0.0", - "require-from-string": "^2.0.2" - }, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/epoberezkin" - } - }, - "node_modules/ajv-formats": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/ajv-formats/-/ajv-formats-3.0.1.tgz", - "integrity": "sha512-8iUql50EUR+uUcdRQ3HDqa6EVyo3docL8g5WJ3FNcWmu62IbkGUue/pEyLBW8VGKKucTPgqeks4fIU1DA4yowQ==", - "license": "MIT", - "dependencies": { - "ajv": "^8.0.0" - }, - "peerDependencies": { - "ajv": "^8.0.0" - }, - "peerDependenciesMeta": { - "ajv": { - "optional": true - } - } - }, - "node_modules/ansi-regex": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", - "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/ansi-styles": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", - "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", - "dev": true, - "license": "MIT", - "dependencies": { - "color-convert": "^2.0.1" - }, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" - } - }, - "node_modules/argparse": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", - "dev": true, - "license": "Python-2.0" - }, - "node_modules/assertion-error": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", - "integrity": "sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==", - "dev": true, - "license": "MIT", - "engines": { - "node": "*" - } - }, - "node_modules/balanced-match": { - "version": "4.0.4", - "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz", - "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==", - "dev": true, - "license": "MIT", - "engines": { - "node": "18 || 20 || >=22" - } - }, - "node_modules/bcp47": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/bcp47/-/bcp47-1.1.2.tgz", - "integrity": "sha512-JnkkL4GUpOvvanH9AZPX38CxhiLsXMBicBY2IAtqiVN8YulGDQybUydWA4W6yAMtw6iShtw+8HEF6cfrTHU+UQ==", - "license": "MIT", - "engines": { - "node": ">=0.10" - } - }, - "node_modules/brace-expansion": { - "version": "5.0.5", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz", - "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==", - "dev": true, - "license": "MIT", - "dependencies": { - "balanced-match": "^4.0.2" - }, - "engines": { - "node": "18 || 20 || >=22" - } - }, - "node_modules/browser-stdout": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", - "integrity": "sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw==", - "dev": true, - "license": "ISC" - }, - "node_modules/c8": { - "version": "10.1.3", - "resolved": "https://registry.npmjs.org/c8/-/c8-10.1.3.tgz", - "integrity": "sha512-LvcyrOAaOnrrlMpW22n690PUvxiq4Uf9WMhQwNJ9vgagkL/ph1+D4uvjvDA5XCbykrc0sx+ay6pVi9YZ1GnhyA==", - "dev": true, - "license": "ISC", - "dependencies": { - "@bcoe/v8-coverage": "^1.0.1", - "@istanbuljs/schema": "^0.1.3", - "find-up": "^5.0.0", - "foreground-child": "^3.1.1", - "istanbul-lib-coverage": "^3.2.0", - "istanbul-lib-report": "^3.0.1", - "istanbul-reports": "^3.1.6", - "test-exclude": "^7.0.1", - "v8-to-istanbul": "^9.0.0", - "yargs": "^17.7.2", - "yargs-parser": "^21.1.1" - }, - "bin": { - "c8": "bin/c8.js" - }, - "engines": { - "node": ">=18" - }, - "peerDependencies": { - "monocart-coverage-reports": "^2" - }, - "peerDependenciesMeta": { - "monocart-coverage-reports": { - "optional": true - } - } - }, - "node_modules/camelcase": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", - "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/chai": { - "version": "4.5.0", - "resolved": "https://registry.npmjs.org/chai/-/chai-4.5.0.tgz", - "integrity": "sha512-RITGBfijLkBddZvnn8jdqoTypxvqbOLYQkGGxXzeFjVHvudaPw0HNFD9x928/eUwYWd2dPCugVqspGALTZZQKw==", - "dev": true, - "license": "MIT", - "dependencies": { - "assertion-error": "^1.1.0", - "check-error": "^1.0.3", - "deep-eql": "^4.1.3", - "get-func-name": "^2.0.2", - "loupe": "^2.3.6", - "pathval": "^1.1.1", - "type-detect": "^4.1.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/check-error": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", - "integrity": "sha512-iKEoDYaRmd1mxM90a2OEfWhjsjPpYPuQ+lMYsoxB126+t8fw7ySEO48nmDg5COTjxDI65/Y2OWpeEHk3ZOe8zg==", - "dev": true, - "license": "MIT", - "dependencies": { - "get-func-name": "^2.0.2" - }, - "engines": { - "node": "*" - } - }, - "node_modules/chokidar": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-5.0.0.tgz", - "integrity": "sha512-TQMmc3w+5AxjpL8iIiwebF73dRDF4fBIieAqGn9RGCWaEVwQ6Fb2cGe31Yns0RRIzii5goJ1Y7xbMwo1TxMplw==", - "dev": true, - "license": "MIT", - "dependencies": { - "readdirp": "^5.0.0" - }, - "engines": { - "node": ">= 20.19.0" - }, - "funding": { - "url": "https://paulmillr.com/funding/" - } - }, - "node_modules/cliui": { - "version": "8.0.1", - "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", - "integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==", - "dev": true, - "license": "ISC", - "dependencies": { - "string-width": "^4.2.0", - "strip-ansi": "^6.0.1", - "wrap-ansi": "^7.0.0" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/color-convert": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", - "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", - "dev": true, - "license": "MIT", - "dependencies": { - "color-name": "~1.1.4" - }, - "engines": { - "node": ">=7.0.0" - } - }, - "node_modules/color-name": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", - "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", - "dev": true, - "license": "MIT" - }, - "node_modules/convert-source-map": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", - "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==", - "dev": true, - "license": "MIT" - }, - "node_modules/cross-spawn": { - "version": "7.0.6", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", - "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", - "dev": true, - "license": "MIT", - "dependencies": { - "path-key": "^3.1.0", - "shebang-command": "^2.0.0", - "which": "^2.0.1" - }, - "engines": { - "node": ">= 8" - } - }, - "node_modules/cvss2js": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/cvss2js/-/cvss2js-1.1.0.tgz", - "integrity": "sha512-ssH3uw7jcxZgp1rbsUoYUbVlvQghAgPKDUQafapMhNvr4N/MvrXr217KOTHJZHDjT6hxOlOqvCLbC/JxL1T8Tg==", - "license": "MIT" - }, - "node_modules/debug": { - "version": "4.4.3", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", - "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", - "dev": true, - "license": "MIT", - "dependencies": { - "ms": "^2.1.3" - }, - "engines": { - "node": ">=6.0" - }, - "peerDependenciesMeta": { - "supports-color": { - "optional": true - } - } - }, - "node_modules/decamelize": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", - "integrity": "sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/deep-eql": { - "version": "4.1.4", - "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.4.tgz", - "integrity": "sha512-SUwdGfqdKOwxCPeVYjwSyRpJ7Z+fhpwIAtmCUdZIWZ/YP5R9WAsyuSgpLVDi9bjWoN2LXHNss/dk3urXtdQxGg==", - "dev": true, - "license": "MIT", - "dependencies": { - "type-detect": "^4.0.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/diff": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/diff/-/diff-9.0.0.tgz", - "integrity": "sha512-svtcdpS8CgJyqAjEQIXdb3OjhFVVYjzGAPO8WGCmRbrml64SPw/jJD4GoE98aR7r25A0XcgrK3F02yw9R/vhQw==", - "dev": true, - "license": "BSD-3-Clause", - "engines": { - "node": ">=0.3.1" - } - }, - "node_modules/eastasianwidth": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", - "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==", - "dev": true, - "license": "MIT" - }, - "node_modules/emoji-regex": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", - "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", - "dev": true, - "license": "MIT" - }, - "node_modules/escalade": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz", - "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=6" - } - }, - "node_modules/fast-deep-equal": { - "version": "3.1.3", - "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", - "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", - "license": "MIT" - }, - "node_modules/fast-uri": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz", - "integrity": "sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==", - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/fastify" - }, - { - "type": "opencollective", - "url": "https://opencollective.com/fastify" - } - ], - "license": "BSD-3-Clause" - }, - "node_modules/find-up": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", - "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", - "dev": true, - "license": "MIT", - "dependencies": { - "locate-path": "^6.0.0", - "path-exists": "^4.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/flat": { - "version": "5.0.2", - "resolved": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", - "integrity": "sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ==", - "dev": true, - "license": "BSD-3-Clause", - "bin": { - "flat": "cli.js" - } - }, - "node_modules/foreach": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/foreach/-/foreach-2.0.6.tgz", - "integrity": "sha512-k6GAGDyqLe9JaebCsFCoudPPWfihKu8pylYXRlqP1J7ms39iPoTtk2fviNglIeQEwdh0bQeKJ01ZPyuyQvKzwg==", - "license": "MIT" - }, - "node_modules/foreground-child": { - "version": "3.3.1", - "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.1.tgz", - "integrity": "sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==", - "dev": true, - "license": "ISC", - "dependencies": { - "cross-spawn": "^7.0.6", - "signal-exit": "^4.0.1" - }, - "engines": { - "node": ">=14" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/get-caller-file": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", - "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", - "dev": true, - "license": "ISC", - "engines": { - "node": "6.* || 8.* || >= 10.*" - } - }, - "node_modules/get-func-name": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", - "integrity": "sha512-8vXOvuE167CtIc3OyItco7N/dpRtBbYOsPsXCz7X/PMnlGjYjSGuZJgM1Y7mmew7BKf9BqvLX2tnOVy1BBUsxQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": "*" - } - }, - "node_modules/glob": { - "version": "13.0.6", - "resolved": "https://registry.npmjs.org/glob/-/glob-13.0.6.tgz", - "integrity": "sha512-Wjlyrolmm8uDpm/ogGyXZXb1Z+Ca2B8NbJwqBVg0axK9GbBeoS7yGV6vjXnYdGm6X53iehEuxxbyiKp8QmN4Vw==", - "dev": true, - "license": "BlueOak-1.0.0", - "dependencies": { - "minimatch": "^10.2.2", - "minipass": "^7.1.3", - "path-scurry": "^2.0.2" - }, - "engines": { - "node": "18 || 20 || >=22" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/has-flag": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", - "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/he": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", - "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", - "dev": true, - "license": "MIT", - "bin": { - "he": "bin/he" - } - }, - "node_modules/html-escaper": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", - "integrity": "sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==", - "dev": true, - "license": "MIT" - }, - "node_modules/is-fullwidth-code-point": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", - "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/is-path-inside": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", - "integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/is-plain-obj": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", - "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/is-unicode-supported": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", - "integrity": "sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/isexe": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", - "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", - "dev": true, - "license": "ISC" - }, - "node_modules/istanbul-lib-coverage": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz", - "integrity": "sha512-O8dpsF+r0WV/8MNRKfnmrtCWhuKjxrq2w+jpzBL5UZKTi2LeVWnWOmWRxFlesJONmc+wLAGvKQZEOanko0LFTg==", - "dev": true, - "license": "BSD-3-Clause", - "engines": { - "node": ">=8" - } - }, - "node_modules/istanbul-lib-report": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", - "integrity": "sha512-GCfE1mtsHGOELCU8e/Z7YWzpmybrx/+dSTfLrvY8qRmaY6zXTKWn6WQIjaAFw069icm6GVMNkgu0NzI4iPZUNw==", - "dev": true, - "license": "BSD-3-Clause", - "dependencies": { - "istanbul-lib-coverage": "^3.0.0", - "make-dir": "^4.0.0", - "supports-color": "^7.1.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/istanbul-reports": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.2.0.tgz", - "integrity": "sha512-HGYWWS/ehqTV3xN10i23tkPkpH46MLCIMFNCaaKNavAXTF1RkqxawEPtnjnGZ6XKSInBKkiOA5BKS+aZiY3AvA==", - "dev": true, - "license": "BSD-3-Clause", - "dependencies": { - "html-escaper": "^2.0.0", - "istanbul-lib-report": "^3.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/jackspeak": { - "version": "3.4.3", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz", - "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==", - "dev": true, - "license": "BlueOak-1.0.0", - "dependencies": { - "@isaacs/cliui": "^8.0.2" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - }, - "optionalDependencies": { - "@pkgjs/parseargs": "^0.11.0" - } - }, - "node_modules/js-yaml": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", - "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", - "dev": true, - "license": "MIT", - "dependencies": { - "argparse": "^2.0.1" - }, - "bin": { - "js-yaml": "bin/js-yaml.js" - } - }, - "node_modules/json-pointer": { - "version": "0.6.2", - "resolved": "https://registry.npmjs.org/json-pointer/-/json-pointer-0.6.2.tgz", - "integrity": "sha512-vLWcKbOaXlO+jvRy4qNd+TI1QUPZzfJj1tpJ3vAXDych5XJf93ftpUKe5pKCrzyIIwgBJcOcCVRUfqQP25afBw==", - "license": "MIT", - "dependencies": { - "foreach": "^2.0.4" - } - }, - "node_modules/json-schema-traverse": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", - "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", - "license": "MIT" - }, - "node_modules/locate-path": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", - "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", - "dev": true, - "license": "MIT", - "dependencies": { - "p-locate": "^5.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/lodash": { - "version": "4.18.1", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz", - "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==", - "license": "MIT" - }, - "node_modules/loupe": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", - "integrity": "sha512-zSMINGVYkdpYSOBmLi0D1Uo7JU9nVdQKrHxC8eYlV+9YKK9WePqAlL7lSlorG/U2Fw1w0hTBmaa/jrQ3UbPHtA==", - "dev": true, - "license": "MIT", - "dependencies": { - "get-func-name": "^2.0.1" - } - }, - "node_modules/lru-cache": { - "version": "11.3.6", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.3.6.tgz", - "integrity": "sha512-Gf/KoL3C/MlI7Bt0PGI9I+TeTC/I6r/csU58N4BSNc4lppLBeKsOdFYkK+dX0ABDUMJNfCHTyPpzwwO21Awd3A==", - "dev": true, - "license": "BlueOak-1.0.0", - "engines": { - "node": "20 || >=22" - } - }, - "node_modules/make-dir": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", - "integrity": "sha512-hXdUTZYIVOt1Ex//jAQi+wTZZpUpwBj/0QsOzqegb3rGMMeJiSEu5xLHnYfBrRV4RH2+OCSOO95Is/7x1WJ4bw==", - "dev": true, - "license": "MIT", - "dependencies": { - "semver": "^7.5.3" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/minimatch": { - "version": "10.2.5", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz", - "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==", - "dev": true, - "license": "BlueOak-1.0.0", - "dependencies": { - "brace-expansion": "^5.0.5" - }, - "engines": { - "node": "18 || 20 || >=22" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/minipass": { - "version": "7.1.3", - "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.3.tgz", - "integrity": "sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==", - "dev": true, - "license": "BlueOak-1.0.0", - "engines": { - "node": ">=16 || 14 >=14.17" - } - }, - "node_modules/mocha": { - "version": "12.0.0-beta-9.3", - "resolved": "https://registry.npmjs.org/mocha/-/mocha-12.0.0-beta-9.3.tgz", - "integrity": "sha512-QPdrZhX9dZZDKW5gOyUnBdzdXjfFP1oDG/5IEyr4hEvi7kchT/6yCZL5loJUvb2yVe30CtIdGHFRZ8ggcX3/sA==", - "dev": true, - "license": "MIT", - "dependencies": { - "browser-stdout": "^1.3.1", - "chokidar": "^5.0.0", - "debug": "^4.3.5", - "diff": "^9.0.0", - "find-up": "^5.0.0", - "glob": "^13.0.0", - "he": "^1.2.0", - "is-path-inside": "^3.0.3", - "is-unicode-supported": "^0.1.0", - "js-yaml": "^4.1.0", - "minimatch": "^10.2.2", - "ms": "^2.1.3", - "picocolors": "^1.1.1", - "serialize-javascript": "^7.0.2", - "strip-json-comments": "^5.0.3", - "supports-color": "^8.1.1", - "workerpool": "^10.0.0", - "yargs": "^17.7.2", - "yargs-parser": "^21.1.1", - "yargs-unparser": "^2.0.0" - }, - "bin": { - "_mocha": "bin/_mocha", - "mocha": "bin/mocha.js" - }, - "engines": { - "node": "^20.19.0 || >=22.12.0" - } - }, - "node_modules/mocha/node_modules/supports-color": { - "version": "8.1.1", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", - "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", - "dev": true, - "license": "MIT", - "dependencies": { - "has-flag": "^4.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/supports-color?sponsor=1" - } - }, - "node_modules/ms": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", - "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", - "dev": true, - "license": "MIT" - }, - "node_modules/p-limit": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", - "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", - "dev": true, - "license": "MIT", - "dependencies": { - "yocto-queue": "^0.1.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/p-locate": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", - "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", - "dev": true, - "license": "MIT", - "dependencies": { - "p-limit": "^3.0.2" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/package-json-from-dist": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz", - "integrity": "sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==", - "dev": true, - "license": "BlueOak-1.0.0" - }, - "node_modules/packageurl-js": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-2.0.1.tgz", - "integrity": "sha512-N5ixXjzTy4QDQH0Q9YFjqIWd6zH6936Djpl2m9QNFmDv5Fum8q8BjkpAcHNMzOFE0IwQrFhJWex3AN6kS0OSwg==", - "license": "MIT" - }, - "node_modules/path-exists": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", - "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/path-key": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", - "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/path-scurry": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-2.0.2.tgz", - "integrity": "sha512-3O/iVVsJAPsOnpwWIeD+d6z/7PmqApyQePUtCndjatj/9I5LylHvt5qluFaBT3I5h3r1ejfR056c+FCv+NnNXg==", - "dev": true, - "license": "BlueOak-1.0.0", - "dependencies": { - "lru-cache": "^11.0.0", - "minipass": "^7.1.2" - }, - "engines": { - "node": "18 || 20 || >=22" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/pathval": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", - "integrity": "sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": "*" - } - }, - "node_modules/picocolors": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", - "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==", - "dev": true, - "license": "ISC" - }, - "node_modules/prettier": { - "version": "2.8.8", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.8.tgz", - "integrity": "sha512-tdN8qQGvNjw4CHbY+XXk0JgCXn9QiF21a55rBe5LJAU+kDyC4WQn4+awm2Xfk2lQMk5fKup9XgzTZtGkjBdP9Q==", - "dev": true, - "license": "MIT", - "bin": { - "prettier": "bin-prettier.js" - }, - "engines": { - "node": ">=10.13.0" - }, - "funding": { - "url": "https://github.com/prettier/prettier?sponsor=1" - } - }, - "node_modules/readdirp": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-5.0.0.tgz", - "integrity": "sha512-9u/XQ1pvrQtYyMpZe7DXKv2p5CNvyVwzUB6uhLAnQwHMSgKMBR62lc7AHljaeteeHXn11XTAaLLUVZYVZyuRBQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">= 20.19.0" - }, - "funding": { - "type": "individual", - "url": "https://paulmillr.com/funding/" - } - }, - "node_modules/require-directory": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", - "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/require-from-string": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", - "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", - "license": "MIT", - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/sax": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/sax/-/sax-1.6.0.tgz", - "integrity": "sha512-6R3J5M4AcbtLUdZmRv2SygeVaM7IhrLXu9BmnOGmmACak8fiUtOsYNWUS4uK7upbmHIBbLBeFeI//477BKLBzA==", - "dev": true, - "license": "BlueOak-1.0.0", - "engines": { - "node": ">=11.0.0" - } - }, - "node_modules/semver": { - "version": "7.7.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz", - "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==", - "license": "ISC", - "bin": { - "semver": "bin/semver.js" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/serialize-javascript": { - "version": "7.0.5", - "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-7.0.5.tgz", - "integrity": "sha512-F4LcB0UqUl1zErq+1nYEEzSHJnIwb3AF2XWB94b+afhrekOUijwooAYqFyRbjYkm2PAKBabx6oYv/xDxNi8IBw==", - "dev": true, - "license": "BSD-3-Clause", - "engines": { - "node": ">=20.0.0" - } - }, - "node_modules/shebang-command": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", - "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", - "dev": true, - "license": "MIT", - "dependencies": { - "shebang-regex": "^3.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/shebang-regex": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", - "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/signal-exit": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", - "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==", - "dev": true, - "license": "ISC", - "engines": { - "node": ">=14" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/string-width": { - "version": "4.2.3", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", - "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", - "dev": true, - "license": "MIT", - "dependencies": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/string-width-cjs": { - "name": "string-width", - "version": "4.2.3", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", - "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", - "dev": true, - "license": "MIT", - "dependencies": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/strip-ansi": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", - "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "dev": true, - "license": "MIT", - "dependencies": { - "ansi-regex": "^5.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/strip-ansi-cjs": { - "name": "strip-ansi", - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", - "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "dev": true, - "license": "MIT", - "dependencies": { - "ansi-regex": "^5.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/strip-json-comments": { - "version": "5.0.3", - "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-5.0.3.tgz", - "integrity": "sha512-1tB5mhVo7U+ETBKNf92xT4hrQa3pm0MZ0PQvuDnWgAAGHDsfp4lPSpiS6psrSiet87wyGPh9ft6wmhOMQ0hDiw==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=14.16" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/supports-color": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", - "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", - "dev": true, - "license": "MIT", - "dependencies": { - "has-flag": "^4.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/temporal-polyfill": { - "version": "0.3.2", - "resolved": "https://registry.npmjs.org/temporal-polyfill/-/temporal-polyfill-0.3.2.tgz", - "integrity": "sha512-TzHthD/heRK947GNiSu3Y5gSPpeUDH34+LESnfsq8bqpFhsB79HFBX8+Z834IVX68P3EUyRPZK5bL/1fh437Eg==", - "license": "MIT", - "dependencies": { - "temporal-spec": "0.3.1" - } - }, - "node_modules/temporal-spec": { - "version": "0.3.1", - "resolved": "https://registry.npmjs.org/temporal-spec/-/temporal-spec-0.3.1.tgz", - "integrity": "sha512-B4TUhezh9knfSIMwt7RVggApDRJZo73uZdj8AacL2mZ8RP5KtLianh2MXxL06GN9ESYiIsiuoLQhgVfwe55Yhw==", - "license": "ISC" - }, - "node_modules/test-exclude": { - "version": "7.0.2", - "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-7.0.2.tgz", - "integrity": "sha512-u9E6A+ZDYdp7a4WnarkXPZOx8Ilz46+kby6p1yZ8zsGTz9gYa6FIS7lj2oezzNKmtdyyJNNmmXDppga5GB7kSw==", - "dev": true, - "license": "ISC", - "dependencies": { - "@istanbuljs/schema": "^0.1.2", - "glob": "^10.4.1", - "minimatch": "^10.2.2" - }, - "engines": { - "node": ">=18" - } - }, - "node_modules/test-exclude/node_modules/balanced-match": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", - "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", - "dev": true, - "license": "MIT" - }, - "node_modules/test-exclude/node_modules/brace-expansion": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz", - "integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==", - "dev": true, - "license": "MIT", - "dependencies": { - "balanced-match": "^1.0.0" - } - }, - "node_modules/test-exclude/node_modules/glob": { - "version": "10.5.0", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz", - "integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==", - "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me", - "dev": true, - "license": "ISC", - "dependencies": { - "foreground-child": "^3.1.0", - "jackspeak": "^3.1.2", - "minimatch": "^9.0.4", - "minipass": "^7.1.2", - "package-json-from-dist": "^1.0.0", - "path-scurry": "^1.11.1" - }, - "bin": { - "glob": "dist/esm/bin.mjs" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/test-exclude/node_modules/glob/node_modules/minimatch": { - "version": "9.0.9", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz", - "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==", - "dev": true, - "license": "ISC", - "dependencies": { - "brace-expansion": "^2.0.2" - }, - "engines": { - "node": ">=16 || 14 >=14.17" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/test-exclude/node_modules/lru-cache": { - "version": "10.4.3", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz", - "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==", - "dev": true, - "license": "ISC" - }, - "node_modules/test-exclude/node_modules/path-scurry": { - "version": "1.11.1", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", - "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", - "dev": true, - "license": "BlueOak-1.0.0", - "dependencies": { - "lru-cache": "^10.2.0", - "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" - }, - "engines": { - "node": ">=16 || 14 >=14.18" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/type-detect": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.1.0.tgz", - "integrity": "sha512-Acylog8/luQ8L7il+geoSxhEkazvkslg7PSNKOX59mbB9cOveP5aq9h74Y7YU8yDpJwetzQQrfIwtf4Wp4LKcw==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=4" - } - }, - "node_modules/typescript": { - "version": "6.0.3", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.3.tgz", - "integrity": "sha512-y2TvuxSZPDyQakkFRPZHKFm+KKVqIisdg9/CZwm9ftvKXLP8NRWj38/ODjNbr43SsoXqNuAisEf1GdCxqWcdBw==", - "dev": true, - "license": "Apache-2.0", - "bin": { - "tsc": "bin/tsc", - "tsserver": "bin/tsserver" - }, - "engines": { - "node": ">=14.17" - } - }, - "node_modules/undici": { - "version": "6.25.0", - "resolved": "https://registry.npmjs.org/undici/-/undici-6.25.0.tgz", - "integrity": "sha512-ZgpWDC5gmNiuY9CnLVXEH8rl50xhRCuLNA97fAUnKi8RRuV4E6KG31pDTsLVUKnohJE0I3XDrTeEydAXRw47xg==", - "license": "MIT", - "engines": { - "node": ">=18.17" - } - }, - "node_modules/undici-types": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz", - "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==", - "dev": true, - "license": "MIT" - }, - "node_modules/v8-to-istanbul": { - "version": "9.3.0", - "resolved": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.3.0.tgz", - "integrity": "sha512-kiGUalWN+rgBJ/1OHZsBtU4rXZOfj/7rKQxULKlIzwzQSvMJUUNgPwJEEh7gU6xEVxC0ahoOBvN2YI8GH6FNgA==", - "dev": true, - "license": "ISC", - "dependencies": { - "@jridgewell/trace-mapping": "^0.3.12", - "@types/istanbul-lib-coverage": "^2.0.1", - "convert-source-map": "^2.0.0" - }, - "engines": { - "node": ">=10.12.0" - } - }, - "node_modules/which": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", - "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", - "dev": true, - "license": "ISC", - "dependencies": { - "isexe": "^2.0.0" - }, - "bin": { - "node-which": "bin/node-which" - }, - "engines": { - "node": ">= 8" - } - }, - "node_modules/workerpool": { - "version": "10.0.2", - "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-10.0.2.tgz", - "integrity": "sha512-8PCeZlCwu0+8hXruze1ahYNsY+M0LOCmbmySZ9BWWqWIXP9TAXa6FZCxACTDL/0j47pFcC4xW98Gr8nAC5oymg==", - "dev": true, - "license": "Apache-2.0" - }, - "node_modules/wrap-ansi": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", - "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", - "dev": true, - "license": "MIT", - "dependencies": { - "ansi-styles": "^4.0.0", - "string-width": "^4.1.0", - "strip-ansi": "^6.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/wrap-ansi?sponsor=1" - } - }, - "node_modules/wrap-ansi-cjs": { - "name": "wrap-ansi", - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", - "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", - "dev": true, - "license": "MIT", - "dependencies": { - "ansi-styles": "^4.0.0", - "string-width": "^4.1.0", - "strip-ansi": "^6.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/wrap-ansi?sponsor=1" - } - }, - "node_modules/xml2js": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.5.0.tgz", - "integrity": "sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==", - "dev": true, - "license": "MIT", - "dependencies": { - "sax": ">=0.6.0", - "xmlbuilder": "~11.0.0" - }, - "engines": { - "node": ">=4.0.0" - } - }, - "node_modules/xmlbuilder": { - "version": "11.0.1", - "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", - "integrity": "sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=4.0" - } - }, - "node_modules/y18n": { - "version": "5.0.8", - "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", - "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", - "dev": true, - "license": "ISC", - "engines": { - "node": ">=10" - } - }, - "node_modules/yargs": { - "version": "17.7.2", - "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", - "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==", - "dev": true, - "license": "MIT", - "dependencies": { - "cliui": "^8.0.1", - "escalade": "^3.1.1", - "get-caller-file": "^2.0.5", - "require-directory": "^2.1.1", - "string-width": "^4.2.3", - "y18n": "^5.0.5", - "yargs-parser": "^21.1.1" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/yargs-parser": { - "version": "21.1.1", - "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", - "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==", - "dev": true, - "license": "ISC", - "engines": { - "node": ">=12" - } - }, - "node_modules/yargs-unparser": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", - "integrity": "sha512-7pRTIA9Qc1caZ0bZ6RYRGbHJthJWuakf+WmHK0rVeLkNrrGhfoabBNdue6kdINI6r4if7ocq9aD/n7xwKOdzOA==", - "dev": true, - "license": "MIT", - "dependencies": { - "camelcase": "^6.0.0", - "decamelize": "^4.0.0", - "flat": "^5.0.2", - "is-plain-obj": "^2.1.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/yocto-queue": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", - "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - } - } -} diff --git a/csaf-validator-lib/package.json b/csaf-validator-lib/package.json deleted file mode 100644 index ac601ad..0000000 --- a/csaf-validator-lib/package.json +++ /dev/null @@ -1,151 +0,0 @@ -{ - "name": "@secvisogram/csaf-validator-lib", - "type": "module", - "license": "MIT", - "scripts": { - "pretest": "tsc -b .", - "prepublishOnly": "tsc -b .", - "test": "prettier --check . && node scripts/test.js", - "pretest-report": "tsc -b .", - "test-report": "prettier --check . && node scripts/test.js --reporter json > test-results.json", - "test-coverage": "c8 node scripts/test.js", - "test-coverage-lcov": "c8 --reporter lcovonly node scripts/test.js" - }, - "repository": { - "url": "https://github.com/secvisogram/csaf-validator-lib" - }, - "files": [ - "lib", - "schemas", - "build/*.d.ts", - "build/lib", - "build/schemas", - "build/csaf_2_1", - "build/shared", - "build/hunspell", - "basic.js", - "cwe.js", - "extended.js", - "full.js", - "hunspell.js", - "hunspell/*", - "informativeTests.js", - "mandatoryTests.js", - "optionalTests.js", - "README.md", - "schemaTests.js", - "strip.js", - "validate.js", - "validateStrict.js", - "csaf_2_1" - ], - "exports": { - "./basic.js": { - "types": "./build/basic.d.ts", - "import": "./basic.js" - }, - "./cwe.js": { - "types": "./build/cwe.d.ts", - "import": "./cwe.js" - }, - "./extended.js": { - "types": "./build/extended.d.ts", - "import": "./extended.js" - }, - "./full.js": { - "types": "./build/full.d.ts", - "import": "./full.js" - }, - "./hunspell.js": { - "types": "./build/hunspell.d.ts", - "import": "./hunspell.js" - }, - "./informativeTests.js": { - "types": "./build/informativeTests.d.ts", - "import": "./informativeTests.js" - }, - "./mandatoryTests.js": { - "types": "./build/mandatoryTests.d.ts", - "import": "./mandatoryTests.js" - }, - "./optionalTests.js": { - "types": "./build/optionalTests.d.ts", - "import": "./optionalTests.js" - }, - "./schemaTests.js": { - "types": "./build/schemaTests.d.ts", - "import": "./schemaTests.js" - }, - "./strip.js": { - "types": "./build/strip.d.ts", - "import": "./strip.js" - }, - "./validate.js": { - "types": "./build/validate.d.ts", - "import": "./validate.js" - }, - "./validateStrict.js": { - "types": "./build/validateStrict.d.ts", - "import": "./validateStrict.js" - }, - "./csaf_2_1/*.js": { - "types": "./build/csaf_2_1/*.d.ts", - "import": "./csaf_2_1/*.js" - }, - "./lib/cwec.js": { - "types": "./build/lib/cwec.d.ts", - "import": "./lib/cwec.js" - }, - "./lib/shared/cwec.js": { - "types": "./build/lib/shared/cwec.d.ts", - "import": "./lib/shared/cwec.js" - }, - "./lib/shared/cvss2.js": { - "types": "./build/lib/shared/cvss2.d.ts", - "import": "./lib/shared/cvss2.js" - }, - "./lib/shared/types.js": { - "types": "./build/lib/shared/types.d.ts" - } - }, - "keywords": [ - "csaf", - "csaf-validator-lib", - "csaf full validator", - "secvisogram" - ], - "publishConfig": { - "access": "public" - }, - "dependencies": { - "@js-joda/core": "^5.6.1", - "@js-joda/timezone": "^2.18.2", - "ajv": "^8.11.2", - "ajv-formats": "^3.0.1", - "bcp47": "^1.1.2", - "cvss2js": "^1.1.0", - "json-pointer": "^0.6.1", - "lodash": "^4.17.21", - "packageurl-js": "^2.0.1", - "semver": "^7.5.4", - "temporal-polyfill": "^0.3.0", - "undici": "^6.23.0" - }, - "devDependencies": { - "@types/chai": "^4.3.5", - "@types/json-pointer": "^1.0.31", - "@types/lodash": "^4.14.195", - "@types/mocha": "^10.0.10", - "@types/node": "^24.1.0", - "@types/prettier": "^2.7.3", - "@types/semver": "^7.5.0", - "@types/xml2js": "^0.4.11", - "c8": "^10.1.3", - "chai": "^4.3.7", - "mocha": "^12.0.0-beta-9", - "prettier": "^2.8.1", - "typescript": "^6.0.3", - "xml2js": "^0.5.0" - }, - "version": "2.0.23" -} diff --git a/csaf-validator-lib/prettier.config.cjs b/csaf-validator-lib/prettier.config.cjs deleted file mode 100644 index 4c9e7c1..0000000 --- a/csaf-validator-lib/prettier.config.cjs +++ /dev/null @@ -1,7 +0,0 @@ -/** @type {import('prettier').Config} */ -module.exports = { - bracketSpacing: true, - singleQuote: true, - semi: false, - endOfLine: process.platform === 'win32' ? 'auto' : 'lf', -} diff --git a/csaf-validator-lib/schemaTests.js b/csaf-validator-lib/schemaTests.js deleted file mode 100644 index 37bfa3f..0000000 --- a/csaf-validator-lib/schemaTests.js +++ /dev/null @@ -1 +0,0 @@ -export * from './lib/schemaTests.js' diff --git a/csaf-validator-lib/schemas/cvss-v2.0.js b/csaf-validator-lib/schemas/cvss-v2.0.js deleted file mode 100644 index cf79113..0000000 --- a/csaf-validator-lib/schemas/cvss-v2.0.js +++ /dev/null @@ -1,120 +0,0 @@ -export default { - license: [ - 'Copyright (c) 2017, FIRST.ORG, INC.', - 'All rights reserved.', - '', - 'Redistribution and use in source and binary forms, with or without modification, are permitted provided that the ', - 'following conditions are met:', - '1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following ', - ' disclaimer.', - '2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the ', - ' following disclaimer in the documentation and/or other materials provided with the distribution.', - '3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote ', - ' products derived from this software without specific prior written permission.', - '', - "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, ", - 'INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ', - 'DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ', - 'SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ', - 'SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ', - 'WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ', - 'OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.', - ], - $schema: 'https://json-schema.org/draft/2020-12/schema', - title: 'JSON Schema for Common Vulnerability Scoring System version 2.0', - $id: 'https://www.first.org/cvss/cvss-v2.0.json?20170531', - type: 'object', - $defs: { - accessVectorType: { - type: 'string', - enum: ['NETWORK', 'ADJACENT_NETWORK', 'LOCAL'], - }, - accessComplexityType: { - type: 'string', - enum: ['HIGH', 'MEDIUM', 'LOW'], - }, - authenticationType: { - type: 'string', - enum: ['MULTIPLE', 'SINGLE', 'NONE'], - }, - ciaType: { - type: 'string', - enum: ['NONE', 'PARTIAL', 'COMPLETE'], - }, - exploitabilityType: { - type: 'string', - enum: [ - 'UNPROVEN', - 'PROOF_OF_CONCEPT', - 'FUNCTIONAL', - 'HIGH', - 'NOT_DEFINED', - ], - }, - remediationLevelType: { - type: 'string', - enum: [ - 'OFFICIAL_FIX', - 'TEMPORARY_FIX', - 'WORKAROUND', - 'UNAVAILABLE', - 'NOT_DEFINED', - ], - }, - reportConfidenceType: { - type: 'string', - enum: ['UNCONFIRMED', 'UNCORROBORATED', 'CONFIRMED', 'NOT_DEFINED'], - }, - collateralDamagePotentialType: { - type: 'string', - enum: ['NONE', 'LOW', 'LOW_MEDIUM', 'MEDIUM_HIGH', 'HIGH', 'NOT_DEFINED'], - }, - targetDistributionType: { - type: 'string', - enum: ['NONE', 'LOW', 'MEDIUM', 'HIGH', 'NOT_DEFINED'], - }, - ciaRequirementType: { - type: 'string', - enum: ['LOW', 'MEDIUM', 'HIGH', 'NOT_DEFINED'], - }, - scoreType: { - type: 'number', - minimum: 0, - maximum: 10, - }, - }, - properties: { - version: { - description: 'CVSS Version', - type: 'string', - enum: ['2.0'], - }, - vectorString: { - type: 'string', - pattern: - '^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))$', - }, - accessVector: { $ref: '#/$defs/accessVectorType' }, - accessComplexity: { $ref: '#/$defs/accessComplexityType' }, - authentication: { $ref: '#/$defs/authenticationType' }, - confidentialityImpact: { $ref: '#/$defs/ciaType' }, - integrityImpact: { $ref: '#/$defs/ciaType' }, - availabilityImpact: { $ref: '#/$defs/ciaType' }, - baseScore: { $ref: '#/$defs/scoreType' }, - exploitability: { $ref: '#/$defs/exploitabilityType' }, - remediationLevel: { $ref: '#/$defs/remediationLevelType' }, - reportConfidence: { $ref: '#/$defs/reportConfidenceType' }, - temporalScore: { $ref: '#/$defs/scoreType' }, - collateralDamagePotential: { - $ref: '#/$defs/collateralDamagePotentialType', - }, - targetDistribution: { $ref: '#/$defs/targetDistributionType' }, - confidentialityRequirement: { - $ref: '#/$defs/ciaRequirementType', - }, - integrityRequirement: { $ref: '#/$defs/ciaRequirementType' }, - availabilityRequirement: { $ref: '#/$defs/ciaRequirementType' }, - environmentalScore: { $ref: '#/$defs/scoreType' }, - }, - required: ['version', 'vectorString', 'baseScore'], -} diff --git a/csaf-validator-lib/schemas/cvss-v3.0.js b/csaf-validator-lib/schemas/cvss-v3.0.js deleted file mode 100644 index c46f4ef..0000000 --- a/csaf-validator-lib/schemas/cvss-v3.0.js +++ /dev/null @@ -1,167 +0,0 @@ -export default { - license: [ - 'Copyright (c) 2017, FIRST.ORG, INC.', - 'All rights reserved.', - '', - 'Redistribution and use in source and binary forms, with or without modification, are permitted provided that the ', - 'following conditions are met:', - '1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following ', - ' disclaimer.', - '2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the ', - ' following disclaimer in the documentation and/or other materials provided with the distribution.', - '3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote ', - ' products derived from this software without specific prior written permission.', - '', - "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, ", - 'INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ', - 'DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ', - 'SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ', - 'SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ', - 'WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ', - 'OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.', - ], - $schema: 'https://json-schema.org/draft/2020-12/schema', - title: 'JSON Schema for Common Vulnerability Scoring System version 3.0', - $id: 'https://www.first.org/cvss/cvss-v3.0.json?20170531', - type: 'object', - $defs: { - attackVectorType: { - type: 'string', - enum: ['NETWORK', 'ADJACENT_NETWORK', 'LOCAL', 'PHYSICAL'], - }, - modifiedAttackVectorType: { - type: 'string', - enum: ['NETWORK', 'ADJACENT_NETWORK', 'LOCAL', 'PHYSICAL', 'NOT_DEFINED'], - }, - attackComplexityType: { - type: 'string', - enum: ['HIGH', 'LOW'], - }, - modifiedAttackComplexityType: { - type: 'string', - enum: ['HIGH', 'LOW', 'NOT_DEFINED'], - }, - privilegesRequiredType: { - type: 'string', - enum: ['HIGH', 'LOW', 'NONE'], - }, - modifiedPrivilegesRequiredType: { - type: 'string', - enum: ['HIGH', 'LOW', 'NONE', 'NOT_DEFINED'], - }, - userInteractionType: { - type: 'string', - enum: ['NONE', 'REQUIRED'], - }, - modifiedUserInteractionType: { - type: 'string', - enum: ['NONE', 'REQUIRED', 'NOT_DEFINED'], - }, - scopeType: { - type: 'string', - enum: ['UNCHANGED', 'CHANGED'], - }, - modifiedScopeType: { - type: 'string', - enum: ['UNCHANGED', 'CHANGED', 'NOT_DEFINED'], - }, - ciaType: { - type: 'string', - enum: ['NONE', 'LOW', 'HIGH'], - }, - modifiedCiaType: { - type: 'string', - enum: ['NONE', 'LOW', 'HIGH', 'NOT_DEFINED'], - }, - exploitCodeMaturityType: { - type: 'string', - enum: [ - 'UNPROVEN', - 'PROOF_OF_CONCEPT', - 'FUNCTIONAL', - 'HIGH', - 'NOT_DEFINED', - ], - }, - remediationLevelType: { - type: 'string', - enum: [ - 'OFFICIAL_FIX', - 'TEMPORARY_FIX', - 'WORKAROUND', - 'UNAVAILABLE', - 'NOT_DEFINED', - ], - }, - confidenceType: { - type: 'string', - enum: ['UNKNOWN', 'REASONABLE', 'CONFIRMED', 'NOT_DEFINED'], - }, - ciaRequirementType: { - type: 'string', - enum: ['LOW', 'MEDIUM', 'HIGH', 'NOT_DEFINED'], - }, - scoreType: { - type: 'number', - minimum: 0, - maximum: 10, - }, - severityType: { - type: 'string', - enum: ['NONE', 'LOW', 'MEDIUM', 'HIGH', 'CRITICAL'], - }, - }, - properties: { - version: { - description: 'CVSS Version', - type: 'string', - enum: ['3.0'], - }, - vectorString: { - type: 'string', - pattern: - '^CVSS:3.0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$', - }, - attackVector: { $ref: '#/$defs/attackVectorType' }, - attackComplexity: { $ref: '#/$defs/attackComplexityType' }, - privilegesRequired: { $ref: '#/$defs/privilegesRequiredType' }, - userInteraction: { $ref: '#/$defs/userInteractionType' }, - scope: { $ref: '#/$defs/scopeType' }, - confidentialityImpact: { $ref: '#/$defs/ciaType' }, - integrityImpact: { $ref: '#/$defs/ciaType' }, - availabilityImpact: { $ref: '#/$defs/ciaType' }, - baseScore: { $ref: '#/$defs/scoreType' }, - baseSeverity: { $ref: '#/$defs/severityType' }, - exploitCodeMaturity: { $ref: '#/$defs/exploitCodeMaturityType' }, - remediationLevel: { $ref: '#/$defs/remediationLevelType' }, - reportConfidence: { $ref: '#/$defs/confidenceType' }, - temporalScore: { $ref: '#/$defs/scoreType' }, - temporalSeverity: { $ref: '#/$defs/severityType' }, - confidentialityRequirement: { - $ref: '#/$defs/ciaRequirementType', - }, - integrityRequirement: { $ref: '#/$defs/ciaRequirementType' }, - availabilityRequirement: { $ref: '#/$defs/ciaRequirementType' }, - modifiedAttackVector: { - $ref: '#/$defs/modifiedAttackVectorType', - }, - modifiedAttackComplexity: { - $ref: '#/$defs/modifiedAttackComplexityType', - }, - modifiedPrivilegesRequired: { - $ref: '#/$defs/modifiedPrivilegesRequiredType', - }, - modifiedUserInteraction: { - $ref: '#/$defs/modifiedUserInteractionType', - }, - modifiedScope: { $ref: '#/$defs/modifiedScopeType' }, - modifiedConfidentialityImpact: { - $ref: '#/$defs/modifiedCiaType', - }, - modifiedIntegrityImpact: { $ref: '#/$defs/modifiedCiaType' }, - modifiedAvailabilityImpact: { $ref: '#/$defs/modifiedCiaType' }, - environmentalScore: { $ref: '#/$defs/scoreType' }, - environmentalSeverity: { $ref: '#/$defs/severityType' }, - }, - required: ['version', 'vectorString', 'baseScore', 'baseSeverity'], -} diff --git a/csaf-validator-lib/schemas/cvss-v3.1.js b/csaf-validator-lib/schemas/cvss-v3.1.js deleted file mode 100644 index d4b86ce..0000000 --- a/csaf-validator-lib/schemas/cvss-v3.1.js +++ /dev/null @@ -1,168 +0,0 @@ -export default { - license: [ - 'Copyright (c) 2019, FIRST.ORG, INC.', - 'All rights reserved.', - '', - 'Redistribution and use in source and binary forms, with or without modification, are permitted provided that the ', - 'following conditions are met:', - '1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following ', - ' disclaimer.', - '2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the ', - ' following disclaimer in the documentation and/or other materials provided with the distribution.', - '3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote ', - ' products derived from this software without specific prior written permission.', - '', - "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, ", - 'INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ', - 'DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ', - 'SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ', - 'SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ', - 'WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ', - 'OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.', - ], - - $schema: 'https://json-schema.org/draft/2020-12/schema', - title: 'JSON Schema for Common Vulnerability Scoring System version 3.1', - $id: 'https://www.first.org/cvss/cvss-v3.1.json?20190610', - type: 'object', - $defs: { - attackVectorType: { - type: 'string', - enum: ['NETWORK', 'ADJACENT_NETWORK', 'LOCAL', 'PHYSICAL'], - }, - modifiedAttackVectorType: { - type: 'string', - enum: ['NETWORK', 'ADJACENT_NETWORK', 'LOCAL', 'PHYSICAL', 'NOT_DEFINED'], - }, - attackComplexityType: { - type: 'string', - enum: ['HIGH', 'LOW'], - }, - modifiedAttackComplexityType: { - type: 'string', - enum: ['HIGH', 'LOW', 'NOT_DEFINED'], - }, - privilegesRequiredType: { - type: 'string', - enum: ['HIGH', 'LOW', 'NONE'], - }, - modifiedPrivilegesRequiredType: { - type: 'string', - enum: ['HIGH', 'LOW', 'NONE', 'NOT_DEFINED'], - }, - userInteractionType: { - type: 'string', - enum: ['NONE', 'REQUIRED'], - }, - modifiedUserInteractionType: { - type: 'string', - enum: ['NONE', 'REQUIRED', 'NOT_DEFINED'], - }, - scopeType: { - type: 'string', - enum: ['UNCHANGED', 'CHANGED'], - }, - modifiedScopeType: { - type: 'string', - enum: ['UNCHANGED', 'CHANGED', 'NOT_DEFINED'], - }, - ciaType: { - type: 'string', - enum: ['NONE', 'LOW', 'HIGH'], - }, - modifiedCiaType: { - type: 'string', - enum: ['NONE', 'LOW', 'HIGH', 'NOT_DEFINED'], - }, - exploitCodeMaturityType: { - type: 'string', - enum: [ - 'UNPROVEN', - 'PROOF_OF_CONCEPT', - 'FUNCTIONAL', - 'HIGH', - 'NOT_DEFINED', - ], - }, - remediationLevelType: { - type: 'string', - enum: [ - 'OFFICIAL_FIX', - 'TEMPORARY_FIX', - 'WORKAROUND', - 'UNAVAILABLE', - 'NOT_DEFINED', - ], - }, - confidenceType: { - type: 'string', - enum: ['UNKNOWN', 'REASONABLE', 'CONFIRMED', 'NOT_DEFINED'], - }, - ciaRequirementType: { - type: 'string', - enum: ['LOW', 'MEDIUM', 'HIGH', 'NOT_DEFINED'], - }, - scoreType: { - type: 'number', - minimum: 0, - maximum: 10, - }, - severityType: { - type: 'string', - enum: ['NONE', 'LOW', 'MEDIUM', 'HIGH', 'CRITICAL'], - }, - }, - properties: { - version: { - description: 'CVSS Version', - type: 'string', - enum: ['3.1'], - }, - vectorString: { - type: 'string', - pattern: - '^CVSS:3.1/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$', - }, - attackVector: { $ref: '#/$defs/attackVectorType' }, - attackComplexity: { $ref: '#/$defs/attackComplexityType' }, - privilegesRequired: { $ref: '#/$defs/privilegesRequiredType' }, - userInteraction: { $ref: '#/$defs/userInteractionType' }, - scope: { $ref: '#/$defs/scopeType' }, - confidentialityImpact: { $ref: '#/$defs/ciaType' }, - integrityImpact: { $ref: '#/$defs/ciaType' }, - availabilityImpact: { $ref: '#/$defs/ciaType' }, - baseScore: { $ref: '#/$defs/scoreType' }, - baseSeverity: { $ref: '#/$defs/severityType' }, - exploitCodeMaturity: { $ref: '#/$defs/exploitCodeMaturityType' }, - remediationLevel: { $ref: '#/$defs/remediationLevelType' }, - reportConfidence: { $ref: '#/$defs/confidenceType' }, - temporalScore: { $ref: '#/$defs/scoreType' }, - temporalSeverity: { $ref: '#/$defs/severityType' }, - confidentialityRequirement: { - $ref: '#/$defs/ciaRequirementType', - }, - integrityRequirement: { $ref: '#/$defs/ciaRequirementType' }, - availabilityRequirement: { $ref: '#/$defs/ciaRequirementType' }, - modifiedAttackVector: { - $ref: '#/$defs/modifiedAttackVectorType', - }, - modifiedAttackComplexity: { - $ref: '#/$defs/modifiedAttackComplexityType', - }, - modifiedPrivilegesRequired: { - $ref: '#/$defs/modifiedPrivilegesRequiredType', - }, - modifiedUserInteraction: { - $ref: '#/$defs/modifiedUserInteractionType', - }, - modifiedScope: { $ref: '#/$defs/modifiedScopeType' }, - modifiedConfidentialityImpact: { - $ref: '#/$defs/modifiedCiaType', - }, - modifiedIntegrityImpact: { $ref: '#/$defs/modifiedCiaType' }, - modifiedAvailabilityImpact: { $ref: '#/$defs/modifiedCiaType' }, - environmentalScore: { $ref: '#/$defs/scoreType' }, - environmentalSeverity: { $ref: '#/$defs/severityType' }, - }, - required: ['version', 'vectorString', 'baseScore', 'baseSeverity'], -} diff --git a/csaf-validator-lib/scripts/bcp-importSubtags.js b/csaf-validator-lib/scripts/bcp-importSubtags.js deleted file mode 100755 index 3faac5c..0000000 --- a/csaf-validator-lib/scripts/bcp-importSubtags.js +++ /dev/null @@ -1,63 +0,0 @@ -#!/usr/bin/env node - -import { createReadStream } from 'node:fs' -import { writeFile } from 'node:fs/promises' -import prettier from 'prettier' -import readline from 'readline' - -// The registry file can be downloaded from https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry - -const [, , REGISTRY_FILE] = process.argv -const OUTPUT_FILE = 'lib/shared/bcpLanguageTagChecker/subtags.js' - -const rl = readline.createInterface({ - input: createReadStream(REGISTRY_FILE), - output: process.stdout, - terminal: false, -}) - -const subtags = await new Promise((resolve) => { - /** - * @type {Array<{ subtag: string; type: string; prefix: string[] }>} - */ - const subtags = [] - /** @type {{ subtag: string; type: string; prefix: string[]; scope: string | null } | null} */ - let buffer = null - rl.on('line', (line) => { - if (line.startsWith('%%')) { - if (buffer) subtags.push(buffer) - buffer = { type: '', subtag: '', prefix: [], scope: null } - } - if (buffer) { - if (line.startsWith('Subtag: ')) { - buffer.subtag = line.split(': ').slice(1).join(': ') - } - if (line.startsWith('Type: ')) { - buffer.type = line.split(': ').slice(1).join(': ') - } - if (line.startsWith('Prefix: ')) { - buffer.prefix.push(line.split(': ').slice(1).join(': ')) - } - if (line.startsWith('Scope: ')) { - buffer.scope = line.split(': ').slice(1).join(': ') - } - if (line === 'Description: Private use') { - buffer.scope = 'private-use' - } - } - }).on('close', async () => { - if (buffer) subtags.push(buffer) - resolve(subtags) - }) -}) - -await writeFile( - OUTPUT_FILE, - prettier.format( - `export default /** @type {const} */ (${JSON.stringify({ subtags })})`, - { - ...(await prettier.resolveConfig(OUTPUT_FILE)), - filepath: OUTPUT_FILE, - } - ) -) diff --git a/csaf-validator-lib/scripts/cwe-importCatalogue.js b/csaf-validator-lib/scripts/cwe-importCatalogue.js deleted file mode 100755 index b3df21e..0000000 --- a/csaf-validator-lib/scripts/cwe-importCatalogue.js +++ /dev/null @@ -1,73 +0,0 @@ -#!/usr/bin/env node - -import { writeFile, readFile } from 'node:fs/promises' -import prettier from 'prettier' -import xml2js from 'xml2js' - -/** - * The registry file of the newest cwe version can be downloaded from https://cwe.mitre.org/data/xml/cwec_latest.xml.zip - * If a new cwe version is available and added to the catalogue with this script, - * add the respective entry to the cwecMap ('../lib/cwec.js') afterward. - * - * The registry files for older cwe versions can be downloaded from https://cwe.mitre.org/data/archive.html - * */ - -const fileNameRegex = /^cwec_v(?.+)\.xml/ - -const [, , REGISTRY_FILE] = process.argv -const fileNameMatch = fileNameRegex.exec(REGISTRY_FILE) -if (!fileNameMatch) throw new Error('Failed to parse filename') -const version = fileNameMatch.groups?.version -const OUTPUT_FILE = `lib/cwec/${version}.js` - -/** - * @typedef {{ ID: string; Name: string, Status: string, Mapping_Notes: {Usage: string} }} Weakness - * @typedef {{Weaknesses: {Weakness: Array}}} Weaknesses - * @typedef {{Date: string}} Date - * @typedef {{Catalog_Date: string}} Catalog_Date - */ - -const parser = new xml2js.Parser({ - explicitArray: false, - mergeAttrs: true, - explicitRoot: false, -}) - -const fileXML = await parser.parseStringPromise( - await readFile(REGISTRY_FILE, 'utf-8') -) - -/* - * The release date of CWE v1.0 is missing in the .xml file describing its content. - * Therefore, its release date is hard coded here. - * */ -let firstCweVersionReleaseDate = undefined -if (version === '1.0') { - firstCweVersionReleaseDate = '2008-09-09' -} -const json = { - /* - * For v3.0 and newer, the respective property is named "Date", for older versions its "Catalog_Date". - * For v1.0 its missing, use firstCweVersionReleaseDate (see above). - * */ - date: fileXML.Date || fileXML.Catalog_Date || firstCweVersionReleaseDate, - weaknesses: fileXML.Weaknesses.Weakness.map( - (/** @type {Weakness} */ weakness) => { - return { - id: `CWE-${weakness.ID}`, - name: weakness.Name.trim(), - status: weakness.Status, - /* Please note that the Usage property only exists in cwe v4.12 and newer. */ - usage: weakness.Mapping_Notes?.Usage, - } - } - ), -} - -await writeFile( - OUTPUT_FILE, - prettier.format(`export default (${JSON.stringify(json)})`, { - ...(await prettier.resolveConfig(OUTPUT_FILE)), - filepath: OUTPUT_FILE, - }) -) diff --git a/csaf-validator-lib/scripts/runTest.js b/csaf-validator-lib/scripts/runTest.js deleted file mode 100755 index b6604bc..0000000 --- a/csaf-validator-lib/scripts/runTest.js +++ /dev/null @@ -1,140 +0,0 @@ -#!/usr/bin/env node - -/** - * @file Script to validate JSON files against given tests - * - * Usage: node .js -f -t [-c ] - * - * -f - * Specifies the path to the csaf json file to validate the given test against. - * - * -t - * Specifies the test(s) to run. The values that you can pass here depend on the value - * of the `-c` option which specifies the used csaf version. If you use 2.0 here you - * can insert any test name from `mandatoryTests.js`, `optionalTests.js`, - * `informativeTests.js` and `schemaTests.js`. - * If you use 2.1 here you can insert any test name from `csaf_2_1/mandatoryTests.js`, - * `csaf_2_1/recommendedTests.js`, `csaf_2_1/informativeTests.js` and `csaf_2_1/schemaTests.js`. - * Some presets are also allowed such as `mandatory`, `optional` (only CSAF 2.0), recommended (only CSAF 2.1), - * `informative`, `schema` and `base`. - * - * -c (default: 2.0) - * Specifies the csaf version to use. The currently allowed versions are `2.0` (the default) - * and `2.1`. - */ - -import { readFile } from 'fs/promises' -import validate from '../validate.js' -import { parseArgs } from 'node:util' -import assert from 'node:assert' - -/** - * Types a function that can lazily load a set of tests. This is used to speed up the script - * by avoiding to load unused test sets. - * - * @typedef {() => Promise>} DocumentTestLoader - */ - -/** - * This is the main function that reads the file, executes the resolved test - * and logs the result. - * - * @param {object} ctx - * @param {DocumentTestLoader} ctx.schemaTests - * @param {DocumentTestLoader} ctx.mandatoryTests - * @param {DocumentTestLoader} ctx.optionalTests - * @param {DocumentTestLoader} ctx.recommendedTests - * @param {DocumentTestLoader} ctx.informativeTests - * @param {object} params - * @param {string} params.testName - * @param {string} params.filePath - */ -const main = async ( - { - informativeTests, - mandatoryTests, - optionalTests, - recommendedTests, - schemaTests, - }, - { testName, filePath } -) => { - const json = JSON.parse(await readFile(filePath, { encoding: 'utf-8' })) - - const matchingTests = - testName === 'mandatory' - ? Object.values(await mandatoryTests()) - : testName === 'optional' - ? Object.values(await optionalTests()) - : testName === 'recommended' - ? Object.values(await recommendedTests()) - : testName === 'informative' - ? Object.values(await informativeTests()) - : testName === 'schema' - ? Object.values(await schemaTests()) - : testName === 'base' - ? Object.values(await schemaTests()).concat( - Object.values(await mandatoryTests()) - ) - : Object.values(await mandatoryTests()) - .concat(Object.values(await optionalTests())) - .concat(Object.values(await recommendedTests())) - .concat(Object.values(await informativeTests())) - .concat(Object.values(await schemaTests())) - .filter((t) => t.name === testName) - - if (!matchingTests.length) - throw new Error(`No test matching "${testName}" found`) - const result = await validate(matchingTests, json) - process.exitCode = result.isValid ? 0 : 1 - console.log(JSON.stringify(result, null, 2)) -} - -const { values: cliOptions } = parseArgs({ - options: { - file: { - type: 'string', - short: 'f', - }, - 'csaf-version': { - type: 'string', - short: 'c', - default: '2.0', - }, - test: { - type: 'string', - short: 't', - }, - }, -}) - -const filePath = cliOptions.file -const testName = cliOptions.test -assert(filePath) -assert(testName) - -if (cliOptions['csaf-version'] === '2.0') { - await main( - { - mandatoryTests: () => import('../mandatoryTests.js'), - informativeTests: () => import('../informativeTests.js'), - optionalTests: () => import('../optionalTests.js'), - recommendedTests: async () => ({}), - schemaTests: () => import('../schemaTests.js'), - }, - { filePath, testName } - ) -} else if (cliOptions['csaf-version'] === '2.1') { - await main( - { - mandatoryTests: () => import('../csaf_2_1/mandatoryTests.js'), - informativeTests: () => import('../csaf_2_1/informativeTests.js'), - optionalTests: async () => ({}), - recommendedTests: () => import('../csaf_2_1/recommendedTests.js'), - schemaTests: () => import('../csaf_2_1/schemaTests.js'), - }, - { filePath, testName } - ) -} else { - throw new Error('Unknown CSAF version') -} diff --git a/csaf-validator-lib/scripts/test.js b/csaf-validator-lib/scripts/test.js deleted file mode 100644 index c2b4299..0000000 --- a/csaf-validator-lib/scripts/test.js +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env node - -import { spawn } from 'child_process' -import { fileURLToPath } from 'url' - -spawn('mocha', ['tests', 'tests/csaf_2_1', ...process.argv.slice(2)], { - stdio: 'inherit', - shell: true, - env: { - ...process.env, - DICPATH: fileURLToPath(new URL('../tests/dicts', import.meta.url)), - WORDLIST: fileURLToPath( - new URL('../tests/dicts/csaf_words.txt', import.meta.url) - ), - }, -}) diff --git a/csaf-validator-lib/strip.js b/csaf-validator-lib/strip.js deleted file mode 100644 index be15ca0..0000000 --- a/csaf-validator-lib/strip.js +++ /dev/null @@ -1 +0,0 @@ -export { default } from './lib/strip.js' diff --git a/csaf-validator-lib/tests/all.js b/csaf-validator-lib/tests/all.js deleted file mode 100644 index d088a0c..0000000 --- a/csaf-validator-lib/tests/all.js +++ /dev/null @@ -1,231 +0,0 @@ -import { Ajv } from 'ajv' -import chai from 'chai' -import { getGlobalDispatcher, setGlobalDispatcher } from 'undici' -import * as informativeTests from '../informativeTests.js' -import * as mandatoryTests from '../mandatoryTests.js' -import * as schemaTests from '../schemaTests.js' -import strip from '../strip.js' -import validate from '../validate.js' -import * as optionalTests from '../optionalTests.js' -import documentTests from './all/documentTests.js' -import informativeTestTests from './all/informativeTests.js' -import optionalTestTests from './all/optionalTests.js' -import schemaTestTests from './all/schemaTests.js' - -const { csaf_2_0_strict, csaf_2_0 } = schemaTests -const { expect } = chai - -describe('Core', () => { - describe('test naming', function () { - ;[ - { name: 'Mandatory', prefix: 'mandatoryTest_', tests: mandatoryTests }, - { name: 'Optional', prefix: 'optionalTest_', tests: optionalTests }, - { - name: 'Informative', - prefix: 'informativeTest_', - tests: informativeTests, - }, - ].forEach(({ name, prefix, tests }) => { - Object.entries(tests).forEach(([keyName, test], i, array) => { - it(`${name} test #${ - i + 1 - } (${keyName}) is named correctly`, function () { - expect( - array.findIndex(([, e]) => e.name === test.name) === i, - 'has unique name' - ).to.be.true - expect(keyName === test.name, 'is named like its key').to.be.true - expect(keyName.startsWith(prefix), 'has a correct prefix').to.be.true - }) - }) - }) - }) - - describe('mandatoryTests', () => { - documentTests.forEach((documentTest, i) => { - const testTitle = - 'title' in documentTest && typeof documentTest.title === 'string' - ? documentTest.title - : `Mandatory Test #${i + 1}` - - it(testTitle, async () => { - const result = await validate( - [csaf_2_0, csaf_2_0_strict, ...Object.values(mandatoryTests)], - documentTest.content - ) - expect(result.isValid).to.equal(documentTest.valid) - const errors = result.tests.flatMap((t) => t.errors) - if ('expectedNumberOfErrors' in documentTest) { - expect( - errors.length, - 'Document has the correct number of errors' - ).to.equal(documentTest.expectedNumberOfErrors) - } - if (documentTest.valid) { - expect(errors).to.have.lengthOf(0) - } else { - expect(errors).have.length.greaterThan(0) - } - }) - }) - }) - - describe('optionalTests', () => { - optionalTestTests.forEach((documentTest, i) => { - it(documentTest.title ?? `Optional Test #${i + 1}`, async () => { - const result = await validate( - [ - csaf_2_0_strict, - ...Object.values(mandatoryTests), - ...Object.values(optionalTests), - ], - documentTest.content - ) - expect(result.isValid).to.be.true - const errors = result.tests.flatMap((t) => t.errors) - const warnings = result.tests.flatMap((t) => t.warnings) - expect(errors).to.have.lengthOf(0) - expect( - warnings.length, - 'Document has the correct number of warnings' - ).to.equal(documentTest.expectedNumberOfWarnings) - }) - }) - }) - - describe('informativeTests', () => { - const globalDispatcher = getGlobalDispatcher() - - after(function () { - setGlobalDispatcher(globalDispatcher) - }) - - informativeTestTests.forEach((informativeTest, i) => { - it(informativeTest.title ?? `Optional Test #${i + 1}`, async () => { - if ('mockAgent' in informativeTest) { - setGlobalDispatcher(informativeTest.mockAgent()) - } - const result = await validate( - [ - csaf_2_0_strict, - ...Object.values(mandatoryTests), - ...Object.values(optionalTests), - ...Object.values(informativeTests).filter( - (t) => t.name !== 'informativeTest_6_3_8' - ), - ], - informativeTest.content - ) - expect(result.isValid).to.be.true - const errors = result.tests.flatMap((t) => t.errors) - const warnings = result.tests.flatMap((t) => t.warnings) - const infos = result.tests.flatMap((t) => t.infos) - expect(errors).to.have.lengthOf(0) - expect(warnings).to.have.lengthOf(0) - expect( - infos.length, - 'Document has the correct number of infos' - ).to.equal(informativeTest.expectedNumberOfInfos) - }) - }) - }) - - describe('schema', () => { - describe('validate', function () { - for (let i = 0; i < schemaTestTests.length; ++i) { - const schemaTest = schemaTestTests[i] - - it(`Test #${i + 1}`, async function () { - const result = await validate( - [ - csaf_2_0, - ...Object.values(mandatoryTests), - ...Object.values(optionalTests), - ], - schemaTest.content - ) - expect(result.isValid).to.equal(schemaTest.valid) - const errors = result.tests.flatMap((t) => t.errors) - if (schemaTest.valid) { - expect(errors).to.have.lengthOf(0) - } else { - expect(errors).have.length.greaterThan(0) - } - }) - } - }) - - describe('strip', function () { - it('When stripping a json document properties with errors are removed', async () => { - const schemaValidator = new Ajv({ allErrors: true }).compile({ - type: 'object', - properties: { title: { type: 'string' } }, - required: ['title'], - }) - - const result = await strip( - [ - (doc) => { - const isValid = schemaValidator(doc) - return { - isValid, - errors: - /** @type {{ message: string; instancePath: string; }[]} */ ( - schemaValidator.errors ?? [] - ), - } - }, - ], - { title: 4 } - ) - - expect(result.document).to.deep.equal({}) - expect(result.strippedPaths).to.deep.equal([ - { instancePath: '/title', error: true, message: 'must be string' }, - ]) - }) - - it('When stripping a json document empty properties are removed', async () => { - const schemaValidator = new Ajv({ allErrors: true }).compile({ - type: 'object', - properties: { title: { type: 'string' } }, - }) - - const result = await strip( - [ - (doc) => { - const isValid = schemaValidator(doc) - return { - isValid, - errors: - /** @type {{ message: string; instancePath: string; }[]} */ ( - schemaValidator.errors ?? [] - ), - } - }, - ], - { title: '' } - ) - - expect(result.document).to.deep.equal({}) - expect(result.strippedPaths).to.deep.equal([ - { instancePath: '/title', error: false, message: 'value was empty' }, - ]) - }) - - for (let i = 0; i < schemaTestTests.length; ++i) { - const schemaTest = schemaTestTests[i] - if (schemaTest.strippedVersion === undefined) continue - - it(`Test #${i + 1}`, async function () { - const result = await strip( - [csaf_2_0_strict, ...Object.values(mandatoryTests)], - schemaTest.content - ) - - expect(result.document).to.deep.equal(schemaTest.strippedVersion) - }) - } - }) - }) -}) diff --git a/csaf-validator-lib/tests/all/documentTests.js b/csaf-validator-lib/tests/all/documentTests.js deleted file mode 100644 index 6960514..0000000 --- a/csaf-validator-lib/tests/all/documentTests.js +++ /dev/null @@ -1,2115 +0,0 @@ -import minimalDoc from '../shared/minimalCSAFBaseDoc.js' -import minimalInformationalAdvisoryDoc from '../shared/minimalInformationalAdvisoryDoc.js' -import minimalSecurityAdvisoryDoc from '../shared/minimalSecurityAdvisoryDoc.js' -import minimalSecurityIncidentResponseDoc from '../shared/minimalSecurityIncidentResponseDoc.js' -import minimalVexDoc from '../shared/minimalVexDoc.js' - -export default /** @type {const} */ ([ - // Fails "6.1.3 Circular Definition of Product ID" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - relationships: [ - { - category: 'installed_on', - full_product_name: { - name: 'Product B', - product_id: 'CSAFPID-9080701', - }, - product_reference: 'CSAFPID-9080700', - relates_to_product_reference: 'CSAFPID-9080701', - }, - ], - }, - }, - }, - - // Fails "6.1.3 Circular Definition of Product ID" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-0001', - name: 'asd', - }, - ], - relationships: [ - { - full_product_name: { - name: 'asdf', - product_id: 'CSAFPID-0002', - }, - product_reference: 'CSAFPID-0001', - category: 'installed_on', - relates_to_product_reference: 'CSAFPID-0003', - }, - { - full_product_name: { - name: 'asdfg', - product_id: 'CSAFPID-0003', - }, - product_reference: 'CSAFPID-0001', - category: 'installed_on', - relates_to_product_reference: 'CSAFPID-0002', - }, - ], - }, - }, - }, - - // Fails "6.1.6 Contradicting Product Status" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - product_status: { - known_affected: ['CSAFPID-9080700'], - known_not_affected: ['CSAFPID-9080700'], - }, - }, - ], - }, - }, - - // Fails "6.1.9 Invalid CVSS computation" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.1', - vectorString: 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H', - baseScore: 10.0, - baseSeverity: 'MEDIUM', - }, - }, - ], - }, - ], - }, - }, - - // Fails "6.1.9 Invalid CVSS computation" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.1', - vectorString: 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H', - baseScore: 6.5, - baseSeverity: 'LOW', - }, - }, - ], - }, - ], - }, - }, - - // Fails "6.1.9 Invalid CVSS computation" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.1', - vectorString: 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H', - baseScore: 6.5, - baseSeverity: 'MEDIUM', - temporalScore: 10, - temporalSeverity: 'MEDIUM', - }, - }, - ], - }, - ], - }, - }, - - // Fails "6.1.9 Invalid CVSS computation" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.1', - vectorString: 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H', - baseScore: 6.5, - baseSeverity: 'MEDIUM', - temporalScore: 6.5, - temporalSeverity: 'LOW', - }, - }, - ], - }, - ], - }, - }, - - // Fails "6.1.9 Invalid CVSS computation" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.1', - vectorString: 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H', - baseScore: 6.5, - baseSeverity: 'MEDIUM', - temporalScore: 6.5, - temporalSeverity: 'MEDIUM', - environmentalScore: 10, - environmentalSeverity: 'MEDIUM', - }, - }, - ], - }, - ], - }, - }, - - // Fails "6.1.9 Invalid CVSS computation" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.1', - vectorString: 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H', - baseScore: 6.5, - baseSeverity: 'MEDIUM', - temporalScore: 6.5, - temporalSeverity: 'MEDIUM', - environmentalScore: 6.5, - environmentalSeverity: 'LOW', - }, - }, - ], - }, - ], - }, - }, - - // Skips "6.1.9 Invalid CVSS computation" - invalid v3 vector-string - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.1', - vectorString: 'CVSS:3.1/AV:_/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H', - baseScore: 6.5, - baseSeverity: 'MEDIUM', - temporalScore: 6.5, - temporalSeverity: 'MEDIUM', - environmentalScore: 6.5, - environmentalSeverity: 'LOW', - }, - }, - ], - }, - ], - }, - }, - - // Fails "6.1.9 Invalid CVSS computation" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v2: { - version: '2.0', - vectorString: 'AV:N/AC:L/Au:N/C:C/I:C/A:C', - baseScore: 5, - }, - }, - ], - }, - ], - }, - }, - - // Fails "6.1.9 Invalid CVSS computation" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v2: { - version: '2.0', - vectorString: 'AV:N/AC:L/Au:N/C:C/I:C/A:C', - baseScore: 10, - temporalScore: 5, - }, - }, - ], - }, - ], - }, - }, - - // Fails "6.1.9 Invalid CVSS computation" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v2: { - version: '2.0', - vectorString: 'AV:N/AC:L/Au:N/C:C/I:C/A:C', - baseScore: 10, - temporalScore: 10, - environmentalScore: 5, - }, - }, - ], - }, - ], - }, - }, - - // Skips "6.1.9 Invalid CVSS computation" - invalid v2 vector-string - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v2: { - version: '2.0', - vectorString: 'AV:_/AC:L/Au:N/C:C/I:C/A:C', - baseScore: 10, - temporalScore: 10, - environmentalScore: 5, - }, - }, - ], - }, - ], - }, - }, - - // Fails "6.1.10 Inconsistent CVSS" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.1', - vectorString: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H', - baseScore: 9.8, - baseSeverity: 'CRITICAL', - attackVector: 'LOCAL', - attackComplexity: 'LOW', - privilegesRequired: 'NONE', - userInteraction: 'NONE', - scope: 'CHANGED', - confidentialityImpact: 'HIGH', - integrityImpact: 'HIGH', - availabilityImpact: 'LOW', - }, - }, - ], - }, - ], - }, - }, - - // Fails "6.1.10 Inconsistent CVSS" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v2: { - version: '2.0', - vectorString: 'AV:N/AC:L/Au:N/C:C/I:C/A:C', - accessVector: 'LOCAL', - baseScore: 10, - }, - }, - ], - }, - ], - }, - }, - - // Fails "6.1.12 Language" - { - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - lang: 'EZ', - }, - }, - }, - - // Fails "6.1.12 Language" - { - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - source_lang: 'EZ', - }, - }, - }, - - // Fails "6.1.13 PURL" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - name: 'Product A', - product_id: 'CSAFPID-9080700', - product_identification_helper: { - purl: 'pkg:maven/@1.3.4', - }, - }, - ], - }, - }, - }, - - // Fails "6.1.13 PURL" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - relationships: [ - { - full_product_name: { - name: 'A', - product_id: 'CSAFPID-0001', - product_identification_helper: { - purl: 'pkg:maven/@1.3.4', - }, - }, - product_reference: 'CSAFPID-0001', - category: 'default_component_of', - relates_to_product_reference: 'CSAFPID-0001', - }, - ], - }, - }, - }, - - // Fails "6.1.13 PURL" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - branches: [ - { - category: 'architecture', - name: 'My branch', - product: { - product_id: 'CSAFPID-0001', - name: 'My branch', - product_identification_helper: { - purl: 'pkg:maven/@1.3.4', - }, - }, - }, - ], - }, - }, - }, - - // Fails "6.1.13 PURL" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - branches: [ - { - category: 'architecture', - name: 'My branch', - branches: [ - { - category: 'architecture', - name: 'My branch', - product: { - product_id: 'CSAFPID-0001', - name: 'My branch', - product_identification_helper: { - purl: 'pkg:maven/@1.3.4', - }, - }, - }, - ], - }, - ], - }, - }, - }, - - // Fails "6.1.14 Sorted Revision History" - { - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - date: '2021-07-22T10:00:00.000Z', - number: '2', - summary: 'Second version.', - }, - { - date: '2021-07-23T10:00:00.000Z', - number: '1', - summary: 'Initial version.', - }, - ], - version: '1', - }, - }, - }, - }, - - // Fails "6.1.16 Released Revision History" - { - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - number: '2', - date: '2021-01-14T00:00:00.000Z', - summary: 'Summary', - }, - ], - version: '1', - }, - }, - }, - }, - - { - title: 'Mandatory Test 6.1.16 ignores build metadata', - valid: true, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - number: '1.0.0+123', - date: '2021-01-14T00:00:00.000Z', - summary: 'Summary', - }, - ], - version: '1.0.0+234', - }, - }, - }, - }, - - { - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - number: '0.1.0', - date: '2021-01-14T00:00:00.000Z', - summary: 'Summary', - }, - ], - status: 'final', - version: '0.1.0', - }, - }, - }, - }, - - { - valid: true, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - number: '1.0.0', - date: '2021-01-14T00:00:00.000Z', - summary: 'Initial version', - }, - ], - status: 'draft', - version: '1.0.0-alpha+123', - }, - }, - }, - }, - - // Fails "6.1.7 Multiple Scores with same Version per Product" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.1', - vectorString: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H', - baseScore: 10, - baseSeverity: 'CRITICAL', - }, - }, - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.1', - vectorString: 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H', - baseScore: 6.5, - baseSeverity: 'MEDIUM', - }, - }, - ], - }, - ], - }, - }, - - // Fails "6.1.7 Multiple Scores with same Version per Product" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v2: { - version: '2.0', - vectorString: 'AV:N/AC:L/Au:N/C:C/I:C/A:C', - baseScore: 10, - }, - }, - { - products: ['CSAFPID-9080700'], - cvss_v2: { - version: '2.0', - vectorString: 'AV:N/AC:L/Au:S/C:P/I:P/A:P', - baseScore: 6.5, - }, - }, - ], - }, - ], - }, - }, - - // Passes "6.1.7 Multiple Scores with same Version per Product" - { - valid: true, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v2: { - version: '2.0', - vectorString: 'AV:N/AC:L/Au:N/C:C/I:C/A:C', - baseScore: 10, - }, - }, - ], - }, - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v2: { - version: '2.0', - vectorString: 'AV:N/AC:L/Au:N/C:C/I:C/A:C', - baseScore: 10, - }, - }, - ], - }, - ], - }, - }, - - // Passes "6.1.7 Multiple Scores with same Version per Product" - { - valid: true, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.1', - vectorString: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H', - baseScore: 10, - baseSeverity: 'CRITICAL', - }, - }, - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.0', - vectorString: 'CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H', - baseScore: 6.5, - baseSeverity: 'MEDIUM', - }, - }, - ], - }, - ], - }, - }, - - // Fails "6.1.15 Translator" - { - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - publisher: { - category: 'translator', - name: 'CSAF TC Translator', - namespace: 'https://csaf.io/translator', - }, - }, - }, - }, - - // Fails "6.1.18 Released Revision History" - { - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - date: '2021-05-17T10:00:00.000Z', - number: '0', - summary: 'First draft', - }, - { - date: '2021-07-21T10:00:00.000Z', - number: '1', - summary: 'Initial version.', - }, - ], - status: 'final', - version: '1', - }, - }, - }, - }, - - // Fails "6.1.18 Released Revision History" - { - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - date: '2021-05-17T10:00:00.000Z', - number: '0.1.0', - summary: 'First draft', - }, - { - date: '2021-07-21T10:00:00.000Z', - number: '1.0.0', - summary: 'Initial version.', - }, - ], - status: 'final', - version: '1.0.0', - }, - }, - }, - }, - - // Fails "6.1.18 Released Revision History" - { - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - date: '2021-05-17T10:00:00.000Z', - number: '0', - summary: 'First draft', - }, - { - date: '2021-07-21T10:00:00.000Z', - number: '1', - summary: 'Initial version.', - }, - ], - status: 'interim', - version: '1', - }, - }, - }, - }, - - // Fails "6.1.19 Revision History Entries for Pre-release Versions" - { - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - date: '2021-04-23T10:00:00.000Z', - number: '1.0.0-rc', - summary: 'Release Candidate for initial version.', - }, - { - date: '2021-04-23T11:00:00.000Z', - number: '1.0.0', - summary: 'Initial version.', - }, - ], - version: '1.0.0', - status: 'draft', - }, - }, - }, - }, - - // Fails "6.1.20 Non-draft Document Version" - { - title: 'Mandatory test 6.1.20 detects non-draft document version (final)', - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - date: '2021-04-23T10:00:00.000Z', - number: '1.0.0-rc', - summary: 'Release Candidate for initial version.', - }, - ], - version: '1.0.0-rc', - status: 'final', - }, - }, - }, - expectedNumberOfErrors: 3, - }, - - // Fails "6.1.20 Non-draft Document Version" - { - title: 'Mandatory test 6.1.20 detects non-draft document version (interim)', - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - date: '2021-04-23T10:00:00.000Z', - number: '1.0.0-rc', - summary: 'Release Candidate for initial version.', - }, - ], - version: '1.0.0-rc', - status: 'interim', - }, - }, - }, - expectedNumberOfErrors: 3, - }, - - // Fails "6.1.21 Missing Item in Revision History" - { - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - date: '2021-04-22T10:00:00.000Z', - number: '1', - summary: 'Initial version.', - }, - { - date: '2021-07-21T10:00:00.000Z', - number: '3', - summary: 'Some other changes.', - }, - ], - status: 'final', - version: '3', - }, - }, - }, - }, - - { - title: - 'Mandatory Test 6.1.21 detects invalid first revision history number', - valid: false, - expectedNumberOfErrors: 1, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - date: '2021-04-22T10:00:00.000Z', - number: '2', - summary: 'Initial version.', - }, - { - date: '2021-07-21T10:00:00.000Z', - number: '3', - summary: 'Some other changes.', - }, - ], - status: 'final', - version: '3', - }, - }, - }, - }, - - // Fails "6.1.22 Multiple Definition in Revision History" - { - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - date: '2021-07-20T10:00:00.000Z', - number: '1', - summary: 'Initial version.', - }, - { - date: '2021-07-21T10:00:00.000Z', - number: '1', - summary: 'Some other changes.', - }, - ], - version: '1', - }, - }, - }, - }, - - // Fails "6.1.22 Multiple Definition in Revision History" - { - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - date: '2021-07-20T10:00:00.000Z', - number: '1.0.0', - summary: 'Initial version.', - }, - { - date: '2021-07-21T10:00:00.000Z', - number: '1.0.0', - summary: 'Some other changes.', - }, - ], - version: '1.0.0', - }, - }, - }, - }, - - // Fails "6.1.23 Multiple Use of Same CVE" - { - valid: false, - content: { - ...minimalDoc, - vulnerabilities: [ - { - cve: 'CVE-2017-0145', - }, - { - cve: 'CVE-2017-0145', - }, - ], - }, - }, - - // Fails "6.1.24 Definition in Involvements" - { - valid: false, - content: { - ...minimalDoc, - vulnerabilities: [ - { - involvements: [ - { - date: '2021-04-23T10:00:00.000Z', - party: 'vendor', - status: 'in_progress', - }, - { - date: '2021-04-23T10:00:00.000Z', - party: 'vendor', - status: 'in_progress', - summary: - 'The vendor has released a mitigation and is working to fully resolve the issue.', - }, - ], - }, - ], - }, - }, - - // Fails "6.1.25 Multiple Use of Same Hash Algorithm" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - name: 'Product A', - product_id: 'CSAFPID-9080700', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '026a37919b182ef7c63791e82c9645e2f897a3f0b73c7a6028c7febf62e93838', - }, - { - algorithm: 'sha256', - value: - '0a853ce2337f0608489ac596a308dc5b7b19d35a52b10bf31261586ac368b175', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - }, - }, - }, - - // Fails "6.1.25 Multiple Use of Same Hash Algorithm" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - relationships: [ - { - full_product_name: { - name: 'A', - product_id: 'CSAFPID-0001', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: '12312312312312312312312312312312', - }, - { - algorithm: 'sha256', - value: '12312312312312312312312312312312', - }, - ], - filename: 'my-hash.a', - }, - ], - }, - }, - product_reference: 'CSAFPID-0001', - category: 'default_component_of', - relates_to_product_reference: 'CSAFPID-0001', - }, - ], - }, - }, - }, - - // Fails "6.1.25 Multiple Use of Same Hash Algorithm" - { - valid: false, - content: { - ...minimalDoc, - product_tree: { - branches: [ - { - category: 'architecture', - name: 'My branch', - product: { - product_id: 'CSAFPID-0001', - name: 'My branch', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: '12312312312312312312312312312312', - }, - { - algorithm: 'sha256', - value: '12312312312312312312312312312312', - }, - ], - filename: 'my_hash.a', - }, - ], - }, - }, - }, - ], - }, - }, - }, - - // Fails "6.1.25 Multiple Use of Same Hash Algorithm" - { - title: 'Fails 6.1.25 Multiple Use of Same Hash Algorithm', - valid: false, - content: { - ...minimalDoc, - product_tree: { - branches: [ - { - category: 'architecture', - name: 'My branch', - branches: [ - { - category: 'architecture', - name: 'My branch', - product: { - product_id: 'CSAFPID-0001', - name: 'My branch', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: '12312312312312312312312312312312', - }, - { - algorithm: 'sha256', - value: '12312312312312312312312312312312', - }, - ], - filename: 'my_hash.a', - }, - ], - }, - }, - }, - ], - }, - ], - }, - }, - }, - - // Fails "6.1.26 Prohibited Document Category Name" - ...[ - 'Csaf_a', - 'Security_Incident_Response', - 'Informational Advisory', - 'security-incident-response', - 'Security Advisory', - 'veX', - 'V_ex', - 'V___eX', - 'Informational - Advisory', - 'security-_ incident-response', - 'Security\tAdvisory', - 'Security\nAdvisory', - 'Security\rAdvisory', - ].map((category) => ({ - title: `Fails "6.1.26 Prohibited Document Category Name" (category "${category}")`, - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - category, - }, - }, - })), - - // Succeeds "6.1.26 Prohibited Document Category Name" - ...[ - 'CSAF Base', - 'csaf_base', - // 'csaf_security_incident_response', - // 'csaf_informational_advisory', - // 'csaf_security_advisory', - // 'csaf_vex', - 'Example Company Security Advisory', - 'CSAF Security Notice', - ].map((category) => ({ - title: `Succeeds "6.1.26 Prohibited Document Category Name" (category "${category}")`, - valid: true, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - category, - }, - }, - })), - - // Fails "6.1.27.9 Impact Statement" - { - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - category: 'csaf_vex', - }, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - { - product_id: 'CSAFPID-9080701', - name: 'Product B', - }, - { - product_id: 'CSAFPID-9080702', - name: 'Product C', - }, - ], - product_groups: [ - { - group_id: 'CSAFGID-0001', - product_ids: ['CSAFPID-9080700', 'CSAFPID-9080701'], - }, - ], - }, - vulnerabilities: [ - { - product_status: { - known_not_affected: [ - 'CSAFPID-9080700', - 'CSAFPID-9080701', - 'CSAFPID-9080702', - ], - }, - threats: [ - { - category: 'impact', - details: 'The vulnerable code is not present in these products.', - group_ids: ['CSAFGID-0001'], - }, - ], - }, - ], - }, - }, - - { - title: 'Fails "6.1.27.9 Impact Statement"', - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - category: 'csaf_vex', - }, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - { - product_id: 'CSAFPID-9080701', - name: 'Product B', - }, - { - product_id: 'CSAFPID-9080702', - name: 'Product C', - }, - ], - product_groups: [ - { - group_id: 'CSAFGID-0001', - product_ids: ['CSAFPID-9080700', 'CSAFPID-9080701'], - }, - ], - }, - vulnerabilities: [ - { - product_status: { - known_not_affected: [ - 'CSAFPID-9080700', - 'CSAFPID-9080701', - 'CSAFPID-9080702', - ], - }, - threats: [ - { - category: 'impact', - details: 'The vulnerable code is not present in these products.', - product_ids: ['CSAFPID-9080700', 'CSAFPID-9080702'], - }, - ], - }, - ], - }, - }, - - { - title: 'Fails "6.1.27.10 Action Statement"', - valid: false, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - category: 'csaf_vex', - }, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - { - product_id: 'CSAFPID-9080701', - name: 'Product B', - }, - { - product_id: 'CSAFPID-9080702', - name: 'Product C', - }, - ], - product_groups: [ - { - group_id: 'CSAFGID-0001', - product_ids: ['CSAFPID-9080700', 'CSAFPID-9080701'], - summary: 'EOL products', - }, - ], - }, - vulnerabilities: [ - { - product_status: { - known_affected: [ - 'CSAFPID-9080700', - 'CSAFPID-9080701', - 'CSAFPID-9080702', - ], - }, - remediations: [ - { - category: 'no_fix_planned', - details: - 'These products are end-of-life. Therefore, no fix will be provided.', - group_ids: ['CSAFGID-0001'], - }, - ], - }, - ], - }, - }, - - { - title: 'Minimal security_incident_response document is valid', - valid: true, - content: minimalSecurityIncidentResponseDoc, - }, - - { - title: 'Minimal informational_advisory document is valid', - valid: true, - content: minimalInformationalAdvisoryDoc, - }, - - { - title: 'Minimal security_advisory document is valid', - valid: true, - content: minimalSecurityAdvisoryDoc, - }, - - { - title: 'Minimal vex document is valid', - valid: true, - content: minimalVexDoc, - }, - - ...[minimalSecurityIncidentResponseDoc, minimalInformationalAdvisoryDoc].map( - (doc) => ({ - title: `Fails "6.1.27.1 Document Notes" (category "${doc.document.category}")`, - valid: false, - content: { - ...doc, - document: { - ...doc.document, - notes: [ - { - category: 'legal_disclaimer', - text: 'The CSAF document is provided to You "AS IS" and "AS AVAILABLE" and with all faults and defects without warranty of any kind.', - title: 'Terms of Use', - }, - ], - }, - }, - }) - ), - - ...[minimalSecurityIncidentResponseDoc, minimalInformationalAdvisoryDoc].map( - (doc) => ({ - title: `Fails "6.1.27.2 Document References" (category "${doc.document.category}")`, - valid: false, - content: { - ...doc, - document: { - ...doc.document, - references: [ - { - category: 'self', - summary: 'The canonical URL.', - url: 'https://example.com/security/data/csaf/2021/OASIS_CSAF_TC-CSAF_2_0-2021-6-1-27-02-01.json', - }, - ], - }, - }, - }) - ), - - { - title: `Fails "6.1.27.3 Vulnerabilities"`, - valid: false, - content: { - ...minimalInformationalAdvisoryDoc, - document: { - ...minimalInformationalAdvisoryDoc.document, - }, - vulnerabilities: [ - { - title: 'A vulnerability item that SHALL NOT exist', - }, - ], - }, - }, - - ...[minimalSecurityAdvisoryDoc, minimalVexDoc].map((doc) => ({ - title: `Fails "6.1.27.4 Product Tree" (category "${doc.document.category}")`, - valid: false, - expectedNumberOfErrors: 2, - content: { - ...doc, - product_tree: undefined, - }, - })), - - ...[minimalSecurityAdvisoryDoc, minimalVexDoc].map((doc) => ({ - title: `Fails "6.1.27.5 Vulnerability Notes" (category "${doc.document.category}")`, - valid: false, - expectedNumberOfErrors: 1, - content: { - ...doc, - vulnerabilities: [ - { - title: 'A vulnerability item without a note', - product_status: { - fixed: ['CSAFPID-0001'], - }, - ...(doc === minimalVexDoc - ? { - ids: [ - { - system_name: 'GitHub Issue', - text: 'oasis-tcs/csaf#210', - }, - ], - } - : {}), - }, - ], - }, - })), - - { - title: `Fails "6.1.27.6 Product Status"`, - valid: false, - content: { - ...minimalSecurityAdvisoryDoc, - vulnerabilities: [ - { - title: 'A vulnerability item without a product status', - notes: [ - { - category: 'description', - text: 'My note', - }, - ], - }, - ], - }, - }, - - { - title: `Fails "6.1.27.7 VEX Product Status" (product_status attribute is missing)`, - valid: false, - expectedNumberOfErrors: 1, - content: { - ...minimalVexDoc, - vulnerabilities: [ - { - title: 'A vulnerability item with invalid product_status', - notes: [ - { - category: 'description', - text: 'My note', - }, - ], - ids: [ - { - system_name: 'GitHub Issue', - text: 'oasis-tcs/csaf#210', - }, - ], - }, - ], - }, - }, - - { - title: `Fails "6.1.27.7 VEX Product Status"`, - valid: false, - expectedNumberOfErrors: 1, - content: { - ...minimalVexDoc, - vulnerabilities: [ - { - title: 'A vulnerability item with invalid product_status', - notes: [ - { - category: 'description', - text: 'My note', - }, - ], - ids: [ - { - system_name: 'GitHub Issue', - text: 'oasis-tcs/csaf#210', - }, - ], - product_status: { - first_fixed: ['CSAFPID-0001'], - recommended: ['CSAFPID-0001'], - }, - }, - ], - }, - }, - - { - title: `Fails "6.1.27.8 Vulnerability ID"`, - valid: false, - expectedNumberOfErrors: 1, - content: { - ...minimalVexDoc, - vulnerabilities: [ - { - title: 'A vulnerability item with missing cve and id', - notes: [ - { - category: 'description', - text: 'My note', - }, - ], - product_status: { - fixed: ['CSAFPID-0001'], - }, - }, - ], - }, - }, - - ...[minimalSecurityAdvisoryDoc, minimalVexDoc].map((doc) => ({ - title: `Fails "6.1.27.11 Vulnerabilities" (category "${doc.document.category}")`, - valid: false, - expectedNumberOfErrors: 1, - content: { - ...doc, - vulnerabilities: undefined, - }, - })), - - { - title: 'Mandatory Test 6.1.28 detects same source_lang and lang', - valid: false, - expectedNumberOfErrors: 2, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - lang: 'en-US', - source_lang: 'en-US', - }, - }, - }, - - { - title: - 'Mandatory Test 6.1.29 detects remediation without group_ids and product_ids', - valid: false, - expectedNumberOfErrors: 1, - content: { - ...minimalDoc, - vulnerabilities: [ - { - remediations: [ - { - category: 'no_fix_planned', - details: - 'These products are end-of-life. Therefore, no fix will be provided.', - }, - ], - }, - ], - }, - }, - - { - title: 'Mandatory Test 6.1.30 detects integer and semantic versioning', - valid: false, - expectedNumberOfErrors: 2, - content: { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - date: '2021-07-21T09:00:00.000Z', - number: '1.0.0', - summary: 'Initial version.', - }, - { - date: '2021-07-21T10:00:00.000Z', - number: '2', - summary: 'Second version.', - }, - ], - version: '2', - }, - }, - }, - }, - - { - title: 'Mandatory Test 6.1.31 detects version range in product version', - valid: false, - expectedNumberOfErrors: 1, - content: { - ...minimalDoc, - product_tree: { - branches: [ - { - category: 'product_version', - name: 'prior to 4.2', - product: { - product_id: 'CSAFPID-0001', - name: 'Some sample product', - }, - }, - ], - }, - }, - }, - - { - title: - 'Mandatory Test 6.1.31 detects version range in product version (deep in tree)', - valid: false, - expectedNumberOfErrors: 2, - content: { - ...minimalDoc, - product_tree: { - branches: [ - { - category: 'product_version', - name: 'later than 3.0', - branches: [ - { - category: 'product_version', - name: 'prior to 4.2', - product: { - product_id: 'CSAFPID-0002', - name: 'Some other sample product', - }, - }, - ], - }, - ], - }, - }, - }, - - { - title: 'Mandatory Test 6.1.32 detects flag without product reference', - valid: false, - expectedNumberOfErrors: 1, - content: { - ...minimalDoc, - vulnerabilities: [ - { - flags: [ - { - label: 'component_not_present', - }, - ], - }, - ], - }, - }, - - { - title: - 'Mandatory Test 6.1.33 detects multiple flags with vex justification codes per product', - valid: false, - expectedNumberOfErrors: 1, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - { - product_id: 'CSAFPID-9080701', - name: 'Product B', - }, - ], - product_groups: [ - { - group_id: 'CSAFGID-0001', - product_ids: ['CSAFPID-9080700', 'CSAFPID-9080701'], - }, - ], - }, - vulnerabilities: [ - { - flags: [ - { - label: 'component_not_present', - group_ids: ['CSAFGID-0001'], - }, - { - label: 'vulnerable_code_cannot_be_controlled_by_adversary', - product_ids: ['CSAFPID-9080700'], - }, - ], - product_status: { - known_not_affected: ['CSAFPID-9080700', 'CSAFPID-9080701'], - }, - }, - ], - }, - }, - - { - title: - 'Mandatory Test 6.1.33 detects multiple flags with vex justification codes per product (multiple groups)', - valid: false, - expectedNumberOfErrors: 2, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - { - product_id: 'CSAFPID-9080701', - name: 'Product B', - }, - ], - product_groups: [ - { - group_id: 'CSAFGID-0001', - product_ids: ['CSAFPID-9080700', 'CSAFPID-9080701'], - }, - { - group_id: 'CSAFGID-0002', - product_ids: ['CSAFPID-9080700', 'CSAFPID-9080701'], - }, - ], - }, - vulnerabilities: [ - { - flags: [ - { - label: 'component_not_present', - group_ids: ['CSAFGID-0001'], - }, - { - label: 'component_not_present', - group_ids: ['CSAFGID-0002'], - }, - { - label: 'vulnerable_code_cannot_be_controlled_by_adversary', - product_ids: ['CSAFPID-9080700', 'CSAFPID-9080701'], - }, - ], - product_status: { - known_not_affected: ['CSAFPID-9080700', 'CSAFPID-9080701'], - }, - }, - ], - }, - }, - - { - title: - 'Mandatory Test 6.1.33 does not evaluate multiple flags across vulnerabilities', - valid: true, - content: { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - { - product_id: 'CSAFPID-9080701', - name: 'Product B', - }, - ], - product_groups: [ - { - group_id: 'CSAFGID-0001', - product_ids: ['CSAFPID-9080700', 'CSAFPID-9080701'], - }, - ], - }, - vulnerabilities: [ - { - cve: 'CVE-2017-0145', - flags: [ - { - label: 'component_not_present', - group_ids: ['CSAFGID-0001'], - }, - ], - product_status: { - known_not_affected: ['CSAFPID-9080700', 'CSAFPID-9080701'], - }, - }, - { - cve: 'CVE-2020-44228', - flags: [ - { - label: 'vulnerable_code_cannot_be_controlled_by_adversary', - product_ids: ['CSAFPID-9080700'], - }, - ], - product_status: { - known_not_affected: ['CSAFPID-9080700'], - }, - }, - ], - }, - }, -]) diff --git a/csaf-validator-lib/tests/all/informativeTests.js b/csaf-validator-lib/tests/all/informativeTests.js deleted file mode 100644 index e83c869..0000000 --- a/csaf-validator-lib/tests/all/informativeTests.js +++ /dev/null @@ -1,718 +0,0 @@ -import { MockAgent } from 'undici' -import sortObjectKeys from '../../lib/shared/sortObjectKeys.js' -import minimalDoc from '../shared/minimalCSAFBaseDoc.js' - -function mockAgent() { - const mockAgent = new MockAgent() - mockAgent.disableNetConnect() - - mockAgent - .get('https://example.com') - .intercept({ - method: 'HEAD', - path: '/security/data/csaf/2021/my-thing-_10.json', - }) - .reply(200, 'Found') - - mockAgent - .get('https://github.com') - .intercept({ method: 'HEAD', path: '/secvisogram/secvisogram' }) - .reply(200, 'Found') - - return mockAgent -} - -export default [ - { - title: - 'Informative test 6.3.1 detects use of cvss v2 as the only scoring system', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - }, - vulnerabilities: [ - { - cve: 'CVE-1234-4321', - cwe: { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - }, - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v2: { - version: '2.0', - vectorString: 'AV:N/AC:L/Au:N/C:C/I:C/A:C', - baseScore: 10, - }, - }, - ], - }, - ], - }), - mockAgent, - expectedNumberOfInfos: 1, - }, - - { - title: 'Informative test 6.3.2 detects use of cvss v3.0', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - }, - vulnerabilities: [ - { - cve: 'CVE-1234-4321', - cwe: { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - }, - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.0', - vectorString: 'CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H', - baseScore: 6.5, - baseSeverity: 'MEDIUM', - }, - }, - ], - }, - ], - }), - mockAgent, - expectedNumberOfInfos: 1, - }, - - { - title: 'Informative test 6.3.3 detects missing cve', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - vulnerabilities: [ - { - title: 'BlueKeep', - cwe: { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - }, - }, - ], - }), - mockAgent, - expectedNumberOfInfos: 1, - }, - - { - title: 'Informative test 6.3.3 detects missing cwe', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - vulnerabilities: [ - { - cve: 'CVE-2019-0708', - title: 'BlueKeep', - }, - ], - }), - mockAgent, - expectedNumberOfInfos: 1, - }, - - { - title: 'Informative test 6.3.5 detects use of short hash', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - name: 'Product A', - product_id: 'CSAFPID-9080700', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'md4', - value: '3202b50e2e5b2fcd75e284c3d9d5f8d6', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - relationships: [ - { - full_product_name: { - name: 'Foo', - product_id: 'CSAFPID-0001', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - product_reference: 'CSAFPID-9080700', - category: 'default_component_of', - relates_to_product_reference: 'CSAFPID-9080700', - }, - ], - }, - vulnerabilities: [ - { - cve: 'CVE-2019-0708', - cwe: { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - }, - product_status: { - recommended: ['CSAFPID-0001'], - }, - }, - ], - }), - mockAgent, - expectedNumberOfInfos: 1, - }, - - { - title: - 'Informative test 6.3.6 detects use of non-self referencing urls failing to resolve', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - document: { - ...minimalDoc.document, - references: [ - ...minimalDoc.document.references, - { - summary: - 'A URL that does not resolve with HTTP status code in the interval between (including) 200 and (excluding) 400.', - url: 'https://example.invalid', - }, - ], - acknowledgments: [ - { - urls: ['https://example.invalid'], - }, - ], - aggregate_severity: { - text: 'Moderate', - namespace: 'https://example.invalid', - }, - distribution: { - tlp: { - label: 'RED', - url: 'https://example.invalid', - }, - }, - publisher: { - category: 'vendor', - name: 'Example PUB', - namespace: 'https://example.invalid', - }, - }, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-0001', - name: 'Some sample product', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - sbom_urls: ['https://example.invalid'], - x_generic_uris: [ - { - namespace: 'https://example.invalid', - uri: 'https://example.invalid', - }, - ], - }, - }, - ], - branches: [ - { - name: 'my branch', - category: 'vendor', - branches: [ - { - name: 'Product Name', - category: 'product_name', - branches: [ - { - name: 'Product Version', - category: 'product_version', - branches: [ - { - name: 'my branch', - category: 'architecture', - product: { - name: 'Product A', - product_id: 'CSAFPID-9080700', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - sbom_urls: ['https://example.invalid'], - x_generic_uris: [ - { - namespace: 'https://example.invalid', - uri: 'https://example.invalid', - }, - ], - }, - }, - }, - ], - }, - ], - }, - ], - }, - ], - relationships: [ - { - full_product_name: { - name: 'Foo', - product_id: 'CSAFPID-0002', - product_identification_helper: { - sbom_urls: ['https://example.invalid'], - x_generic_uris: [ - { - namespace: 'https://example.invalid', - uri: 'https://example.invalid', - }, - ], - }, - }, - product_reference: 'CSAFPID-0001', - category: 'optional_component_of', - relates_to_product_reference: 'CSAFPID-9080700', - }, - ], - }, - vulnerabilities: [ - { - product_status: { - fixed: ['CSAFPID-0001'], - }, - cve: 'CVE-1111-11111', - cwe: { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - }, - }, - { - product_status: { - fixed: ['CSAFPID-0002'], - }, - cve: 'CVE-1111-22222', - cwe: { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - }, - acknowledgments: [ - { - urls: ['https://example.invalid'], - }, - ], - references: [ - { - summary: 'Some reference', - url: 'https://example.invalid', - category: 'external', - }, - ], - remediations: [ - { - category: 'workaround', - details: 'Some remediation', - product_ids: ['CSAFPID-0001'], - url: 'https://example.invalid', - }, - ], - }, - ], - }), - mockAgent() { - const m = mockAgent() - - for (let i = 0; i < 17; ++i) { - m.get('https://example.invalid') - .intercept({ method: 'HEAD', path: '/' }) - .reply(404, 'Not Found') - } - - return m - }, - expectedNumberOfInfos: 17, - }, - - { - title: 'Informative test 6.3.6 accepts 302 redirect', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - document: { - ...minimalDoc.document, - references: [ - ...minimalDoc.document.references, - { - summary: - 'A URL that does not resolve with HTTP status code in the interval between (including) 200 and (excluding) 400.', - url: 'https://example.valid', - }, - ], - }, - }), - mockAgent() { - const m = mockAgent() - - m.get('https://example.valid') - .intercept({ method: 'HEAD', path: '/' }) - .reply(302, 'Found') - - return m - }, - expectedNumberOfInfos: 0, - }, - - { - title: 'Informative test 6.3.6 catches network errors', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - document: { - ...minimalDoc.document, - references: [ - ...minimalDoc.document.references, - { - summary: - 'A URL that does not resolve with HTTP status code in the interval between (including) 200 and (excluding) 400.', - url: 'https://example.invalid', - }, - ], - }, - }), - mockAgent, - expectedNumberOfInfos: 1, - }, - - { - title: - 'Informative test 6.3.7 detects use of self referencing urls failing to resolve', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - document: { - ...minimalDoc.document, - references: [ - { - category: 'self', - summary: 'A non-canonical URL.', - url: 'https://example.com/security/data/csaf/2021/my-thing-_11.json', - }, - ], - tracking: { - ...minimalDoc.document.tracking, - id: 'My-Thing-.11', - }, - }, - vulnerabilities: [ - { - cve: 'CVE-1111-11111', - cwe: { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - }, - references: [ - { - summary: 'A self reference', - category: 'self', - url: 'https://example.com/security/data/csaf/2021/my-thing-_11.json', - }, - ], - }, - ], - }), - mockAgent() { - const m = mockAgent() - - for (let i = 0; i < 2; ++i) { - m.get('https://example.com') - .intercept({ - method: 'HEAD', - path: '/security/data/csaf/2021/my-thing-_11.json', - }) - .reply(404, 'Not Found') - } - - return m - }, - expectedNumberOfInfos: 2, - }, - - { - title: 'Informative test 6.3.7 accepts 302 redirect', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - document: { - ...minimalDoc.document, - references: [ - { - category: 'self', - summary: 'A non-canonical URL.', - url: 'https://example.com/security/data/csaf/2021/my-thing-_10.json', - }, - ], - tracking: { - ...minimalDoc.document.tracking, - id: 'My-Thing-.10', - }, - }, - }), - mockAgent() { - const m = mockAgent() - - m.get('https://example.com') - .intercept({ - method: 'HEAD', - path: '/security/data/csaf/2021/my-thing-_10.json', - }) - .reply(302, 'Found') - - return m - }, - expectedNumberOfInfos: 0, - }, - - { - title: 'Informative test 6.3.7 catches network errors', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - document: { - ...minimalDoc.document, - references: [ - { - category: 'self', - summary: 'A non-canonical URL.', - url: 'https://example.invalid/security/data/csaf/2021/my-thing-_10.json', - }, - ], - tracking: { - ...minimalDoc.document.tracking, - id: 'My-Thing-.10', - }, - }, - }), - mockAgent, - expectedNumberOfInfos: 1, - }, - - { - title: 'Informative test 6.3.10 detects usage of product version range', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - branches: [ - { - name: 'Vendor', - category: 'vendor', - branches: [ - { - name: 'Product Name', - category: 'product_name', - branches: [ - { - name: 'Product Version', - category: 'product_version', - branches: [ - { - name: 'vers:a0/foo', - category: 'product_version_range', - product: { - name: 'Product A', - product_id: 'CSAFPID-9080700', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - }, - ], - }, - ], - }, - ], - }, - ], - }, - vulnerabilities: [ - { - cve: 'CVE-1111-11111', - cwe: { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - }, - notes: [ - { - category: 'description', - text: 'This is a sample note', - }, - ], - product_status: { - fixed: ['CSAFPID-9080700'], - }, - }, - ], - }), - mockAgent, - expectedNumberOfInfos: 1, - }, - - { - title: 'Informative test 6.3.11 detects usage of v as version indicator', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - branches: [ - { - name: 'Vendor', - category: 'vendor', - branches: [ - { - name: 'Product Name', - category: 'product_name', - branches: [ - { - name: 'Product Version', - category: 'product_version', - branches: [ - { - category: 'product_version', - name: 'v4.2', - product: { - name: 'Product A', - product_id: 'CSAFPID-9080700', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - }, - ], - }, - ], - }, - ], - }, - ], - }, - vulnerabilities: [ - { - cve: 'CVE-1111-11111', - cwe: { - id: 'CWE-1004', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - }, - notes: [ - { - category: 'description', - text: 'This is a sample note', - }, - ], - product_status: { - fixed: ['CSAFPID-9080700'], - }, - }, - ], - }), - mockAgent, - expectedNumberOfInfos: 1, - }, -] diff --git a/csaf-validator-lib/tests/all/optionalTests.js b/csaf-validator-lib/tests/all/optionalTests.js deleted file mode 100644 index 66a471d..0000000 --- a/csaf-validator-lib/tests/all/optionalTests.js +++ /dev/null @@ -1,1334 +0,0 @@ -import sortObjectKeys from '../../lib/shared/sortObjectKeys.js' -import minimalDoc from '../shared/minimalCSAFBaseDoc.js' -import minimalInformationalAdvisoryDoc from '../shared/minimalInformationalAdvisoryDoc.js' - -export default [ - { - title: 'Optional test 6.2.1 passes this one', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - product_groups: [ - { - group_id: 'CSAFGID-0001', - product_ids: ['CSAFPID-9080700', 'CSAFPID-0002'], - }, - ], - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - { - product_id: 'CSAFPID-0002', - name: 'Product B', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - }, - }), - expectedNumberOfWarnings: 0, - }, - - ...[ - { - title: 'full_product_names', - productTree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - }, - }, - { - title: 'relationships', - productTree: { - full_product_names: [ - { - product_id: 'CSAFPID-0003', - name: 'Product A', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - relationships: [ - { - full_product_name: { - name: 'Foo', - product_id: 'CSAFPID-9080700', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - product_reference: 'CSAFPID-0003', - category: 'default_component_of', - relates_to_product_reference: 'CSAFPID-0003', - }, - ], - }, - }, - { - title: 'branches', - productTree: { - branches: [ - { - name: 'my branch', - category: 'architecture', - product: { - name: 'Product A', - product_id: 'CSAFPID-9080700', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - }, - ], - }, - }, - ].flatMap(({ productTree, title }) => [ - { - title: `Optional test 6.2.1 detects unused definition of product id (${title})`, - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: productTree, - }), - expectedNumberOfWarnings: 1, - }, - - { - title: `Optional test 6.2.1 is skipped for informational advisory docs`, - content: sortObjectKeys(new Intl.Collator(), { - ...minimalInformationalAdvisoryDoc, - product_tree: productTree, - }), - expectedNumberOfWarnings: 0, - }, - - { - title: `Optional test 6.2.1 passes this one because of matching vulnerability (${title})`, - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: productTree, - vulnerabilities: [ - { - product_status: { - recommended: ['CSAFPID-9080700'], - }, - }, - ], - }), - expectedNumberOfWarnings: 0, - }, - - { - title: `Optional test 6.2.1 passes this one because of matching score (${title})`, - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: productTree, - vulnerabilities: [ - { - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.0', - baseScore: 9.8, - baseSeverity: 'CRITICAL', - vectorString: 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H', - }, - }, - ], - }, - ], - }), - expectedNumberOfWarnings: 0, - }, - - { - title: `Optional test 6.2.1 passes this one because of matching remediation (${title})`, - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: productTree, - vulnerabilities: [ - { - remediations: [ - { - product_ids: ['CSAFPID-9080700'], - category: 'none_available', - details: 'Some details', - }, - ], - }, - ], - }), - expectedNumberOfWarnings: 0, - }, - - { - title: `Optional test 6.2.1 passes this one because of matching threat (${title})`, - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: productTree, - vulnerabilities: [ - { - threats: [ - { - category: 'impact', - details: 'Some detail', - product_ids: ['CSAFPID-9080700'], - }, - ], - }, - ], - }), - expectedNumberOfWarnings: 0, - }, - ]), - - { - title: 'Optional test 6.2.2 detects unmatched last_affected entry', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - }, - vulnerabilities: [ - { - product_status: { - last_affected: ['CSAFPID-9080700'], - }, - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.0', - baseScore: 9.8, - baseSeverity: 'CRITICAL', - vectorString: 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H', - }, - }, - ], - }, - ], - }), - expectedNumberOfWarnings: 1, - }, - - { - title: 'Optional test 6.2.2 accepts product_ids in remediation', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - }, - vulnerabilities: [ - { - product_status: { - last_affected: ['CSAFPID-9080700'], - }, - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.0', - baseScore: 9.8, - baseSeverity: 'CRITICAL', - vectorString: 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H', - }, - }, - ], - remediations: [ - { - product_ids: ['CSAFPID-9080700'], - category: 'none_available', - details: 'Some details', - }, - ], - }, - ], - }), - expectedNumberOfWarnings: 0, - }, - - { - title: 'Optional test 6.2.3 detects unmatched first_affected entry', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - }, - vulnerabilities: [ - { - product_status: { - first_affected: ['CSAFPID-9080700'], - }, - remediations: [ - { - product_ids: ['CSAFPID-9080700'], - category: 'none_available', - details: 'Some details', - }, - ], - }, - ], - }), - expectedNumberOfWarnings: 1, - }, - - { - title: 'Optional test 6.2.4 detects build metadata in revision history', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - version: '1.0.0+exp.sha.ac00785', - initial_release_date: '2021-04-23T10:00:00.000Z', - current_release_date: '2021-04-23T10:00:00.000Z', - revision_history: [ - { - date: '2021-04-23T10:00:00.000Z', - number: '1.0.0+exp.sha.ac00785', - summary: 'Initial version.', - }, - ], - }, - }, - }), - expectedNumberOfWarnings: 1, - }, - - { - title: - 'Optional test 6.2.5 detects older initial release date than revision history', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - version: '2', - initial_release_date: '2021-04-22T10:00:00.000Z', - current_release_date: '2021-07-21T11:00:00.000Z', - revision_history: [ - { - date: '2021-05-06T10:00:00.000Z', - number: '1', - summary: 'Initial version.', - }, - { - date: '2021-07-21T11:00:00.000Z', - number: '2', - summary: 'Second version.', - }, - ], - }, - }, - }), - expectedNumberOfWarnings: 1, - }, - - { - title: - 'Optional test 6.2.6 detects older current release date than revision history', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - version: '2', - initial_release_date: '2021-04-22T10:00:00.000Z', - current_release_date: '2021-07-21T11:00:00.000Z', - revision_history: [ - { - date: '2021-05-06T10:00:00.000Z', - number: '1', - summary: 'Initial version.', - }, - { - date: '2021-07-21T11:00:00.000Z', - number: '2', - summary: 'Second version.', - }, - ], - }, - }, - }), - expectedNumberOfWarnings: 1, - }, - - { - title: 'Optional test 6.2.7 detects missing date in involvements', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - vulnerabilities: [ - { - involvements: [ - { - party: 'vendor', - status: 'in_progress', - }, - ], - }, - ], - }), - expectedNumberOfWarnings: 1, - }, - - { - title: - 'Optional test 6.2.8 detects use of md5 as the only hash algorithm in product_tree/full_product_names', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - name: 'Product A', - product_id: 'CSAFPID-9080700', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'md5', - value: '6ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - relationships: [ - { - full_product_name: { - name: 'Foo', - product_id: 'CSAFPID-0002', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - product_reference: 'CSAFPID-9080700', - category: 'default_component_of', - relates_to_product_reference: 'CSAFPID-9080700', - }, - ], - }, - vulnerabilities: [ - { - product_status: { - recommended: ['CSAFPID-0002'], - }, - }, - ], - }), - expectedNumberOfWarnings: 1, - }, - - { - title: - 'Optional test 6.2.8 detects use of md5 as the only hash algorithm in product_tree/branches', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - branches: [ - { - name: 'my branch', - category: 'architecture', - product: { - name: 'Product A', - product_id: 'CSAFPID-9080700', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'md5', - value: '6ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - }, - ], - }, - vulnerabilities: [ - { - product_status: { - recommended: ['CSAFPID-9080700'], - }, - }, - ], - }), - expectedNumberOfWarnings: 1, - }, - - { - title: - 'Optional test 6.2.8 detects use of md5 as the only hash algorithm in product_tree/branches[]/branches', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - branches: [ - { - name: 'my branch', - category: 'architecture', - branches: [ - { - name: 'my branch 2', - category: 'architecture', - product: { - name: 'Product A', - product_id: 'CSAFPID-9080701', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'md5', - value: '6ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - }, - ], - }, - ], - }, - vulnerabilities: [ - { - product_status: { - recommended: ['CSAFPID-9080701'], - }, - }, - ], - }), - expectedNumberOfWarnings: 1, - }, - - { - title: - 'Optional test 6.2.8 detects use of md5 as the only hash algorithm in product_tree/relationships[]', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - name: 'Product A', - product_id: 'CSAFPID-9080701', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - relationships: [ - { - category: 'default_component_of', - product_reference: 'CSAFPID-9080701', - relates_to_product_reference: 'CSAFPID-9080701', - full_product_name: { - name: 'Product A', - product_id: 'CSAFPID-9080700', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'md5', - value: '6ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - }, - ], - }, - vulnerabilities: [ - { - product_status: { - recommended: ['CSAFPID-9080700'], - }, - }, - ], - }), - expectedNumberOfWarnings: 1, - }, - - { - title: - 'Optional test 6.2.9 detects use of sha1 as the only hash algorithm in product_tree/full_product_names', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - name: 'Product A', - product_id: 'CSAFPID-9080700', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha1', - value: '6ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - relationships: [ - { - full_product_name: { - name: 'Foo', - product_id: 'CSAFPID-0003', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - product_reference: 'CSAFPID-9080700', - category: 'default_component_of', - relates_to_product_reference: 'CSAFPID-9080700', - }, - ], - }, - vulnerabilities: [ - { - product_status: { - recommended: ['CSAFPID-0003'], - }, - }, - ], - }), - expectedNumberOfWarnings: 1, - }, - - { - title: - 'Optional test 6.2.9 detects use of sha1 as the only hash algorithm in product_tree/branches', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - branches: [ - { - name: 'my branch', - category: 'architecture', - product: { - name: 'Product A', - product_id: 'CSAFPID-9080700', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha1', - value: '6ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - }, - ], - }, - vulnerabilities: [ - { - product_status: { - recommended: ['CSAFPID-9080700'], - }, - }, - ], - }), - expectedNumberOfWarnings: 1, - }, - - { - title: - 'Optional test 6.2.9 detects use of sha1 as the only hash algorithm in product_tree/branches[]/branches', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - branches: [ - { - name: 'my branch', - category: 'architecture', - branches: [ - { - name: 'my branch 2', - category: 'architecture', - product: { - name: 'Product A', - product_id: 'CSAFPID-9080701', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha1', - value: '6ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - }, - ], - }, - ], - }, - vulnerabilities: [ - { - product_status: { - recommended: ['CSAFPID-9080701'], - }, - }, - ], - }), - expectedNumberOfWarnings: 1, - }, - - { - title: - 'Optional test 6.2.9 detects use of sha1 as the only hash algorithm in product_tree/relationships[]', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - name: 'Product A', - product_id: 'CSAFPID-9080701', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - relationships: [ - { - category: 'default_component_of', - product_reference: 'CSAFPID-9080701', - relates_to_product_reference: 'CSAFPID-9080701', - full_product_name: { - name: 'Product A', - product_id: 'CSAFPID-9080700', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha1', - value: '6ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - }, - ], - }, - vulnerabilities: [ - { - product_status: { - recommended: ['CSAFPID-9080700'], - }, - }, - ], - }), - expectedNumberOfWarnings: 1, - }, - - { - title: 'Optional test 6.2.10 detects missing tlp label', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - document: { - ...minimalDoc.document, - distribution: { - text: 'Distribute freely.', - }, - }, - }), - expectedNumberOfWarnings: 1, - }, - - { - title: 'Optional test 6.2.11 detects missing canonical url', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - document: { - ...minimalDoc.document, - references: [ - { - category: 'self', - summary: 'A non-canonical URL.', - url: 'https://example.com/security/data/csaf/2021/OASIS_CSAF_TC-CSAF_2.0-2021-6-2-11-01_1.json', - }, - ], - tracking: { - ...minimalDoc.document.tracking, - id: 'OASIS_CSAF_TC-CSAF_2.0-2021-6-2-11-01', - version: '1', - }, - }, - }), - expectedNumberOfWarnings: 1, - }, - - { - title: 'Optional test 6.2.12 detects missing document language', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - document: { - ...minimalDoc.document, - lang: undefined, - }, - }), - expectedNumberOfWarnings: 1, - }, - - { - title: 'Optional test 6.2.13 detects invalid sorting', - content: (() => { - const doc = { - ...minimalDoc, - document: { - ...minimalDoc.document, - csaf_version: '2.0', - category: 'generic_csaf', - }, - } - - // Is needed to wipe the position of entries - delete (/** @type {any} */ (doc.document).csaf_version) - delete (/** @type {any} */ (doc.document).category) - doc.document.csaf_version = '2.0' - doc.document.category = 'generic_csaf' - - return doc - })(), - expectedNumberOfWarnings: 1, - }, - - { - title: 'Optional test 6.2.14 detects use of private language (lang)', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - document: { - ...minimalDoc.document, - lang: 'qtx', - }, - }), - expectedNumberOfWarnings: 1, - }, - - { - title: 'Optional test 6.2.14 detects use of private language (source_lang)', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - document: { - ...minimalDoc.document, - source_lang: 'qtx', - }, - }), - expectedNumberOfWarnings: 1, - }, - - { - title: 'Optional test 6.2.15 detects use of default language (lang)', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - document: { - ...minimalDoc.document, - lang: 'i-default', - }, - }), - expectedNumberOfWarnings: 1, - }, - - { - title: 'Optional test 6.2.15 detects use of default language (source_lang)', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - document: { - ...minimalDoc.document, - source_lang: 'i-default', - }, - }), - expectedNumberOfWarnings: 1, - }, - - { - title: - 'Optional test 6.2.16 detects missing product identification helper (full_product_name)', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-0001', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - notes: [ - { - category: 'description', - text: 'This is a sample note', - }, - ], - product_status: { - fixed: ['CSAFPID-0001'], - }, - }, - ], - }), - expectedNumberOfWarnings: 1, - }, - - { - title: - 'Optional test 6.2.16 detects missing product identification helper (branches)', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - branches: [ - { - name: 'my branch', - category: 'architecture', - branches: [ - { - name: 'my branch 2', - category: 'architecture', - product: { - name: 'Product A', - product_id: 'CSAFPID-9080701', - }, - }, - ], - }, - ], - }, - vulnerabilities: [ - { - product_status: { - fixed: ['CSAFPID-9080701'], - }, - }, - ], - }), - expectedNumberOfWarnings: 1, - }, - - { - title: - 'Optional test 6.2.16 detects missing product identification helper (relationships)', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - name: 'Product A', - product_id: 'CSAFPID-9080701', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: '6ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - relationships: [ - { - category: 'default_component_of', - product_reference: 'CSAFPID-9080701', - relates_to_product_reference: 'CSAFPID-9080701', - full_product_name: { - name: 'Product A', - product_id: 'CSAFPID-9080700', - }, - }, - ], - }, - vulnerabilities: [ - { - product_status: { - fixed: ['CSAFPID-9080700'], - }, - }, - ], - }), - expectedNumberOfWarnings: 1, - }, - - { - title: 'Optional test 6.2.17 detects cve in field ids', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - vulnerabilities: [ - { - ids: [ - { - system_name: 'CVE Project', - text: 'CVE-2021-44228', - }, - ], - }, - ], - }), - expectedNumberOfWarnings: 1, - }, - - { - title: 'Optional test 6.2.18 detects product version range without vers', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - branches: [ - { - name: 'my branch', - category: 'architecture', - branches: [ - { - name: '>4.2', - category: 'product_version_range', - product: { - name: 'Product A', - product_id: 'CSAFPID-9080701', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: '6ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - }, - ], - }, - ], - }, - vulnerabilities: [ - { - notes: [ - { - category: 'description', - text: 'This is a sample note', - }, - ], - product_status: { - fixed: ['CSAFPID-9080701'], - }, - }, - ], - }), - expectedNumberOfWarnings: 1, - }, - - { - title: 'Optional test 6.2.19 detects cvss for fixed products', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: '6ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - }, - vulnerabilities: [ - { - product_status: { - fixed: ['CSAFPID-9080700'], - }, - scores: [ - { - cvss_v3: { - baseScore: 6.5, - baseSeverity: 'MEDIUM', - vectorString: 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H', - version: '3.1', - }, - products: ['CSAFPID-9080700'], - }, - ], - }, - ], - }), - expectedNumberOfWarnings: 1, - }, - - { - title: 'Optional test 6.2.19 detects cvss for fixed products', - content: sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: '6ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - }, - vulnerabilities: [ - { - product_status: { - fixed: ['CSAFPID-9080700'], - }, - scores: [ - { - cvss_v3: { - baseScore: 5.7, - baseSeverity: 'MEDIUM', - vectorString: - 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N/CR:L/IR:L/AR:L/MAV:P/MAC:H/MPR:H/MUI:N/MS:U/MC:N/MI:N/MA:H', - version: '3.1', - }, - products: ['CSAFPID-9080700'], - }, - ], - }, - ], - }), - expectedNumberOfWarnings: 1, - }, -] diff --git a/csaf-validator-lib/tests/all/schemaTests.js b/csaf-validator-lib/tests/all/schemaTests.js deleted file mode 100644 index 260047e..0000000 --- a/csaf-validator-lib/tests/all/schemaTests.js +++ /dev/null @@ -1,192 +0,0 @@ -import minimalCSAFBaseDoc from '../shared/minimalCSAFBaseDoc.js' -import valid1 from '../shared/valid-1.js' -import valid2 from '../shared/valid-2.js' - -const MINIMAL_DOC = minimalCSAFBaseDoc - -export default [ - { valid: true, content: valid1, strippedVersion: valid1 }, - { valid: true, content: valid2, strippedVersion: valid2 }, - { valid: false, content: {}, strippedVersion: {} }, - { - valid: false, - content: { - document: { - category: 'Test Report', - csaf_version: '2.0', - title: 'Minimal valid', - publisher: { - category: 'other', - name: 'Secvisogram Automated Tester', - namespace: 'https://github.com/secvisogram/secvisogram', - }, - tracking: { - current_release_date: '2021-01-14T00:00:00.000Z', - id: '1', - initial_release_date: '2021-01-14T00:00:00.000Z', - revision_history: [ - { - date: '2021-01-14T00:00:00.000Z', - summary: 'Summary', - }, - ], - status: 'draft', - version: '1', - }, - }, - }, - strippedVersion: {}, - }, - { - valid: true, - content: { - ...MINIMAL_DOC, - emptyAdditionalStringProp: '', - }, - strippedVersion: { - ...MINIMAL_DOC, - }, - }, - { - valid: false, - content: { - ...MINIMAL_DOC, - document: { - ...MINIMAL_DOC.document, - lang: 'XX', - }, - }, - strippedVersion: { - ...MINIMAL_DOC, - document: { - ...Object.fromEntries( - Object.entries(MINIMAL_DOC.document).filter(([key]) => key !== 'lang') - ), - }, - }, - }, - { - valid: false, - content: { - ...MINIMAL_DOC, - document: { - ...MINIMAL_DOC.document, - source_lang: 'XX', - }, - }, - strippedVersion: { - ...MINIMAL_DOC, - document: { - ...MINIMAL_DOC.document, - }, - }, - }, - { - valid: false, - content: { - ...MINIMAL_DOC, - vulnerabilities: [ - { - cwe: { - id: 'CWE-1005', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - }, - }, - ], - }, - strippedVersion: { - ...MINIMAL_DOC, - document: { - ...MINIMAL_DOC.document, - }, - }, - }, - { - valid: false, - content: { - ...MINIMAL_DOC, - vulnerabilities: [ - { - cwe: { - id: 'CWE-1007', - name: "Sensitive Cookie Without 'HttpOnly' Flag", - }, - }, - ], - }, - strippedVersion: { - ...MINIMAL_DOC, - document: { - ...MINIMAL_DOC.document, - }, - }, - }, - { - valid: false, - content: { - document: { - category: 'Test Report', - csaf_version: '2.0', - title: 'Minimal valid', - publisher: { - category: 'other', - name: 'Secvisogram Automated Tester', - namespace: 'https://github.com/secvisogram/secvisogram', - }, - tracking: { - current_release_date: '2021-01-14T00:00:00.000Z', - id: '1', - initial_release_date: '2021-01-14T00:00:00.000Z', - revision_history: [ - { - number: '1', - date: '2021-01-14T00:00:00.000Z', - summary: 'Summary', - }, - ], - status: 'draft', - version: '1', - }, - acknowledgments: [], - vulnerabilities: null, - someOtherProp: {}, - }, - }, - strippedVersion: { - document: { - category: 'Test Report', - csaf_version: '2.0', - title: 'Minimal valid', - publisher: { - category: 'other', - name: 'Secvisogram Automated Tester', - namespace: 'https://github.com/secvisogram/secvisogram', - }, - tracking: { - current_release_date: '2021-01-14T00:00:00.000Z', - id: '1', - initial_release_date: '2021-01-14T00:00:00.000Z', - revision_history: [ - { - number: '1', - date: '2021-01-14T00:00:00.000Z', - summary: 'Summary', - }, - ], - status: 'draft', - version: '1', - }, - }, - }, - }, - { - valid: false, - content: { - aggregate_severity: { - namespace: 'https://access.redhat.com/security/updates/classification/', - text: 'Moderate', - }, - }, - strippedVersion: {}, - }, -] diff --git a/csaf-validator-lib/tests/bcpLanguageTagChecker.js b/csaf-validator-lib/tests/bcpLanguageTagChecker.js deleted file mode 100644 index 13936c8..0000000 --- a/csaf-validator-lib/tests/bcpLanguageTagChecker.js +++ /dev/null @@ -1,65 +0,0 @@ -import chai from 'chai' -import bcpLanguageTagChecker, { - isPrivateLanguage, -} from '../lib/shared/bcpLanguageTagChecker.js' - -const { expect } = chai - -describe('bcpLanguageTagChecker', function () { - const correctLanguageTags = [ - 'aa-DE', - 'sjo-Sora-AN', - 'sjo-SoRa-AN', - 'sry-Visp', - 'tig-x-Y', - 'eo-arkaika', - 'de-1996', - 'i-DeFaULt', - 'de-Adlm-AD-1996', - 'qaa', - 'qaa-Qaaa', - 'qaa-Qaaa-QM', - 'az-baku1926', - 'ba-baku1926', - 'de-CH-1996', - 'pt-BR-abl1943', - 'ja-Latn-hepburn-heploc', - 'sl-rozaj-1994', - 'sl-rozaj-solba-1994', - 'sl-rozaj-biske-1994', - 'zh-gan', - ] - - correctLanguageTags.forEach((correctLanguageTag) => { - it(`"${correctLanguageTag}" is a valid language tag`, function () { - expect(bcpLanguageTagChecker(correctLanguageTag)).to.be.true - }) - }) - - const incorrectLanguageTags = [ - 'ez', - 'ads-aeb', - 'de-Adlm-AD-1694acad', - 'eo-arkaika-arkaika', - 'de-DE-1901-1901', - 'abx-u-mingo-u-mingo', - 'abx-i-mingo', - 'zh-gan-gan', - ] - - incorrectLanguageTags.forEach((incorrectLanguageTag) => { - it(`"${incorrectLanguageTag}" is not a valid language tag`, function () { - expect(bcpLanguageTagChecker(incorrectLanguageTag)).to.be.false - }) - }) - - describe('isPrivateLanguage()', function () { - const privateUseLanguages = ['qaa', 'qtx', 'qtz'] - - privateUseLanguages.forEach((privateUseLanguages) => { - it(`"${privateUseLanguages}" is a private language`, function () { - expect(isPrivateLanguage(privateUseLanguages)).to.be.true - }) - }) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/informativeTest_6_3_1.js b/csaf-validator-lib/tests/csaf_2_1/informativeTest_6_3_1.js deleted file mode 100644 index 182dc69..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/informativeTest_6_3_1.js +++ /dev/null @@ -1,8 +0,0 @@ -import assert from 'node:assert' -import { informativeTest_6_3_1 } from '../../csaf_2_1/informativeTests.js' - -describe('informativeTest_6_3_1', function () { - it('only runs on relevant documents', function () { - assert.equal(informativeTest_6_3_1({ document: 'mydoc' }).infos.length, 0) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/informativeTest_6_3_12.js b/csaf-validator-lib/tests/csaf_2_1/informativeTest_6_3_12.js deleted file mode 100644 index 868ce0e..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/informativeTest_6_3_12.js +++ /dev/null @@ -1,43 +0,0 @@ -import assert from 'node:assert' -import { informativeTest_6_3_12 } from '../../csaf_2_1/informativeTests.js' -import { expect } from 'chai' - -const failingTestWithNotConsideredObject = { - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - metrics: [ - {}, - { - content: { - cvss_v3: { - version: '3.1', - vectorString: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H', - baseScore: 10, - baseSeverity: 'CRITICAL', - }, - }, - products: ['CSAFPID-9080700'], - }, - ], - }, - ], -} - -describe('informativeTest_6_3_12', function () { - it('only runs on relevant documents', function () { - assert.equal(informativeTest_6_3_12({ document: 'mydoc' }).infos.length, 0) - }) - - it('test input schema with not considered json object in vulnerabilities', async function () { - const result = informativeTest_6_3_12(failingTestWithNotConsideredObject) - expect(result.infos.length).to.eq(2) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/informativeTest_6_3_18.js b/csaf-validator-lib/tests/csaf_2_1/informativeTest_6_3_18.js deleted file mode 100644 index a8b42fa..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/informativeTest_6_3_18.js +++ /dev/null @@ -1,8 +0,0 @@ -import assert from 'node:assert' -import { informativeTest_6_3_18 } from '../../csaf_2_1/informativeTests.js' - -describe('informativeTest_6_3_18', function () { - it('only runs on relevant documents', function () { - assert.equal(informativeTest_6_3_18({ document: 'mydoc' }).infos.length, 0) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/informativeTest_6_3_2.js b/csaf-validator-lib/tests/csaf_2_1/informativeTest_6_3_2.js deleted file mode 100644 index aa04d93..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/informativeTest_6_3_2.js +++ /dev/null @@ -1,30 +0,0 @@ -import assert from 'node:assert/strict' -import { informativeTest_6_3_2 } from '../../csaf_2_1/informativeTests/informativeTest_6_3_2.js' - -describe('informativeTest_6_3_2', function () { - it('only runs on relevant documents', function () { - assert.equal(informativeTest_6_3_2({ document: 'mydoc' }).infos.length, 0) - }) - it('test input schema with not considered json object in vulnerabilities', function () { - assert.equal( - informativeTest_6_3_2({ - document: {}, - vulnerabilities: [ - {}, - { - metrics: [ - { - content: { - cvss_v3: { - version: '3.0', - }, - }, - }, - ], - }, - ], - }).infos.length, - 1 - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/informativeTest_6_3_4.js b/csaf-validator-lib/tests/csaf_2_1/informativeTest_6_3_4.js deleted file mode 100644 index 6846d85..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/informativeTest_6_3_4.js +++ /dev/null @@ -1,8 +0,0 @@ -import assert from 'node:assert' -import { informativeTest_6_3_4 } from '../../csaf_2_1/informativeTests.js' - -describe('informativeTest_6_3_4', function () { - it('only runs on relevant documents', function () { - assert.equal(informativeTest_6_3_4({ document: 'mydoc' }).infos.length, 0) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_10.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_10.js deleted file mode 100644 index 3a8cfa9..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_10.js +++ /dev/null @@ -1,8 +0,0 @@ -import assert from 'node:assert/strict' -import { mandatoryTest_6_1_10 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_10.js' - -describe('mandatoryTest_6_1_10', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_10({ document: 'mydoc' }).isValid, true) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_13.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_13.js deleted file mode 100644 index a65539a..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_13.js +++ /dev/null @@ -1,72 +0,0 @@ -import assert from 'node:assert/strict' -import { mandatoryTest_6_1_13 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_13.js' - -describe('mandatoryTest_6_1_13', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_13({ product_tree: 'mydoc' }).isValid, true) - }) - - it('skips invalid full product names', function () { - assert.equal( - mandatoryTest_6_1_13({ - product_tree: { - full_product_names: [ - { - product_identification_helper: 'invalid', - }, - ], - }, - }).isValid, - true - ) - }) - - it('validates branches and skips invalid ones', function () { - assert.equal( - mandatoryTest_6_1_13({ - product_tree: { - branches: [ - { - product: { - product_identification_helper: { - purls: [ - 'pkg:oci/product-A@sha256%3Add134261219b2?repository_url=https://registry.example.com', - ], - }, - }, - branches: [ - { - product: 'invalid', - }, - { - branches: [{}], - }, - ], - }, - ], - }, - }).isValid, - true - ) - }) - - it('validates product_paths and skips invalid ones', function () { - assert.equal( - mandatoryTest_6_1_13({ - product_tree: { - product_paths: [ - { - full_product_name: { - purls: [ - 'pkg:oci/product-A@sha256%3Add134261219b2?repository_url=https://registry.example.com', - ], - }, - }, - {}, - ], - }, - }).isValid, - true - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_2.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_2.js deleted file mode 100644 index 617de37..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_2.js +++ /dev/null @@ -1,65 +0,0 @@ -import assert from 'node:assert' -import { mandatoryTest_6_1_2 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_2.js' - -describe('mandatory test 6.1.2', function () { - describe('valid examples', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_2({ product_tree: 'mydoc' }).isValid, true) - }) - }) - it('skips invalid full product names', function () { - assert.equal( - mandatoryTest_6_1_2({ - product_tree: { - full_product_names: [ - { - product_id: { invalid: true }, - }, - ], - }, - }).isValid, - true - ) - }) - - it('validates branches and skips invalid ones', function () { - assert.equal( - mandatoryTest_6_1_2({ - product_tree: { - branches: [ - { - product: { - product_id: 'CSAFPID-9080700', - }, - branches: [ - { - product: 'CSAFPID-9080701', - }, - { - branches: [{}], - }, - ], - }, - ], - }, - }).isValid, - true - ) - }) - - it('validates product_paths and skips invalid ones', function () { - assert.equal( - mandatoryTest_6_1_2({ - product_tree: { - product_paths: [ - { - full_product_name: {}, - }, - {}, - ], - }, - }).isValid, - true - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_12.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_12.js deleted file mode 100644 index 0643bc8..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_12.js +++ /dev/null @@ -1,38 +0,0 @@ -import assert from 'node:assert/strict' -import { mandatoryTest_6_1_27_12 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_12.js' - -describe('mandatoryTest_6_1_27_12', function () { - it('only runs on documents matching the input schema', function () { - assert.equal( - mandatoryTest_6_1_27_12({ - document: 'invalid json', - vulnerabilities: [ - { - product_status: { - under_investigation: ['CSAFPID-9080700'], - }, - }, - ], - }).isValid, - true - ) - }) - - it('only runs on csaf_security_advisory documents', function () { - assert.equal( - mandatoryTest_6_1_27_12({ - document: { - category: 'unknown category', - }, - vulnerabilities: [ - { - product_status: { - under_investigation: ['CSAFPID-9080700'], - }, - }, - ], - }).isValid, - true - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_14.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_14.js deleted file mode 100644 index dd8e3cc..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_14.js +++ /dev/null @@ -1,24 +0,0 @@ -import assert from 'node:assert/strict' -import { mandatoryTest_6_1_27_14 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_14.js' - -describe('mandatoryTest_6_1_27_14', function () { - it('only runs on documents matching the input schema', function () { - assert.equal( - mandatoryTest_6_1_27_14({ - document: 'invalid json', - }).isValid, - true - ) - }) - - it('only runs on csaf_withdrawn and csaf_superseded documents', function () { - assert.equal( - mandatoryTest_6_1_27_14({ - document: { - category: 'unknown category', - }, - }).isValid, - true - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_15.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_15.js deleted file mode 100644 index 95e545c..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_15.js +++ /dev/null @@ -1,24 +0,0 @@ -import assert from 'node:assert/strict' -import { mandatoryTest_6_1_27_15 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_15.js' - -describe('mandatoryTest_6_1_27_15', function () { - it('only runs on documents matching the input schema', function () { - assert.equal( - mandatoryTest_6_1_27_15({ - document: 'invalid json', - }).isValid, - true - ) - }) - - it('only runs on csaf_withdrawn and csaf_superseded documents', function () { - assert.equal( - mandatoryTest_6_1_27_15({ - document: { - category: 'unknown category', - }, - }).isValid, - true - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_16.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_16.js deleted file mode 100644 index 14105fb..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_16.js +++ /dev/null @@ -1,27 +0,0 @@ -import assert from 'node:assert/strict' -import { mandatoryTest_6_1_27_16 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_16.js' - -describe('mandatoryTest_6_1_27_16', function () { - it('only runs on documents matching the input schema', function () { - assert.equal( - mandatoryTest_6_1_27_16({ - document: 'invalid json', - }).isValid, - true - ) - }) - - it('only runs on csaf_withdrawn and csaf_superseded documents', function () { - assert.equal( - mandatoryTest_6_1_27_16({ - document: { - category: 'unknown category', - tracking: { - revision_history: [], - }, - }, - }).isValid, - true - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_17.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_17.js deleted file mode 100644 index e789563..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_17.js +++ /dev/null @@ -1,25 +0,0 @@ -import assert from 'node:assert/strict' -import { mandatoryTest_6_1_27_17 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_17.js' - -describe('mandatoryTest_6_1_27_17', function () { - it('only runs on documents matching the input schema', function () { - assert.equal( - mandatoryTest_6_1_27_17({ - document: 'invalid json', - }).isValid, - true - ) - }) - - it('only runs on csaf_withdrawn documents', function () { - assert.equal( - mandatoryTest_6_1_27_17({ - document: { - category: 'unknown category', - notes: [], - }, - }).isValid, - true - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_18.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_18.js deleted file mode 100644 index e6f69700..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_18.js +++ /dev/null @@ -1,25 +0,0 @@ -import assert from 'node:assert/strict' -import { mandatoryTest_6_1_27_18 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_18.js' - -describe('mandatoryTest_6_1_27_18', function () { - it('only runs on documents matching the input schema', function () { - assert.equal( - mandatoryTest_6_1_27_18({ - document: 'invalid json', - }).isValid, - true - ) - }) - - it('only runs on csaf_superseded documents', function () { - assert.equal( - mandatoryTest_6_1_27_18({ - document: { - category: 'unknown category', - notes: [], - }, - }).isValid, - true - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_19.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_19.js deleted file mode 100644 index ab5b96c..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_19.js +++ /dev/null @@ -1,26 +0,0 @@ -import assert from 'node:assert/strict' -import { mandatoryTest_6_1_27_19 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_19.js' - -describe('mandatoryTest_6_1_27_19', function () { - it('only runs on documents matching the input schema', function () { - assert.equal( - mandatoryTest_6_1_27_19({ - document: 'invalid json', - notes: [], - }).isValid, - true - ) - }) - - it('only runs on csaf_superseded documents', function () { - assert.equal( - mandatoryTest_6_1_27_19({ - document: { - category: 'unknown category', - }, - notes: [], - }).isValid, - true - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_5.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_5.js deleted file mode 100644 index 3dae2b0..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_27_5.js +++ /dev/null @@ -1,36 +0,0 @@ -import assert from 'node:assert/strict' -import { mandatoryTest_6_1_27_5 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_27_5.js' - -describe('mandatoryTest_6_1_27_5', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_27_5({ document: 'mydoc' }).isValid, true) - }) - - it('returns valid for documents with irrelevant category', function () { - assert.equal( - mandatoryTest_6_1_27_5({ - document: { category: 'csaf_base' }, - vulnerabilities: [{}], - }).isValid, - true - ) - }) - - it('returns invalid when vulnerability has no notes', function () { - const result = mandatoryTest_6_1_27_5({ - document: { category: 'csaf_security_advisory' }, - vulnerabilities: [{}], - }) - assert.equal(result.isValid, false) - assert.equal(result.errors.length, 1) - }) - - it('returns invalid when vulnerability has empty notes array', function () { - const result = mandatoryTest_6_1_27_5({ - document: { category: 'csaf_security_advisory' }, - vulnerabilities: [{ notes: [] }], - }) - assert.equal(result.isValid, false) - assert.equal(result.errors.length, 1) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_35.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_35.js deleted file mode 100644 index 13da145..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_35.js +++ /dev/null @@ -1,35 +0,0 @@ -import assert from 'node:assert' -import { mandatoryTest_6_1_35 } from '../../csaf_2_1/mandatoryTests.js' - -describe('mandatoryTest_6_1_37', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_35({ document: 'mydoc' }).isValid, true) - }) - - it('skips remediations without valid category', function () { - assert.equal( - mandatoryTest_6_1_35({ - vulnerabilities: [{ remediations: [{}] }], - }).isValid, - true - ) - }) - - it('skips remediation group checks without declared group', function () { - assert.equal( - mandatoryTest_6_1_35({ - vulnerabilities: [ - { - remediations: [ - { - category: 'some_category', - group_ids: ['my_not_existing_group'], - }, - ], - }, - ], - }).isValid, - true - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_37.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_37.js deleted file mode 100644 index c92d5fa..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_37.js +++ /dev/null @@ -1,51 +0,0 @@ -import assert from 'node:assert/strict' -import { - isValidDate, - mandatoryTest_6_1_37, -} from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_37.js' - -describe('mandatoryTest_6_1_37', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_37({ document: 'mydoc' }).isValid, true) - }) - - describe('isValidDate', function () { - /* - A list of test cases to validate against the function. The `string` is the - date to check and the `boolean` marks if the date is expected to be valid or - invalid. - - - `true` means the date is expected to be VALID - - `false` means the date is expected to be INVALID - */ - const testCases = /** @type {Array<[string, boolean]>} */ ([ - ['2024-01-01T00:00:00Z', true], - ['2024-01-01T00:00:00.000Z', true], - ['2024-01-01T00:00:00.0Z', true], - ['2024-01-01T00:00:00.11111111Z', true], - ['2024-01-01T00:00:00+01:00', true], - ['2024-01-01T00:00:00.111111+01:00', true], - ['2024-01-01T:00:00+01:00', false], - ['2024-01-01T25:00:00+01:00', false], - ['2024-01-01T00:00:00.111111+01:00', true], - ['2024-02-29T00:00:00.987564+01:00', true], - ['2015-06-30T10:29:60-13:30', false], - ['2015-06-30T23:59:60+00:00', false], - ['2015-07-01T06:59:60+07:00', false], - ['2016-12-31T00:00:60-23:59', false], - ['2016-12-31T23:59:60+00:00', false], - ['2017-01-01T02:59:60+03:00', false], - ['2017-01-01T02:59:60+04:00', false], - ['2024-02-30T00:00:00+01:00', false], - ['2024-04-31T00:00:00+01:00', false], - ['2024-13-31T00:00:00+01:00', false], - ['2024-01-24 10:00:00.000Z', false], - ]) - - testCases.forEach((testCase) => { - it(`${testCase[0]} -> ${testCase[1]}`, () => { - assert.equal(isValidDate(testCase[0]).isValid, testCase[1]) - }) - }) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_39.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_39.js deleted file mode 100644 index ceea9b8..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_39.js +++ /dev/null @@ -1,8 +0,0 @@ -import assert from 'node:assert/strict' -import { mandatoryTest_6_1_39 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_39.js' - -describe('mandatoryTest_6_1_39', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_39({ document: 'mydoc' }).isValid, true) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_40.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_40.js deleted file mode 100644 index 7e13ee3..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_40.js +++ /dev/null @@ -1,8 +0,0 @@ -import assert from 'node:assert/strict' -import { mandatoryTest_6_1_40 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_40.js' - -describe('mandatoryTest_6_1_40', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_40({ document: 'mydoc' }).isValid, true) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_41.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_41.js deleted file mode 100644 index 965fb67..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_41.js +++ /dev/null @@ -1,8 +0,0 @@ -import assert from 'node:assert/strict' -import { mandatoryTest_6_1_41 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_41.js' - -describe('mandatoryTest_6_1_41', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_41({ document: 'mydoc' }).isValid, true) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_42.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_42.js deleted file mode 100644 index de07aef..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_42.js +++ /dev/null @@ -1,85 +0,0 @@ -import assert from 'node:assert/strict' -import { expect } from 'chai' - -import { - mandatoryTest_6_1_42, - checkPurls, -} from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_42.js' - -describe('mandatoryTest_6_1_42', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_42({ product_tree: 'mydoc' }).isValid, true) - }) - - it('validates product_paths and skips invalid ones', function () { - assert.equal( - mandatoryTest_6_1_42({ - product_tree: { - product_paths: [ - { - full_product_name: { - purls: [ - 'pkg:oci/product-A@sha256%3Add134261219b2?repository_url=https://registry.example.com', - ], - }, - }, - {}, - ], - }, - }).isValid, - true - ) - }) - - it('test checkPurls', function () { - expect(checkPurls([]), 'empty purl array').to.eql([]) - expect(checkPurls(['invalid']), 'invalid PURL').to.eql([]) - expect( - checkPurls([ - 'pkg:golang/google.golang.org/genproto#googleapis/api/annotations', - 'pkg:golang/google.golang.org/genproto#googleapis/api/test', - ]), - 'only change in subpath' - ).to.eql([]) - expect( - checkPurls([ - 'pkg:deb/debian/curl@7.50.3-1?arch=i386&distro=jessie', - 'pkg:deb/debian/curl@7.50.3-1?arch=i386&distro=buster', - ]), - 'only change in qualifier' - ).to.eql([]) - expect( - checkPurls([ - 'pkg:golang/google.golang.org/genproto#googleapis/api/annotations', - 'pkg:golang/google.golang.com/genproto#googleapis/api/annotations', - ]), - 'change in namespace' - ).to.eql([{ index: 1, purlParts: ['namespace'] }]) - expect( - checkPurls([ - 'pkg:golang/google.golang.org/genproto#googleapis/api/annotations', - 'pkg:npm/google.golang.org/genproto#googleapis/api/annotations', - ]), - 'change in type' - ).to.eql([{ index: 1, purlParts: ['type'] }]) - expect( - checkPurls([ - 'pkg:golang/google.golang.org/genproto#googleapis/api/annotations', - 'pkg:golang/google.golang.org/genproto2#googleapis/api/annotations', - ]), - 'change in name' - ).to.eql([{ index: 1, purlParts: ['name'] }]) - expect( - checkPurls([ - 'pkg:npm/%40angular/animation@12.3.1', - 'invalid', - 'pkg:npm/%40angular/animation@12.3.2', - 'pkg:golang/%40angular/animation@12.3.3', - ]), - 'change in version and invalid PURL' - ).to.eql([ - { index: 2, purlParts: ['version'] }, - { index: 3, purlParts: ['type', 'version'] }, - ]) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_43.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_43.js deleted file mode 100644 index 2c0e428..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_43.js +++ /dev/null @@ -1,133 +0,0 @@ -import assert from 'node:assert/strict' - -import { - mandatoryTest_6_1_43, - containMultipleUnescapedStars, -} from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_43.js' - -describe('mandatoryTest_6_1_43', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_43({ product_tree: 'mydoc' }).isValid, true) - }) - - describe('containMultipleUnescapedStars', function () { - const testCases = /** @type {Array<[string, boolean]>} */ ([ - // Valid cases - single or no unescaped stars - ['PA*', false], - ['P?A*', false], - ['P??A*', false], - ['P???A*', false], - ['P????A*', false], - ['*PA', false], - ['PA', false], - ['*P\\*\\*?\\*', false], - ['\\*PA*', false], - ['PA\\*', false], - ['PA\\**', false], - ['*\\*', false], - ['\\**', false], - ['\\*\\*', false], - ['\\**\\*', false], - // Invalid cases - multiple unescaped stars - ['P*A*', true], - ['*P*A', true], - ['*P*\\*?*', true], - ['**', true], - ['***', true], - ['*\\**', true], - ['*P*', true], - ['P*A*B', true], - ['P*A*B*', true], - ['*P*\\*?*', true], - ]) - - testCases.forEach((testCase) => { - it(`${testCase[0]} -> ${testCase[1]}`, () => { - assert.equal(containMultipleUnescapedStars(testCase[0]), testCase[1]) - }) - }) - }) - - it('validates branches and skips invalid ones', function () { - assert.equal( - mandatoryTest_6_1_43({ - product_tree: { - branches: [ - { - product: { - product_identification_helper: { - model_numbers: ['*P\\*\\*?\\*'], - }, - }, - branches: [ - { - product: 'invalid', - }, - { - branches: [{}], - }, - ], - }, - ], - }, - }).isValid, - true - ) - }) - - it('validates product_paths and skips invalid ones', function () { - assert.equal( - mandatoryTest_6_1_43({ - product_tree: { - product_paths: [ - { - full_product_name: { - model_numbers: ['*P\\*\\*?\\*'], - }, - }, - {}, - ], - }, - }).isValid, - true - ) - }) - - it('detects invalid model numbers in branches', function () { - assert.equal( - mandatoryTest_6_1_43({ - product_tree: { - branches: [ - { - product: { - product_identification_helper: { - model_numbers: ['P*A*'], - }, - }, - }, - ], - }, - }).isValid, - false - ) - }) - - it('detects invalid model numbers in product_paths', function () { - assert.equal( - mandatoryTest_6_1_43({ - product_tree: { - product_paths: [ - { - full_product_name: { - product_identification_helper: { - model_numbers: ['P*A*'], - }, - }, - }, - ], - }, - }).isValid, - false - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_44.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_44.js deleted file mode 100644 index 4e67b2a..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_44.js +++ /dev/null @@ -1,92 +0,0 @@ -import assert from 'node:assert/strict' - -import { mandatoryTest_6_1_44 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_44.js' - -describe('mandatoryTest_6_1_44', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_44({ product_tree: 'mydoc' }).isValid, true) - }) - - it('validates branches and skips invalid ones', function () { - assert.equal( - mandatoryTest_6_1_44({ - product_tree: { - branches: [ - { - product: { - product_identification_helper: { - serial_numbers: ['*P\\*\\*?\\*'], - }, - }, - branches: [ - { - product: 'invalid', - }, - { - branches: [{}], - }, - ], - }, - ], - }, - }).isValid, - true - ) - }) - - it('validates product_paths and skips invalid ones', function () { - assert.equal( - mandatoryTest_6_1_44({ - product_tree: { - product_paths: [ - { - full_product_name: { - serial_numbers: ['*P\\*\\*?\\*'], - }, - }, - {}, - ], - }, - }).isValid, - true - ) - }) - - it('detects invalid serial numbers in branches', function () { - assert.equal( - mandatoryTest_6_1_44({ - product_tree: { - branches: [ - { - product: { - product_identification_helper: { - serial_numbers: ['P*A*'], - }, - }, - }, - ], - }, - }).isValid, - false - ) - }) - - it('detects invalid serial numbers in product_paths', function () { - assert.equal( - mandatoryTest_6_1_44({ - product_tree: { - product_paths: [ - { - full_product_name: { - product_identification_helper: { - serial_numbers: ['P*A*'], - }, - }, - }, - ], - }, - }).isValid, - false - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_45.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_45.js deleted file mode 100644 index c25e93b..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_45.js +++ /dev/null @@ -1,60 +0,0 @@ -import assert from 'node:assert/strict' -import { mandatoryTest_6_1_45 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_45.js' - -describe('mandatoryTest_6_1_45', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_45({ document: 'mydoc' }).isValid, true) - }) - - it('skips status draft', function () { - assert.equal( - mandatoryTest_6_1_45({ - document: { - distribution: { - tlp: { - label: 'CLEAR', - }, - }, - tracking: { - revision_history: [{ date: '2024-01-24T10:00:00.000Z' }], - status: 'draft', - }, - }, - vulnerabilities: [ - { - disclosure_date: '2025-01-24T12:34:56.789Z', - }, - ], - }).isValid, - true - ) - }) - - it('skips empty objects', function () { - assert.equal( - mandatoryTest_6_1_45({ - document: { - distribution: { - tlp: { - label: 'CLEAR', - }, - }, - tracking: { - revision_history: [ - {}, // should be ignored - { date: '2024-01-24T10:00:00.000Z' }, - ], - status: 'final', - }, - }, - vulnerabilities: [ - {}, // should be ignored - { - disclosure_date: '2025-01-24T12:34:56.789Z', - }, - ], - }).isValid, - false - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_51.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_51.js deleted file mode 100644 index 7aa781f..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_51.js +++ /dev/null @@ -1,141 +0,0 @@ -import assert from 'node:assert/strict' -import { mandatoryTest_6_1_51 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_51.js' - -describe('mandatoryTest_6_1_51', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_51({ document: 'mydoc' }).isValid, true) - }) - - it('skips status draft', function () { - assert.equal( - mandatoryTest_6_1_51({ - document: { - tracking: { - revision_history: [], - status: 'draft', - }, - }, - vulnerabilities: [], - }).isValid, - true - ) - }) - - it('skips empty revision_history object', function () { - assert.equal( - mandatoryTest_6_1_51({ - document: { - tracking: { - revision_history: [ - {}, // should be ignored - { date: '2024-01-24T10:00:00.000Z' }, - ], - status: 'final', - }, - }, - vulnerabilities: [ - { - metrics: [ - { - content: { - epss: { - timestamp: '2024-01-24T12:34:56.789Z', - }, - }, - }, - ], - }, - ], - }).isValid, - false - ) - }) - - it('skips empty vulnerability object', function () { - assert.equal( - mandatoryTest_6_1_51({ - document: { - tracking: { - revision_history: [{ date: '2024-01-24T10:00:00.000Z' }], - status: 'final', - }, - }, - vulnerabilities: [ - {}, // should be ignored - { - metrics: [ - { - content: { - epss: { - timestamp: '2024-01-24T12:34:56.789Z', - }, - }, - }, - ], - }, - ], - }).isValid, - false - ) - }) - - it('skips empty metrics object', function () { - assert.equal( - mandatoryTest_6_1_51({ - document: { - tracking: { - revision_history: [{ date: '2024-01-24T10:00:00.000Z' }], - status: 'final', - }, - }, - vulnerabilities: [ - { - metrics: [ - {}, // should be ignored - { - content: { - epss: { - timestamp: '2024-01-24T12:34:56.789Z', - }, - }, - }, - ], - }, - ], - }).isValid, - false - ) - }) - - it('skips empty epss object', function () { - assert.equal( - mandatoryTest_6_1_51({ - document: { - tracking: { - revision_history: [{ date: '2024-01-24T10:00:00.000Z' }], - status: 'final', - }, - }, - vulnerabilities: [ - { - metrics: [ - { - content: { - epss: {}, // should be ignored - }, - }, - { - content: { - epss: { - timestamp: '2024-01-24T12:34:56.789Z', - }, - }, - }, - ], - }, - ], - }).isValid, - false - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_52.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_52.js deleted file mode 100644 index 555f204..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_52.js +++ /dev/null @@ -1,100 +0,0 @@ -import assert from 'node:assert/strict' -import { mandatoryTest_6_1_52 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_52.js' - -describe('mandatoryTest_6_1_52', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_52({ document: 'mydoc' }).isValid, true) - }) - - it('skips status draft', function () { - assert.equal( - mandatoryTest_6_1_52({ - document: { - tracking: { - revision_history: [], - status: 'draft', - }, - }, - vulnerabilities: [], - }).isValid, - true - ) - }) - - it('skips empty revision_history object', function () { - assert.equal( - mandatoryTest_6_1_52({ - document: { - tracking: { - revision_history: [ - {}, // should be ignored - { date: '2024-01-24T10:00:00.000Z' }, - ], - status: 'final', - }, - }, - vulnerabilities: [ - { - first_known_exploitation_dates: [ - { - date: '2024-01-24T13:00:00.000Z', - exploitation_date: '2024-01-24T12:34:56.789Z', - }, - ], - }, - ], - }).isValid, - false - ) - }) - - it('skips empty vulnerability object', function () { - assert.equal( - mandatoryTest_6_1_52({ - document: { - tracking: { - revision_history: [{ date: '2024-01-24T10:00:00.000Z' }], - status: 'final', - }, - }, - vulnerabilities: [ - {}, // should be ignored - { - first_known_exploitation_dates: [ - { - date: '2024-01-24T13:00:00.000Z', - exploitation_date: '2024-01-24T12:34:56.789Z', - }, - ], - }, - ], - }).isValid, - false - ) - }) - - it('skips empty first_known_exploitation_date object', function () { - assert.equal( - mandatoryTest_6_1_52({ - document: { - tracking: { - revision_history: [{ date: '2024-01-24T10:00:00.000Z' }], - status: 'final', - }, - }, - vulnerabilities: [ - { - first_known_exploitation_dates: [ - {}, // should be ignored - { - date: '2024-01-24T13:00:00.000Z', - exploitation_date: '2024-01-24T12:34:56.789Z', - }, - ], - }, - ], - }).isValid, - false - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_58.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_58.js deleted file mode 100644 index b21535d..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_58.js +++ /dev/null @@ -1,95 +0,0 @@ -import assert from 'node:assert' -import { mandatoryTest_6_1_58 } from '../../csaf_2_1/mandatoryTests.js' - -describe('mandatoryTest_6_1_58', function () { - it('only runs on relevant documents', function () { - assert.equal( - mandatoryTest_6_1_58({ vulnerabilities: 'mydoc' }).errors.length, - 0 - ) - }) - - it('passes when product_tree has no branches', function () { - assert.equal( - mandatoryTest_6_1_58({ - product_tree: { - full_product_names: [ - { - name: 'Example Company Controller A 1.0', - product_id: 'CSAFPID-908070601', - }, - ], - }, - }).errors.length, - 0 - ) - }) - - it('skips recursion when a child branch has invalid branches property', function () { - const result = mandatoryTest_6_1_58({ - product_tree: { - branches: [ - { - category: 'product_version', - name: '1.0', - branches: [ - { - category: 'product_version_range', - name: 'vers:intdot/<1.1', - branches: 'not-an-array', - }, - ], - }, - ], - }, - }) - assert.equal(result.errors.length, 0) - assert.equal(result.isValid, true) - }) - - it('reports all leaves under a conflicting branch', function () { - const result = mandatoryTest_6_1_58({ - product_tree: { - branches: [ - { - category: 'product_version', - name: '1.0', - branches: [ - { - category: 'product_version_range', - name: 'vers:intdot/<1.1', - branches: [ - { - category: 'architecture', - name: 'x86', - product: { - name: 'Product x86', - product_id: 'CSAFPID-2', - }, - }, - { - category: 'architecture', - name: 'arm', - product: { - name: 'Product arm', - product_id: 'CSAFPID-3', - }, - }, - ], - }, - ], - }, - ], - }, - }) - assert.equal(result.isValid, false) - assert.equal(result.errors.length, 2) - const paths = result.errors.map((e) => e.instancePath) - assert.ok( - paths.includes('/product_tree/branches/0/branches/0/branches/0/product') - ) - assert.ok( - paths.includes('/product_tree/branches/0/branches/0/branches/1/product') - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_6.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_6.js deleted file mode 100644 index 9cc8a61..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_6.js +++ /dev/null @@ -1,17 +0,0 @@ -import assert from 'node:assert/strict' -import { mandatoryTest_6_1_6 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_6.js' - -describe('mandatoryTest_6_1_6', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_6({ document: 'mydoc' }).isValid, true) - }) - - it('skip the check if there is no product status', function () { - assert.equal( - mandatoryTest_6_1_6({ - vulnerabilities: [{}], - }).isValid, - true - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_7.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_7.js deleted file mode 100644 index c2b8535..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_7.js +++ /dev/null @@ -1,78 +0,0 @@ -import { expect } from 'chai' -import { mandatoryTest_6_1_7 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_7.js' -import minimalDoc from './shared/minimalDoc.js' -import { - cvssV31Content, - productTreeWithFullProductName, -} from './shared/csafDocHelper.js' -import csaf_2_1 from '../../csaf_2_1/schemaTests/csaf_2_1.js' - -const emptyMandatoryTest6_1_7 = { - $schema: minimalDoc.$schema, - document: { - ...minimalDoc.document, - }, - product_tree: productTreeWithFullProductName('CSAFPID-9080700', 'Product A'), - vulnerabilities: [ - { - metrics: [ - { - cvss_v3: { - version: '3.0', - }, - }, - ], - }, - { - metrics: [ - { - content: {}, - products: [], - }, - ], - }, - ], -} - -const failingTestWithNotConsideredObject6_1_7 = { - $schema: minimalDoc.$schema, - document: { - ...minimalDoc.document, - }, - product_tree: productTreeWithFullProductName('CSAFPID-9080700', 'Product A'), - vulnerabilities: [ - {}, // input schema should not consider this - { - metrics: [ - cvssV31Content(6.5, 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H', [ - 'CSAFPID-9080700', - ]), - cvssV31Content(6.5, 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H', [ - 'CSAFPID-9080700', - ]), - ], - }, - ], -} - -describe('mandatory test 6.1.7', function () { - describe('valid examples', function () { - it('test empty vulnerabilities', async function () { - const result = mandatoryTest_6_1_7(emptyMandatoryTest6_1_7) - expect(result.errors.length).to.eq(0) - }) - - it('test input schema with minimal doc', async function () { - expect(csaf_2_1(minimalDoc).isValid).to.be.true - const result = mandatoryTest_6_1_7(minimalDoc) - expect(result.errors.length).to.eq(0) - }) - - it('test input schema with not considered json object in vulnerabilities', async function () { - const result = mandatoryTest_6_1_7( - failingTestWithNotConsideredObject6_1_7 - ) - expect(result.errors.length).to.eq(1) - }) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_9.js b/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_9.js deleted file mode 100644 index afe91b8..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/mandatoryTest_6_1_9.js +++ /dev/null @@ -1,45 +0,0 @@ -import assert from 'node:assert' -import { mandatoryTest_6_1_9 } from '../../csaf_2_1/mandatoryTests.js' - -describe('mandatoryTest_6_1_9', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_9({ document: 'mydoc' }).isValid, true) - }) - - it('test safelyParseCVSSV2Vector with invalid vector string format', function () { - const doc = { - document: 'mydoc', - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-9080700', - name: 'Product A', - }, - ], - }, - vulnerabilities: [ - { - metrics: [ - { - content: { - cvss_v2: { - version: '2.0', - vectorString: 'AV:N/AC:L/Au:INVALID', - baseScore: 10.0, - }, - cvss_v3: { - version: '3.1', - vectorString: 'CVSS:3.1/AV:INVALID', - baseScore: 10, - baseSeverity: 'CRITICAL', - }, - }, - products: ['CSAFPID-9080700'], - }, - ], - }, - ], - } - assert.equal(mandatoryTest_6_1_9(doc).isValid, true) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/oasis.js b/csaf-validator-lib/tests/csaf_2_1/oasis.js deleted file mode 100644 index 534a078..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/oasis.js +++ /dev/null @@ -1,237 +0,0 @@ -import { readFile } from 'node:fs/promises' -import { readFileSync } from 'node:fs' -import assert from 'node:assert/strict' -import * as informative from '../../csaf_2_1/informativeTests.js' -import * as recommended from '../../csaf_2_1/recommendedTests.js' -import * as mandatory from '../../csaf_2_1/mandatoryTests.js' - -/** - * This is a list that includes all test numbers that are not yet implemented. - * Once all tests are implemented for CSAF 2.1 this should be deleted. - */ -const excluded = [ - '6.1.8', - '6.1.9', - '6.1.26', - '6.1.27.3', - '6.1.27.4', - '6.1.27.6', - '6.1.27.11', - '6.1.27.13', - '6.1.37', - '6.1.46', - '6.1.47', - '6.1.48', - '6.1.49', - '6.1.50', - '6.1.53', - '6.1.54', - '6.1.55', - '6.1.56', - '6.1.57', - '6.1.59', - '6.1.60.1', - '6.1.60.2', - '6.1.60.3', - '6.1.61', - '6.2.11', - '6.2.19', - '6.2.20', - '6.2.24', - '6.2.26', - '6.2.31', - '6.2.32', - '6.2.33', - '6.2.34', - '6.2.35', - '6.2.36', - '6.2.37', - '6.2.39.1', - '6.2.39.3', - '6.2.39.5', - '6.2.42', - '6.2.44', - '6.2.45', - '6.2.46', - '6.2.49', - '6.2.50.1', - '6.2.50.2', - '6.2.50.3', - '6.2.51', - '6.2.52', - '6.2.53', - '6.2.54.1', - '6.2.54.2', - '6.2.54.3', - '6.2.54.4', - '6.3.12', - '6.3.13', - '6.3.14', - '6.3.15', - '6.3.16', - '6.3.17', - '6.3.19.1', - '6.3.19.2', - '6.3.19.3', - '6.3.19.4', - '6.3.19.5', - '6.3.20', - '6.3.21.1', - '6.3.21.2', - '6.3.21.3', - '6.3.21.4', - '6.3.21.5', - '6.3.21.6', - '6.3.21.7', - '6.3.21.8', - '6.3.21.9', - '6.3.22', -] - -/** - * This is a list that includes all implemented tests that are currently skipped due to known issues. - * Once the issues are resolved, these should be removed from this list and the tests should be re-enabled. - */ -const skippedTests = new Set([ - 'mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-01-12.json', - 'mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-03-01.json', -]) - -/** @typedef {import('../../lib/shared/types.js').DocumentTest} DocumentTest */ - -/** @typedef {Map} TestMap */ - -/** - * @typedef {object} TestCases - * @property {TestCase[]} tests - */ - -/** - * @typedef {object} TestCase - * @property {string} id - * @property {string} group - * @property {TestSpec[]} [failures] - * @property {TestSpec[]} [valid] - */ - -/** - * @typedef {object} TestSpec - * @property {string} name - * @property {boolean} valid - */ - -const tests = new Map([ - [ - 'informative', - /** @type {TestMap} */ (new Map(Object.entries(informative))), - ], - [ - 'recommended', - /** @type {TestMap} */ (new Map(Object.entries(recommended))), - ], - ['mandatory', /** @type {TestMap} */ (new Map(Object.entries(mandatory)))], -]) - -const testDataBaseUrl = new URL( - '../../csaf/csaf_2.1/test/validator/data/', - import.meta.url -) - -const testCases = /** @type {TestCases} */ ( - JSON.parse( - await readFile(new URL('testcases.json', testDataBaseUrl), 'utf-8') - ) -) - -const testMap = parseTestCases() - -for (const [group, t] of testMap) { - describe(group, function () { - for (const [testId, u] of t) { - describe(testId, function () { - for (const [type, testSpecs] of u) { - describe(type, function () { - for (const testSpec of testSpecs) { - if (skippedTests.has(testSpec.name)) continue - if (excluded.includes(testId)) continue - - it(testSpec.name, async () => { - const test = tests - .get(group) - ?.get(`${group}Test_${testId.replace(/\./g, '_')}`) - - assert(test, 'test does not exist') - - const doc = JSON.parse( - readFileSync(new URL(testSpec.name, testDataBaseUrl), 'utf-8') - ) - - const result = await test(doc) - - if (group === 'mandatory') { - assert.equal(result.isValid, testSpec.valid) - assert.equal( - Boolean(result.errors?.length), - type === 'failures', - type === 'failures' - ? 'should have errors' - : `should not have errors, but had ${result.errors?.length}` - ) - } else { - assert.equal(result.isValid === undefined, testSpec.valid) - - if (group === 'recommended') { - assert.equal( - Boolean(result.warnings?.length), - type === 'failures', - type === 'failures' - ? 'should have warnings' - : `should not have warnings, but had ${result.warnings?.length}` - ) - } else if (group === 'informative') { - assert.equal( - Boolean(result.infos?.length), - type === 'failures', - type === 'failures' - ? 'should have infos' - : `should not have infos, but had ${result.infos?.length}` - ) - } - } - }) - } - }) - } - }) - } - }) -} - -function parseTestCases() { - /** @type {Map>>} */ - const testData = new Map() - for (const test of testCases.tests) { - const valids = testData.get(test.group)?.get(test.id)?.get('valid') ?? [] - const failures = - testData.get(test.group)?.get(test.id)?.get('failures') ?? [] - - for (const valid of test.valid ?? []) { - valids.push(valid) - } - for (const failure of test.failures ?? []) { - failures.push(failure) - } - - testData.set( - test.group, - new Map(testData.get(test.group)).set( - test.id, - new Map(testData.get(test.group)?.get(test.id)) - .set('valid', valids) - .set('failures', failures) - ) - ) - } - - return testData -} diff --git a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_21.js b/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_21.js deleted file mode 100644 index c3737f3..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_21.js +++ /dev/null @@ -1,79 +0,0 @@ -import assert from 'node:assert' -import { recommendedTest_6_2_21 } from '../../csaf_2_1/recommendedTests.js' - -describe('recommendedTest_6_2_21', function () { - it('only runs on relevant documents', function () { - assert.equal( - recommendedTest_6_2_21({ vulnerabilities: 'mydoc' }).warnings.length, - 0 - ) - }) - it('skips empty objects', function () { - assert.equal( - recommendedTest_6_2_21({ - document: { - tracking: { - revision_history: [ - { - date: '2024-01-22T10:00:00.000Z', - number: '1', - summary: 'Initial version.', - }, - { - date: '2024-01-22T10:00:00.000Z', - number: '2', - summary: 'Second version.', - }, - {}, // should be ignored - ], - }, - }, - }).warnings.length, - 1 - ) - }) - /** - * Tests if in the warnings message the right revision_history items are referenced even the revision_history - * contains items where the "date" property is undefined - * */ - it('warnings message references right revision history items in case of undefined dates', function () { - assert.deepEqual( - recommendedTest_6_2_21({ - document: { - tracking: { - revision_history: [ - { - number: '4.0.0', - summary: 'Fourth version.', - }, - { - date: '2024-01-21T10:00:00.000Z', - number: '2.0.0', - summary: 'Second version.', - }, - { - date: '2025-02-28T14:23:59.000Z', - number: '3.0.0', - summary: 'Third version.', - }, - {}, - {}, - { - date: '2024-01-21T10:00:00.000Z', - number: '1.0.0', - summary: 'Initial version.', - }, - ], - }, - }, - }).warnings, - [ - { - instancePath: '/document/tracking/revision_history/5/date', - message: - 'the timestamps of the revision history items with version number 2.0.0 and 1.0.0 are equal', - }, - ] - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_22.js b/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_22.js deleted file mode 100644 index 7a2900b..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_22.js +++ /dev/null @@ -1,11 +0,0 @@ -import assert from 'node:assert' -import { recommendedTest_6_2_22 } from '../../csaf_2_1/recommendedTests.js' - -describe('recommendedTest_6_2_22', function () { - it('only runs on relevant documents', function () { - assert.equal( - recommendedTest_6_2_22({ vulnerabilities: 'mydoc' }).warnings.length, - 0 - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_23.js b/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_23.js deleted file mode 100644 index 459d0f6..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_23.js +++ /dev/null @@ -1,33 +0,0 @@ -import assert from 'node:assert' -import { recommendedTest_6_2_23 } from '../../csaf_2_1/recommendedTests.js' - -describe('recommendedTest_6_2_23', function () { - it('only runs on relevant documents', async function () { - assert.equal( - (await recommendedTest_6_2_23({ vulnerabilities: 'mydoc' })).warnings - .length, - 0 - ) - }) - it('skips empty objects', async function () { - assert.equal( - ( - await recommendedTest_6_2_23({ - vulnerabilities: [ - { - cwes: [ - { - id: 'CWE-596', - name: 'DEPRECATED: Incorrect Semantic Object Comparison', - version: '4.13', - }, - ], - }, - {}, // should be ignored - ], - }) - ).warnings.length, - 1 - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_25.js b/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_25.js deleted file mode 100644 index 3bcdcd3..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_25.js +++ /dev/null @@ -1,33 +0,0 @@ -import assert from 'node:assert' -import { recommendedTest_6_2_25 } from '../../csaf_2_1/recommendedTests.js' - -describe('recommendedTest_6_2_25', function () { - it('only runs on relevant documents', async function () { - assert.equal( - (await recommendedTest_6_2_25({ vulnerabilities: 'mydoc' })).warnings - .length, - 0 - ) - }) - it('skips empty objects', async function () { - assert.equal( - ( - await recommendedTest_6_2_25({ - vulnerabilities: [ - { - cwes: [ - { - id: 'CWE-20', - name: 'Improper Input Validation', - version: '4.13', - }, - ], - }, - {}, // should be ignored - ], - }) - ).warnings.length, - 1 - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_27.js b/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_27.js deleted file mode 100644 index f8c8fd9..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_27.js +++ /dev/null @@ -1,11 +0,0 @@ -import assert from 'node:assert' -import { recommendedTest_6_2_27 } from '../../csaf_2_1/recommendedTests.js' - -describe('recommendedTest_6_2_27', function () { - it('only runs on relevant documents', function () { - assert.equal( - recommendedTest_6_2_27({ vulnerabilities: 'mydoc' }).warnings.length, - 0 - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_3.js b/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_3.js deleted file mode 100644 index aab032a..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_3.js +++ /dev/null @@ -1,11 +0,0 @@ -import assert from 'node:assert' -import { recommendedTest_6_2_3 } from '../../csaf_2_1/recommendedTests.js' - -describe('recommendedTest_6_2_3', function () { - it('only runs on relevant documents', function () { - assert.equal( - recommendedTest_6_2_3({ vulnerabilities: 'mydoc' }).warnings.length, - 0 - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_30.js b/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_30.js deleted file mode 100644 index 4eb8721..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_30.js +++ /dev/null @@ -1,11 +0,0 @@ -import assert from 'node:assert' -import { recommendedTest_6_2_30 } from '../../csaf_2_1/recommendedTests.js' - -describe('recommendedTest_6_2_30', function () { - it('only runs on relevant documents', function () { - assert.equal( - recommendedTest_6_2_30({ vulnerabilities: 'mydoc' }).warnings.length, - 0 - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_38.js b/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_38.js deleted file mode 100644 index 0a356ce..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_38.js +++ /dev/null @@ -1,11 +0,0 @@ -import assert from 'node:assert' -import { recommendedTest_6_2_38 } from '../../csaf_2_1/recommendedTests.js' - -describe('recommendedTest_6_2_38', function () { - it('only runs on relevant documents', function () { - assert.equal( - recommendedTest_6_2_38({ vulnerabilities: 'mydoc' }).warnings.length, - 0 - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_39_2.js b/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_39_2.js deleted file mode 100644 index 9f9735e..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_39_2.js +++ /dev/null @@ -1,49 +0,0 @@ -import { recommendedTest_6_2_39_2 } from '../../csaf_2_1/recommendedTests/recommendedTest_6_2_39_2.js' -import { expect } from 'chai' -import assert from 'node:assert' -import { getTranslationInDocumentLang } from '../../lib/shared/languageSpecificTranslation.js' - -describe('recommendedTest_6_2_39_2', function () { - it('only runs on relevant documents', function () { - assert.equal(recommendedTest_6_2_39_2({}).warnings.length, 0) - }) - - it('only runs on valid category', function () { - const result = recommendedTest_6_2_39_2({ - document: { category: '123', license_expression: 'MIT' }, - }) - - assert.equal(result.warnings.length, 0) - assert.equal(result.infos.length, 0) - }) - - it('info on invalid language', function () { - const result = recommendedTest_6_2_39_2({ - document: { - category: 'csaf_withdrawn', - lang: '123', - license_expression: 'MIT', - }, - }) - assert.equal(result.warnings.length, 0) - assert.equal(result.infos.length, 1) - }) - - it('check get ReasoningForWithdrawal in document lang', function () { - expect( - getTranslationInDocumentLang( - { document: { lang: 'de' } }, - 'reasoning_for_withdrawal' - ) - ).to.eq('Begründung für die Zurückziehung') - expect( - getTranslationInDocumentLang( - { document: { lang: 'es' } }, - 'reasoning_for_withdrawal' - ) - ).to.eq(undefined) - expect( - getTranslationInDocumentLang({ document: {} }, 'reasoning_for_withdrawal') - ).to.eq(undefined) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_39_4.js b/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_39_4.js deleted file mode 100644 index 0bf370e..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_39_4.js +++ /dev/null @@ -1,46 +0,0 @@ -import { recommendedTest_6_2_39_4 } from '../../csaf_2_1/recommendedTests/recommendedTest_6_2_39_4.js' -import { expect } from 'chai' -import assert from 'node:assert' -import { getTranslationInDocumentLang } from '../../lib/shared/languageSpecificTranslation.js' - -describe('recommendedTest_6_2_39_4', function () { - it('only runs on relevant documents', function () { - assert.equal(recommendedTest_6_2_39_4({}).warnings.length, 0) - }) - - it('only runs on valid category', function () { - const result = recommendedTest_6_2_39_4({ - document: { category: '123', license_expression: 'MIT' }, - }) - - assert.equal(result.warnings.length, 0) - assert.equal(result.infos.length, 0) - }) - - it('only runs on valid language', function () { - const result = recommendedTest_6_2_39_4({ - document: { - category: 'csaf_superseded', - lang: '123', - license_expression: 'MIT', - }, - }) - assert.equal(result.warnings.length, 0) - assert.equal(result.infos.length, 1) - }) - - it('check get superseding_document in document lang', function () { - expect( - getTranslationInDocumentLang( - { document: { lang: 'de' } }, - 'superseding_document' - ) - ).to.eq('Ersetzendes Dokument') - expect( - getTranslationInDocumentLang({ document: { lang: 'es' } }, 'v') - ).to.eq(undefined) - expect( - getTranslationInDocumentLang({ document: {} }, 'superseding_document') - ).to.eq(undefined) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_40.js b/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_40.js deleted file mode 100644 index b691bf6..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_40.js +++ /dev/null @@ -1,43 +0,0 @@ -import assert from 'node:assert/strict' -import { recommendedTest_6_2_40 } from '../../csaf_2_1/recommendedTests/recommendedTest_6_2_40.js' - -describe('recommendedTest_6_2_40', function () { - it('only runs on relevant documents', function () { - assert.equal(recommendedTest_6_2_40({}).warnings.length, 0) - }) - it('skips empty objects', function () { - assert.equal( - recommendedTest_6_2_40({ - document: { - notes: [ - { - category: 'description', - text: 'Product A is a local time tracking tool. It is mainly used by software developers and can be connected with most modern time-tracking systems.', - title: 'Product Description', - }, - {}, // skip this empty object - ], - }, - }).warnings.length, - 1 - ) - }) - it('no language specific translation', function () { - assert.equal( - recommendedTest_6_2_40({ - document: { - lang: '123456789', - notes: [ - { - category: 'description', - product_ids: ['CSAFPID-9080700'], - text: 'Produkt A is ein lokales Zeiterfassungstool. Es wird hauptsächlich von Softwareentwicklern verwendet und kann an die meisten modernen Zeiterfasssungssysteme angebunden werden.', - title: 'Produkt A wird hier beschrieben', - }, - ], - }, - }).infos.length, - 1 - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_41.js b/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_41.js deleted file mode 100644 index adb7ff5..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_41.js +++ /dev/null @@ -1,90 +0,0 @@ -import assert from 'node:assert' -import { recommendedTest_6_2_41 } from '../../csaf_2_1/recommendedTests.js' - -describe('recommendedTest_6_2_41', function () { - it('only runs on relevant documents', function () { - assert.equal( - recommendedTest_6_2_41({ vulnerabilities: 'mydoc' }).warnings.length, - 0 - ) - }) - - it('skips status draft', function () { - assert.equal( - recommendedTest_6_2_41({ - document: { - tracking: { - revision_history: [], - status: 'draft', - }, - }, - vulnerabilities: [], - }).warnings.length, - 0 - ) - }) - - it('skips empty revision_history object', function () { - assert.equal( - recommendedTest_6_2_41({ - document: { - tracking: { - revision_history: [ - {}, // should be ignored - ], - status: 'final', - }, - }, - vulnerabilities: [], - }).warnings.length, - 0 - ) - }) - - it('Skips vulnerabilities without metrics object', function () { - assert.equal( - recommendedTest_6_2_41({ - document: { - tracking: { - revision_history: [{ date: '2024-01-24T10:00:00.000Z' }], - status: 'final', - }, - }, - vulnerabilities: [{}], - }).warnings.length, - 0 - ) - }) - - it('skips empty epss object', function () { - assert.equal( - recommendedTest_6_2_41({ - document: { - tracking: { - revision_history: [{ date: '2024-01-24T10:00:00.000Z' }], - status: 'final', - }, - }, - vulnerabilities: [ - { - metrics: [ - { - content: { - epss: {}, // should be ignored - }, - }, - { - content: { - epss: { - timestamp: '2024-01-01T10:00:00.000Z', - }, - }, - }, - ], - }, - ], - }).warnings.length, - 1 - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_43.js b/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_43.js deleted file mode 100644 index 54601a7..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_43.js +++ /dev/null @@ -1,11 +0,0 @@ -import assert from 'node:assert' -import { recommendedTest_6_2_43 } from '../../csaf_2_1/recommendedTests.js' - -describe('recommendedTest_6_2_43', function () { - it('only runs on relevant documents', function () { - assert.equal( - recommendedTest_6_2_43({ vulnerabilities: 'mydoc' }).warnings.length, - 1 - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_47.js b/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_47.js deleted file mode 100644 index a4dd594..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_47.js +++ /dev/null @@ -1,99 +0,0 @@ -import assert from 'node:assert' -import { recommendedTest_6_2_47 } from '../../csaf_2_1/recommendedTests.js' - -describe('recommendedTest_6_2_47', function () { - it('only runs on relevant documents', function () { - assert.equal( - recommendedTest_6_2_47({ vulnerabilities: 'mydoc' }).warnings.length, - 0 - ) - }) - - it('runs on references with empty category in reference', function () { - assert.equal( - recommendedTest_6_2_47({ - document: { - references: [ - { - category: 'self', - summary: 'The canonical URL for the CSAF document.', - url: 'https://example.com/.well-known/csaf/clear/2024/oasis_csaf_tc-csaf_2_1-2024-6-2-47-02.json', - }, - { url: 'https://some.other.url' }, - ], - tracking: { - id: 'OASIS_CSAF_TC-CSAF_2.1-2024-6-2-47-11', - }, - }, - vulnerabilities: [ - { - metrics: [ - { - content: { - qualitative_severity_rating: 'low', - }, - products: ['CSAFPID-9080700'], - }, - ], - }, - ], - }).warnings.length, - 1 - ) - }) - - it('runs on references with empty qualitative_severity_rating (considered as not existing)', function () { - assert.equal( - recommendedTest_6_2_47({ - document: { - references: [ - { - category: 'self', - summary: 'The canonical URL for the CSAF document.', - url: 'https://example.com/.well-known/csaf/clear/2024/oasis_csaf_tc-csaf_2_1-2024-6-2-47-02.json', - }, - { url: 'https://some.other.url' }, - ], - tracking: { - id: 'OASIS_CSAF_TC-CSAF_2.1-2024-6-2-47-11', - }, - }, - vulnerabilities: [ - { - metrics: [ - { - content: { - qualitative_severity_rating: '', - }, - products: ['CSAFPID-9080700'], - }, - ], - }, - ], - }).warnings.length, - 0 - ) - }) - - it('runs on empty metric', function () { - assert.equal( - recommendedTest_6_2_47({ - document: { - references: [ - { - category: 'self', - summary: 'The canonical URL for the CSAF document.', - url: 'https://example.com/.well-known/csaf/clear/2024/oasis_csaf_tc-csaf_2_1-2024-6-2-47-02.json', - }, - { url: 'https://some.other.url' }, - ], - tracking: { - id: 'OASIS_CSAF_TC-CSAF_2.1-2024-6-2-47-11', - }, - }, - vulnerabilities: [], - }).warnings.length, - 0 - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_48.js b/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_48.js deleted file mode 100644 index ed166ad..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_48.js +++ /dev/null @@ -1,30 +0,0 @@ -import assert from 'node:assert/strict' -import { recommendedTest_6_2_48 } from '../../csaf_2_1/recommendedTests/recommendedTest_6_2_48.js' - -describe('recommendedTest_6_2_48', function () { - it('only runs on relevant documents', function () { - assert.equal(recommendedTest_6_2_48({}).warnings.length, 0) - }) - - it('does not warn when product_tree has no branches', function () { - assert.equal( - recommendedTest_6_2_48({ product_tree: {} }).warnings.length, - 0 - ) - }) - - it('skips invalid child branches that do not pass schema validation', function () { - const result = recommendedTest_6_2_48({ - product_tree: { - branches: [ - { - category: 'vendor', - name: 'Open Source Company', - branches: [42, null], - }, - ], - }, - }) - assert.equal(result.warnings.length, 0) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_8.js b/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_8.js deleted file mode 100644 index 5a67c1f..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_8.js +++ /dev/null @@ -1,95 +0,0 @@ -import assert from 'node:assert' -import { recommendedTest_6_2_8 } from '../../csaf_2_1/recommendedTests.js' - -/** Helper: build a hash entry with the given algorithms */ -function makeHash(/** @type {string[]} */ algorithms) { - return { - file_hashes: algorithms.map((alg) => ({ algorithm: alg, value: 'aabbcc' })), - filename: 'product.so', - } -} - -describe('recommendedTest_6_2_8', function () { - it('only runs on relevant documents', function () { - assert.equal( - recommendedTest_6_2_8({ vulnerabilities: 'mydoc' }).warnings.length, - 0 - ) - }) - - it('warns when md5 is the only algorithm in branches', function () { - const doc = { - product_tree: { - branches: [ - { - category: 'vendor', - name: 'Vendor A', - branches: [ - { - category: 'product_name', - name: 'Product A', - product: { - product_id: 'CSAFPID-0001', - name: 'Vendor A Product A', - product_identification_helper: { - hashes: [makeHash(['md5', 'sha256'])], - }, - }, - }, - { - category: 'product_name', - name: 'Product B', - product: { - product_id: 'CSAFPID-0002', - name: 'Vendor A Product B', - product_identification_helper: { - hashes: [makeHash(['md5'])], - }, - }, - }, - ], - }, - ], - }, - } - const result = recommendedTest_6_2_8(doc) - assert.equal(result.warnings.length, 1) - assert.equal( - result.warnings[0].instancePath, - '/product_tree/branches/0/branches/1/product/product_identification_helper/hashes/0/file_hashes' - ) - }) - - it('warns when md5 is the only algorithm in product_paths', function () { - const doc = { - product_tree: { - product_paths: [ - { - full_product_name: { - name: 'Product A', - product_id: 'CSAFPID-0001', - product_identification_helper: { - hashes: [makeHash(['md5', 'sha256'])], - }, - }, - }, - { - full_product_name: { - name: 'Product B', - product_id: 'CSAFPID-0002', - product_identification_helper: { - hashes: [makeHash(['md5'])], - }, - }, - }, - ], - }, - } - const result = recommendedTest_6_2_8(doc) - assert.equal(result.warnings.length, 1) - assert.equal( - result.warnings[0].instancePath, - '/product_tree/product_paths/1/full_product_name/product_identification_helper/hashes/0/file_hashes' - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_9.js b/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_9.js deleted file mode 100644 index 6271ea9..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/recommendedTest_6_2_9.js +++ /dev/null @@ -1,95 +0,0 @@ -import assert from 'node:assert' -import { recommendedTest_6_2_9 } from '../../csaf_2_1/recommendedTests.js' - -/** Helper: build a hash entry with the given algorithms */ -function makeHash(/** @type {string[]} */ algorithms) { - return { - file_hashes: algorithms.map((alg) => ({ algorithm: alg, value: 'aabbcc' })), - filename: 'product.so', - } -} - -describe('recommendedTest_6_2_9', function () { - it('only runs on relevant documents', function () { - assert.equal( - recommendedTest_6_2_9({ vulnerabilities: 'mydoc' }).warnings.length, - 0 - ) - }) - - it('warns when sha1 is the only algorithm in branches', function () { - const doc = { - product_tree: { - branches: [ - { - category: 'vendor', - name: 'Vendor A', - branches: [ - { - category: 'product_name', - name: 'Product A', - product: { - product_id: 'CSAFPID-0001', - name: 'Vendor A Product A', - product_identification_helper: { - hashes: [makeHash(['sha1', 'sha256'])], - }, - }, - }, - { - category: 'product_name', - name: 'Product B', - product: { - product_id: 'CSAFPID-0002', - name: 'Vendor A Product B', - product_identification_helper: { - hashes: [makeHash(['sha1'])], - }, - }, - }, - ], - }, - ], - }, - } - const result = recommendedTest_6_2_9(doc) - assert.equal(result.warnings.length, 1) - assert.equal( - result.warnings[0].instancePath, - '/product_tree/branches/0/branches/1/product/product_identification_helper/hashes/0/file_hashes' - ) - }) - - it('warns when sha1 is the only algorithm in product_paths', function () { - const doc = { - product_tree: { - product_paths: [ - { - full_product_name: { - name: 'Product A', - product_id: 'CSAFPID-0001', - product_identification_helper: { - hashes: [makeHash(['sha1', 'sha256'])], - }, - }, - }, - { - full_product_name: { - name: 'Product B', - product_id: 'CSAFPID-0002', - product_identification_helper: { - hashes: [makeHash(['sha1'])], - }, - }, - }, - ], - }, - } - const result = recommendedTest_6_2_9(doc) - assert.equal(result.warnings.length, 1) - assert.equal( - result.warnings[0].instancePath, - '/product_tree/product_paths/1/full_product_name/product_identification_helper/hashes/0/file_hashes' - ) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/schemaTests.js b/csaf-validator-lib/tests/csaf_2_1/schemaTests.js deleted file mode 100644 index 48ec849..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/schemaTests.js +++ /dev/null @@ -1,45 +0,0 @@ -import assert from 'node:assert/strict' -import { csaf_2_1, csaf_2_1_strict } from '../../csaf_2_1/schemaTests.js' - -const minimalValidDocument = { - $schema: 'https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json', - document: { - title: 'Basic CSAF document', - csaf_version: '2.1', - category: 'csaf_base', - distribution: { - tlp: { label: 'AMBER' }, - }, - publisher: { - name: 'Some publisher', - namespace: 'https://example.com', - category: 'coordinator', - }, - tracking: { - id: 'some-id', - initial_release_date: '2025-02-18T14:37:32.671Z', - current_release_date: '2025-06-18T14:37:32.671Z', - revision_history: [ - { - date: '2025-02-18T14:37:32.671Z', - number: '1', - summary: 'Initial release', - }, - ], - version: '1', - status: 'draft', - }, - }, -} - -describe('csaf_2_1_strict', function () { - it('validates a basic document', function () { - assert.ok(csaf_2_1_strict(minimalValidDocument).isValid) - }) -}) - -describe('csaf_2_1', function () { - it('validates a basic document', function () { - assert.ok(csaf_2_1(minimalValidDocument).isValid) - }) -}) diff --git a/csaf-validator-lib/tests/csaf_2_1/shared/csafDocHelper.js b/csaf-validator-lib/tests/csaf_2_1/shared/csafDocHelper.js deleted file mode 100644 index 359e4e1..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/shared/csafDocHelper.js +++ /dev/null @@ -1,54 +0,0 @@ -/** - * @param {string} productId - * @param {string} name - */ -export function productTreeWithFullProductName(productId, name) { - return { - full_product_names: [ - { - product_id: productId, - name: name, - }, - ], - } -} - -/** - * @param {number} baseSCore - * @param {string} vectorString - * @param {string[]} products - */ -export function cvssV31Content(baseSCore, vectorString, products) { - return { - content: { - cvss_v3: { - version: '3.1', - vectorString: vectorString, - baseScore: baseSCore, - baseSeverity: severityFromScore(baseSCore), - }, - }, - products: products, - } -} - -/** - * @param {number} score - * @return {string} - */ -export function severityFromScore(score) { - if (score >= 9.0) { - return 'CRITICAL' - } - if (score >= 7.0) { - return 'HIGH' - } - if (score >= 4.0) { - return 'MEDIUM' - } - if (score >= 0.1) { - return 'LOW' - } else { - return 'NONE' - } -} diff --git a/csaf-validator-lib/tests/csaf_2_1/shared/minimalDoc.js b/csaf-validator-lib/tests/csaf_2_1/shared/minimalDoc.js deleted file mode 100644 index 560aecd..0000000 --- a/csaf-validator-lib/tests/csaf_2_1/shared/minimalDoc.js +++ /dev/null @@ -1,40 +0,0 @@ -export default { - $schema: 'https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json', - document: { - category: 'Test Report', - csaf_version: '2.1', - title: 'Minimal valid', - lang: 'en', - distribution: { - tlp: { - label: 'AMBER', - }, - }, - publisher: { - category: 'other', - name: 'Secvisogram Automated Tester', - namespace: 'https://github.com/secvisogram/secvisogram', - }, - references: [ - { - category: 'self', - summary: 'A non-canonical URL.', - url: 'https://example.com/security/data/csaf/2021/my-thing-_10.json', - }, - ], - tracking: { - current_release_date: '2021-01-14T00:00:00.000Z', - id: 'My-Thing-.10', - initial_release_date: '2021-01-14T00:00:00.000Z', - revision_history: [ - { - number: '1', - date: '2021-01-14T00:00:00.000Z', - summary: 'Summary', - }, - ], - status: 'draft', - version: '1', - }, - }, -} diff --git a/csaf-validator-lib/tests/cvss4.js b/csaf-validator-lib/tests/cvss4.js deleted file mode 100644 index 9b6ab7f..0000000 --- a/csaf-validator-lib/tests/cvss4.js +++ /dev/null @@ -1,228 +0,0 @@ -import { - calculateCvss4_0_Score, - Cvss4JsonWrapper, -} from '../lib/shared/cvss4.js' -import { expect } from 'chai' -import assert from 'node:assert' - -describe('CVSS4Attribute', () => { - describe('CVSSMetrics', () => { - it('4.0 empty metric', () => { - const wrapper = new Cvss4JsonWrapper({}) - - const data = wrapper.data - expect(data.baseScore).to.equal(0) - expect(data.baseSeverity).to.equal('NONE') - expect(data.environmentalScore).to.equal(0) - expect(data.environmentalSeverity).to.equal('NONE') - expect(data.threatScore).to.equal(0) - expect(data.threatSeverity).to.equal('NONE') - }) - - it('4.0 metrics can be calculated', () => { - const wrapper = new Cvss4JsonWrapper({ - attackVector: 'PHYSICAL', - attackComplexity: 'HIGH', - privilegesRequired: 'HIGH', - userInteraction: 'ACTIVE', - scope: 'UNCHANGED', - vulnConfidentialityImpact: 'HIGH', - }) - - const data = wrapper.data - expect(data.baseScore).to.equal(4.1) - expect(data.baseSeverity).to.equal('MEDIUM') - expect(data.environmentalScore).to.equal(4.1) - expect(data.environmentalSeverity).to.equal('MEDIUM') - expect(data.threatScore).to.equal(4.1) - expect(data.threatSeverity).to.equal('MEDIUM') - }) - - it('4.0 set metrics by fields', () => { - const wrapper = new Cvss4JsonWrapper({}) - .set('attackVector', 'PHYSICAL') - .set('attackComplexity', 'HIGH') - .set('privilegesRequired', 'HIGH') - .set('userInteraction', 'ACTIVE') - .set('scope', 'UNCHANGED') - .set('vulnConfidentialityImpact', 'HIGH') - - const data = wrapper.data - expect(data.baseScore).to.equal(4.1) - expect(data.baseSeverity).to.equal('MEDIUM') - expect(data.environmentalScore).to.equal(4.1) - expect(data.environmentalSeverity).to.equal('MEDIUM') - expect(data.threatScore).to.equal(4.1) - expect(data.threatSeverity).to.equal('MEDIUM') - }) - - it('Metrics can be updated from a partly 4.0 vector-string', () => { - const vector = new Cvss4JsonWrapper({ - vulnAvailabilityImpact: 'NONE', - }) - vector.updateFromVectorString( - 'CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/CR:L' - ) - - expect(vector.data).to.contain({ - version: '4.0', - attackVector: 'PHYSICAL', - attackComplexity: 'LOW', - attackRequirements: 'NONE', - privilegesRequired: 'HIGH', - userInteraction: 'ACTIVE', - vulnConfidentialityImpact: 'NONE', - vulnIntegrityImpact: 'NONE', - vulnAvailabilityImpact: 'NONE', - subConfidentialityImpact: 'NONE', - subIntegrityImpact: 'NONE', - subAvailabilityImpact: 'NONE', - - Safety: 'NOT_DEFINED', - Automatable: 'NOT_DEFINED', - Recovery: 'NOT_DEFINED', - valueDensity: 'NOT_DEFINED', - vulnerabilityResponseEffort: 'NOT_DEFINED', - providerUrgency: 'NOT_DEFINED', - - modifiedAttackVector: 'NOT_DEFINED', - modifiedAttackComplexity: 'NOT_DEFINED', - modifiedAttackRequirements: 'NOT_DEFINED', - modifiedPrivilegesRequired: 'NOT_DEFINED', - modifiedUserInteraction: 'NOT_DEFINED', - - modifiedVulnConfidentialityImpact: 'NOT_DEFINED', - modifiedVulnIntegrityImpact: 'NOT_DEFINED', - modifiedVulnAvailabilityImpact: 'NOT_DEFINED', - - modifiedSubConfidentialityImpact: 'NOT_DEFINED', - modifiedSubIntegrityImpact: 'NOT_DEFINED', - modifiedSubAvailabilityImpact: 'NOT_DEFINED', - - confidentialityRequirement: 'LOW', - integrityRequirement: 'NOT_DEFINED', - availabilityRequirement: 'NOT_DEFINED', - - exploitMaturity: 'NOT_DEFINED', - }) - }) - - it('Metrics can be updated from a complete 4.0 vector-string', () => { - const vector = new Cvss4JsonWrapper({ - vulnAvailabilityImpact: 'NONE', - }) - vector.updateFromVectorString( - 'CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:P/CR:H/IR:M/AR:L/MAV:N/MAC:L/MAT:P/MPR:L/MUI:N/MVC:H/MVI:L/MVA:N/MSC:H/MSI:L/MSA:N/AU:N/R:U/V:D/RE:M/U:Green' - ) - - expect(vector.data).to.contain({ - version: '4.0', - attackVector: 'LOCAL', - attackComplexity: 'HIGH', - attackRequirements: 'PRESENT', - privilegesRequired: 'HIGH', - userInteraction: 'PASSIVE', - - vulnConfidentialityImpact: 'LOW', - vulnIntegrityImpact: 'HIGH', - vulnAvailabilityImpact: 'LOW', - - subConfidentialityImpact: 'LOW', - subIntegrityImpact: 'HIGH', - subAvailabilityImpact: 'LOW', - - Safety: 'NOT_DEFINED', - Automatable: 'NO', - Recovery: 'USER', - valueDensity: 'DIFFUSE', - vulnerabilityResponseEffort: 'MODERATE', - providerUrgency: 'GREEN', - - modifiedAttackVector: 'NETWORK', - modifiedAttackComplexity: 'LOW', - modifiedAttackRequirements: 'PRESENT', - modifiedPrivilegesRequired: 'LOW', - modifiedUserInteraction: 'NONE', - - modifiedVulnConfidentialityImpact: 'HIGH', - modifiedVulnIntegrityImpact: 'LOW', - modifiedVulnAvailabilityImpact: 'NONE', - - modifiedSubConfidentialityImpact: 'HIGH', - modifiedSubIntegrityImpact: 'LOW', - modifiedSubAvailabilityImpact: 'NEGLIGIBLE', - - confidentialityRequirement: 'HIGH', - integrityRequirement: 'MEDIUM', - availabilityRequirement: 'LOW', - - exploitMaturity: 'PROOF_OF_CONCEPT', - }) - }) - - it('Updating from an invalid vector-string clears all fields', () => { - const vector = new Cvss4JsonWrapper({ - vulnAvailabilityImpact: 'NONE', - attackVector: '', - attackComplexity: '', - privilegesRequired: '', - userInteraction: '', - scope: '', - vulnConfidentialityImpact: '', - vulnIntegrityImpact: '', - }) - // C is an invalid metric shortcut - vector.updateFromVectorString('CVSS:4.0/AV:N/AC:L/PR:L/UI:N/C:H') - - expect(vector.data).to.contain({ - vectorString: 'CVSS:4.0/AV:N/AC:L/PR:L/UI:N/C:H', - version: '4.0', - attackVector: '', - attackComplexity: '', - privilegesRequired: '', - userInteraction: '', - scope: '', - vulnConfidentialityImpact: '', - vulnIntegrityImpact: '', - vulnAvailabilityImpact: '', - }) - }) - - it('Updating from an invalid vector-string, fix vector string after set field', () => { - const vector = new Cvss4JsonWrapper({ - vulnAvailabilityImpact: 'NONE', - attackVector: '', - attackComplexity: '', - privilegesRequired: '', - userInteraction: '', - scope: '', - vulnConfidentialityImpact: '', - vulnIntegrityImpact: '', - }) - - vector.updateFromVectorString('1') - - expect(vector.data.vectorString).to.equal('1') - vector.set('vulnConfidentialityImpact', 'HIGH') - expect(vector.data.vectorString).to.equal( - 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N' - ) - }) - - it('Calculate score', () => { - const score = calculateCvss4_0_Score( - 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P' - ) - - assert.equal(score[0].scoreJsonName, 'baseScore') - assert.equal(score[0].severityJsonName, 'baseSeverity') - assert.equal(score[0].score, 10) - assert.equal(score[1].scoreJsonName, 'threatScore') - assert.equal(score[1].severityJsonName, 'threatSeverity') - assert.equal(score[1].score, 9.3) - assert.equal(score[2].scoreJsonName, 'environmentalScore') - assert.equal(score[2].severityJsonName, 'environmentalSeverity') - assert.equal(score[2].score, 10) - }) - }) -}) diff --git a/csaf-validator-lib/tests/cwe.js b/csaf-validator-lib/tests/cwe.js deleted file mode 100644 index 3e4311a..0000000 --- a/csaf-validator-lib/tests/cwe.js +++ /dev/null @@ -1,9 +0,0 @@ -import { expect } from 'chai' -import * as cwe from '../cwe.js' -import cweCatalogue from '../lib/shared/cwec.js' - -describe('cwe', function () { - it('exports all cwe weaknesses', function () { - expect(cwe.weaknesses).to.deep.equal(cweCatalogue.weaknesses) - }) -}) diff --git a/csaf-validator-lib/tests/dateHelper.js b/csaf-validator-lib/tests/dateHelper.js deleted file mode 100644 index d22daf3..0000000 --- a/csaf-validator-lib/tests/dateHelper.js +++ /dev/null @@ -1,32 +0,0 @@ -import { expect } from 'chai' -import { compareZonedDateTimes } from '../lib/shared/dateHelper.js' - -describe('dateHelper', function () { - const date1 = '2023-11-06T13:00:00.000Z' - const date2 = '2023-12-04T11:00:00.000Z' - const invalidDate = '2023-12-04T11:00:00.000' - - it('equal dates', function () { - expect(compareZonedDateTimes(date1, date1)).to.be.eq(0) - }) - - it('second date newer', function () { - expect(compareZonedDateTimes(date1, date2)).to.be.eq(-1) - }) - - it('first date newer', function () { - expect(compareZonedDateTimes(date2, date1)).to.be.eq(1) - }) - - it('first date invalid', function () { - expect(compareZonedDateTimes(invalidDate, date1)).to.be.eq(0) - }) - - it('second date invalid', function () { - expect(compareZonedDateTimes(date1, invalidDate)).to.be.eq(0) - }) - - it('both dates invalid', function () { - expect(compareZonedDateTimes(invalidDate, invalidDate)).to.be.eq(0) - }) -}) diff --git a/csaf-validator-lib/tests/dicts/csaf_words.txt b/csaf-validator-lib/tests/dicts/csaf_words.txt deleted file mode 100644 index 20192e4..0000000 --- a/csaf-validator-lib/tests/dicts/csaf_words.txt +++ /dev/null @@ -1,2 +0,0 @@ -CSAF -XYZ diff --git a/csaf-validator-lib/tests/dicts/en.aff b/csaf-validator-lib/tests/dicts/en.aff deleted file mode 100644 index 9e7cb1e..0000000 --- a/csaf-validator-lib/tests/dicts/en.aff +++ /dev/null @@ -1,205 +0,0 @@ -SET UTF-8 -TRY esianrtolcdugmphbyfvkwzESIANRTOLCDUGMPHBYFVKWZ' -ICONV 1 -ICONV ’ ' -NOSUGGEST ! - -# ordinal numbers -COMPOUNDMIN 1 -# only in compounds: 1th, 2th, 3th -ONLYINCOMPOUND c -# compound rules: -# 1. [0-9]*1[0-9]th (10th, 11th, 12th, 56714th, etc.) -# 2. [0-9]*[02-9](1st|2nd|3rd|[4-9]th) (21st, 22nd, 123rd, 1234th, etc.) -COMPOUNDRULE 2 -COMPOUNDRULE n*1t -COMPOUNDRULE n*mp -WORDCHARS 0123456789 - -PFX A Y 1 -PFX A 0 re . - -PFX I Y 1 -PFX I 0 in . - -PFX U Y 1 -PFX U 0 un . - -PFX C Y 1 -PFX C 0 de . - -PFX E Y 1 -PFX E 0 dis . - -PFX F Y 1 -PFX F 0 con . - -PFX K Y 1 -PFX K 0 pro . - -SFX V N 2 -SFX V e ive e -SFX V 0 ive [^e] - -SFX N Y 3 -SFX N e ion e -SFX N y ication y -SFX N 0 en [^ey] - -SFX X Y 3 -SFX X e ions e -SFX X y ications y -SFX X 0 ens [^ey] - -SFX H N 2 -SFX H y ieth y -SFX H 0 th [^y] - -SFX Y Y 1 -SFX Y 0 ly . - -SFX G Y 2 -SFX G e ing e -SFX G 0 ing [^e] - -SFX J Y 2 -SFX J e ings e -SFX J 0 ings [^e] - -SFX D Y 4 -SFX D 0 d e -SFX D y ied [^aeiou]y -SFX D 0 ed [^ey] -SFX D 0 ed [aeiou]y - -SFX T N 4 -SFX T 0 st e -SFX T y iest [^aeiou]y -SFX T 0 est [aeiou]y -SFX T 0 est [^ey] - -SFX R Y 4 -SFX R 0 r e -SFX R y ier [^aeiou]y -SFX R 0 er [aeiou]y -SFX R 0 er [^ey] - -SFX Z Y 4 -SFX Z 0 rs e -SFX Z y iers [^aeiou]y -SFX Z 0 ers [aeiou]y -SFX Z 0 ers [^ey] - -SFX S Y 4 -SFX S y ies [^aeiou]y -SFX S 0 s [aeiou]y -SFX S 0 es [sxzh] -SFX S 0 s [^sxzhy] - -SFX P Y 3 -SFX P y iness [^aeiou]y -SFX P 0 ness [aeiou]y -SFX P 0 ness [^y] - -SFX M Y 1 -SFX M 0 's . - -SFX B Y 3 -SFX B 0 able [^aeiou] -SFX B 0 able ee -SFX B e able [^aeiou]e - -SFX L Y 1 -SFX L 0 ment . - -REP 90 -REP a ei -REP ei a -REP a ey -REP ey a -REP ai ie -REP ie ai -REP alot a_lot -REP are air -REP are ear -REP are eir -REP air are -REP air ere -REP ere air -REP ere ear -REP ere eir -REP ear are -REP ear air -REP ear ere -REP eir are -REP eir ere -REP ch te -REP te ch -REP ch ti -REP ti ch -REP ch tu -REP tu ch -REP ch s -REP s ch -REP ch k -REP k ch -REP f ph -REP ph f -REP gh f -REP f gh -REP i igh -REP igh i -REP i uy -REP uy i -REP i ee -REP ee i -REP j di -REP di j -REP j gg -REP gg j -REP j ge -REP ge j -REP s ti -REP ti s -REP s ci -REP ci s -REP k cc -REP cc k -REP k qu -REP qu k -REP kw qu -REP o eau -REP eau o -REP o ew -REP ew o -REP oo ew -REP ew oo -REP ew ui -REP ui ew -REP oo ui -REP ui oo -REP ew u -REP u ew -REP oo u -REP u oo -REP u oe -REP oe u -REP u ieu -REP ieu u -REP ue ew -REP ew ue -REP uff ough -REP oo ieu -REP ieu oo -REP ier ear -REP ear ier -REP ear air -REP air ear -REP w qu -REP qu w -REP z ss -REP ss z -REP shun tion -REP shun sion -REP shun cion -REP size cise diff --git a/csaf-validator-lib/tests/dicts/en.dic b/csaf-validator-lib/tests/dicts/en.dic deleted file mode 100644 index b41fd20..0000000 --- a/csaf-validator-lib/tests/dicts/en.dic +++ /dev/null @@ -1,49569 +0,0 @@ -49568 -0/nm -0th/pt -1/n1 -1st/p -1th/tc -2/nm -2nd/p -2th/tc -3/nm -3rd/p -3th/tc -4/nm -4th/pt -5/nm -5th/pt -6/nm -6th/pt -7/nm -7th/pt -8/nm -8th/pt -9/nm -9th/pt -A/SM -AA/M -AAA -AB/M -ABA -ABC/SM -ABM/SM -ABS -AC/M -ACLU/M -ACT -ACTH/M -AD/M -ADC -ADD -ADM -ADP/M -AF -AFAIK -AFB -AFC/M -AFDC -AFN -AFT -AI/SM -AIDS/M -AK -AL -AM/M -AMA -AMD/M -ANSI/S -ANZUS/M -AOL/M -AP/M -APB -APC -API -APO -APR -AR -ARC -ASAP -ASCII/SM -ASL/M -ASPCA -ATM/M -ATP/M -ATV -AV -AVI -AWACS/M -AWOL/M -AWS/M -AZ/M -AZT/M -Aachen/M -Aaliyah/M -Aaron/M -Abbas/M -Abbasid/M -Abbott/M -Abby/M -Abdul/M -Abe/M -Abel/M -Abelard/M -Abelson/M -Aberdeen/M -Abernathy/M -Abidjan/M -Abigail/M -Abilene/M -Abner/M -Aborigine/MS -Abraham/M -Abram/MS -Abrams/M -Absalom/M -Abuja/M -Abyssinia/M -Abyssinian/M -Ac/M -Acadia/M -Acapulco/M -Accenture/M -Accra/M -Acevedo/M -Achaean/M -Achebe/M -Achernar/M -Acheson/M -Achilles/M -Aconcagua/M -Acosta/M -Acropolis -Acrux/M -Actaeon/M -Acton/M -Acts/M -Acuff/M -Ada/SM -Adam/SM -Adams/M -Adan/M -Adana/M -Adar/M -Addams/M -Adderley/M -Addie/M -Addison/M -Adela/M -Adelaide/M -Adele/M -Adeline/M -Aden/M -Adenauer/M -Adhara/M -Adidas/M -Adirondack/SM -Adirondacks/M -Adkins/M -Adler/M -Adm -Admiralty -Adolf/M -Adolfo/M -Adolph/M -Adonis/MS -Adrenalin/MS -Adrian/M -Adriana/M -Adriatic/M -Adrienne/M -Advent/MS -Adventist/MS -Advil/M -Aegean/M -Aelfric/M -Aeneas/M -Aeneid/M -Aeolus/M -Aeroflot/M -Aeschylus/M -Aesculapius/M -Aesop/M -Afghan/SM -Afghani/M -Afghanistan/M -Afr -Africa/M -African/SM -Afrikaans/M -Afrikaner/SM -Afro/SM -Afrocentric -Afrocentrism/M -Ag/M -Agamemnon/M -Agana -Agassi/M -Agassiz/M -Agatha/M -Aggie/M -Aglaia/M -Agnes/M -Agnew/M -Agni/M -Agra/M -Agricola/M -Agrippa/M -Agrippina/M -Aguadilla/M -Aguascalientes -Aguilar/M -Aguinaldo/M -Aguirre/M -Agustin/M -Ahab/M -Ahmad/M -Ahmadabad/M -Ahmadinejad/M -Ahmed/M -Ahriman/M -Aida/M -Aiken/M -Aileen/M -Aimee/M -Ainu/M -Airedale/MS -Aires/M -Aisha/M -Ajax/M -Akbar/M -Akhmatova/M -Akihito/M -Akita/M -Akiva/M -Akkad/M -Akron/M -Al/M -Ala/S -Alabama/M -Alabaman/MS -Alabamian/SM -Aladdin/M -Alamo/M -Alamogordo/M -Alan/M -Alana/M -Alar/M -Alaric/M -Alaska/M -Alaskan/MS -Alba/M -Albania/M -Albanian/MS -Albany/M -Albee/M -Alberio/M -Albert/M -Alberta/M -Albertan -Alberto/M -Albigensian/M -Albion/M -Albireo/M -Albuquerque/M -Alcatraz/M -Alcestis/M -Alcibiades/M -Alcindor/M -Alcmena/M -Alcoa/M -Alcott/M -Alcuin/M -Alcyone/M -Aldan/M -Aldebaran/M -Alden/M -Alderamin/M -Aldo/M -Aldrin/M -Alec/M -Aleichem/M -Alejandra/M -Alejandro/M -Alembert/M -Aleppo/M -Aleut/MS -Aleutian/SM -Alex/M -Alexander/MS -Alexandra/M -Alexandria/M -Alexandrian -Alexei/M -Alexis/M -Alfonso/M -Alfonzo/M -Alford/M -Alfred/M -Alfreda/M -Alfredo/M -Algenib/M -Alger/M -Algeria/M -Algerian/SM -Algieba/M -Algiers/M -Algol/M -Algonquian/SM -Algonquin/MS -Alhambra/M -Alhena/M -Ali/M -Alice/M -Alicia/M -Alighieri/M -Aline/M -Alioth/M -Alisa/M -Alisha/M -Alison/M -Alissa/M -Alistair/M -Alkaid/M -Allah/M -Allahabad/M -Allan/M -Alleghenies/M -Allegheny/SM -Allegra/M -Allen/M -Allende/M -Allentown/M -Allhallows/M -Allie/MS -Allison/M -Allstate/M -Allyson/M -Alma/M -Almach/M -Almaty/M -Almighty/M -Almohad/M -Almoravid/M -Alnilam/M -Alnitak/M -Alonzo/M -Alpert/M -Alphard/M -Alphecca/M -Alpheratz/M -Alphonse/M -Alphonso/M -Alpine/M -Alpo/M -Alps/M -Alsace/M -Alsatian/SM -Alsop/M -Alston/M -Alta/M -Altaba/M -Altai/M -Altaic/M -Altair/M -Altamira/M -Althea/M -Altiplano/M -Altman/M -Altoids/M -Alton/M -Altoona/M -Aludra/M -Alva/M -Alvarado/M -Alvarez/M -Alvaro/M -Alvin/M -Alyce/M -Alyson/M -Alyssa/M -Alzheimer/M -Am/MNR -Amadeus/M -Amado/M -Amalia/M -Amanda/M -Amarillo/M -Amaru/M -Amaterasu/M -Amati/M -Amazon/SM -Amazonian -Amber/M -Amelia/M -Amen/M -Amenhotep/M -Amerasian/M -America/SM -American/MS -Americana/M -Americanism/MS -Americanization/MS -Americanize/GDS -Amerind/SM -Amerindian/MS -Ames/M -Ameslan/M -Amgen/M -Amharic/M -Amherst/M -Amie/M -Amiga/M -Amish/M -Amman/M -Amoco/M -Amos/M -Amparo/M -Ampere/M -Amritsar/M -Amsterdam/M -Amtrak/M -Amundsen/M -Amur/M -Amway/M -Amy/M -Ana/M -Anabaptist/M -Anabel/M -Anacin/M -Anacreon/M -Anaheim/M -Analects/M -Ananias/M -Anasazi/M -Anastasia/M -Anatole/M -Anatolia/M -Anatolian/M -Anaxagoras/M -Anchorage/M -Andalusia/M -Andalusian/M -Andaman/M -Andean/M -Andersen/M -Anderson/M -Andes/M -Andorra/M -Andorran/SM -Andre/MS -Andrea/M -Andrei/M -Andres/M -Andretti/M -Andrew/SM -Andrews/M -Andrianampoinimerina/M -Android/M -Andromache/M -Andromeda/M -Andropov/M -Andy/M -Angara/M -Angel/M -Angela/M -Angeles/M -Angelia/M -Angelica/M -Angelico/M -Angelina/M -Angeline/M -Angelique/M -Angelita/M -Angelo/M -Angelou/M -Angevin/M -Angie/M -Angkor/M -Angle/MS -Angleton/M -Anglia/M -Anglican/SM -Anglicanism/MS -Anglicism/MS -Anglicization -Anglicize -Anglo/M -Anglophile/M -Anglophobe -Angola/M -Angolan/MS -Angora/SM -Angstrom/M -Anguilla/M -Angus/M -Anhui/M -Aniakchak/M -Anibal/M -Anita/M -Ankara/M -Ann/M -Anna/M -Annabel/M -Annabelle/M -Annam/M -Annapolis/M -Annapurna/M -Anne/M -Annette/M -Annie/M -Anniston/M -Annmarie/M -Annunciation/SM -Anouilh/M -Anselm/M -Anselmo/M -Anshan/M -Antaeus/M -Antananarivo/M -Antarctic/M -Antarctica/M -Antares/M -Anthony/M -Anthropocene -Antichrist/SM -Antietam/M -Antifa/M -Antigone/M -Antigua/M -Antillean -Antilles/M -Antioch/M -Antipas/M -Antipodes -Antofagasta/M -Antoine/M -Antoinette/M -Anton/M -Antone/M -Antonia/M -Antoninus/M -Antonio/M -Antonius/M -Antony/M -Antwan/M -Antwerp/M -Anubis/M -Anzac/M -Apache/SM -Apalachicola/M -Apatosaurus -Apennines/M -Aphrodite/M -Apia/M -Apocalypse/M -Apocrypha/M -Apollinaire/M -Apollo/SM -Apollonian/M -Apostle/M -Appalachia/M -Appalachian/SM -Appalachians/M -Appaloosa/SM -Apple/M -Appleseed/M -Appleton/M -Appomattox/M -Apr/M -April/MS -Apuleius/M -Aquafresh/M -Aquarian -Aquarius/MS -Aquila/M -Aquinas/M -Aquino/M -Aquitaine/M -Ar/M -Ara/M -Arab/SM -Arabia/M -Arabian/MS -Arabic/M -Arabist/MS -Araby/M -Araceli/M -Arafat/M -Aragon -Araguaya/M -Aral/M -Aramaic/M -Aramco/M -Arapaho/MS -Arapahoes -Ararat/M -Araucanian/M -Arawak/M -Arawakan/M -Arbitron/M -Arcadia/M -Arcadian/M -Archean/M -Archibald/M -Archie/M -Archimedes/M -Arctic/M -Arcturus/M -Ardabil -Arden/M -Arduino/M -Arecibo/M -Arequipa/M -Ares/M -Argentina/M -Argentine/M -Argentinean -Argentinian/MS -Argo/SM -Argonaut/MS -Argonne/M -Argos/M -Argus/M -Ariadne/M -Arianism/M -Ariel/M -Aries/MS -Ariosto/M -Aristarchus/M -Aristides/M -Aristophanes/M -Aristotelian/M -Aristotle/M -Arius/M -Ariz -Arizona/M -Arizonan/SM -Arizonian/MS -Arjuna/M -Ark/M -Arkansan/MS -Arkansas/M -Arkhangelsk/M -Arkwright/M -Arlene/M -Arline/M -Arlington/M -Armageddon/SM -Armagnac/M -Armand/M -Armando/M -Armani/M -Armenia/M -Armenian/SM -Arminius/M -Armonk/M -Armour/M -Armstrong/M -Arneb/M -Arnhem/M -Arno/M -Arnold/M -Arnulfo/M -Aron/M -Arrhenius/M -Arron/M -Art/M -Artaxerxes/M -Artemis/M -Arthur/M -Arthurian/M -Artie/M -Arturo/M -Aruba/M -Aryan/MS -As/M -Asama/M -Ascella/M -Ascension/M -Asgard/M -Ashanti/M -Ashcroft/M -Ashe/M -Asheville/M -Ashgabat -Ashikaga/M -Ashkenazim/M -Ashkhabad/M -Ashlee/M -Ashley/M -Ashmolean/M -Ashurbanipal/M -Asia/M -Asiago -Asian/MS -Asiatic/SM -Asimov/M -Asmara/M -Asoka/M -Aspell/M -Aspen/M -Asperger/M -Aspidiske/M -Asquith/M -Assad/M -Assam/M -Assamese/M -Assembly -Assisi/M -Assyria/M -Assyrian/SM -Astaire/M -Astana/M -Astarte/M -Aston/M -Astor/M -Astoria/M -Astrakhan/M -AstroTurf/M -Asturias/M -Asuncion/M -Aswan/M -At/SM -Atacama/M -Atahualpa/M -Atalanta/M -Atari/M -Atascadero/M -Ataturk/M -Athabasca/M -Athabaskan/SM -Athanasius -Athena/M -Athene/M -Athenian/SM -Athens/M -Atkins/M -Atkinson/M -Atlanta/M -Atlantes -Atlantic/M -Atlantis/M -Atlas/MS -Atman/M -Atonement -Atreus/M -Atria/M -Atropos/M -Attic/M -Attica/M -Attila/M -Attlee/M -Attn -Attucks/M -Atwood/M -Au/M -Aubrey/M -Auburn/M -Auckland/M -Auden/M -Audi/M -Audion/M -Audra/M -Audrey/M -Audubon/M -Aug/M -Augean/M -Augsburg/M -August/MS -Augusta/M -Augustan/M -Augustine/M -Augustinian/MS -Augustus/M -Aurangzeb/M -Aurelia/M -Aurelio/M -Aurelius/M -Aureomycin/M -Auriga/M -Aurora/M -Auschwitz/M -Aussie/MS -Austen/M -Austerlitz/M -Austin/MS -Australasia/M -Australasian -Australia/M -Australian/SM -Australoid/M -Australopithecus/M -Austria/M -Austrian/SM -Austronesian/M -Autumn/M -Av/M -Ava/M -Avalon/M -Ave/M -Aventine/M -Avernus/M -Averroes/M -Avery/M -Avesta/M -Avicenna/M -Avignon/M -Avila/M -Avior/M -Avis/M -Avogadro/M -Avon/M -Avondale/M -Axis -Axum/M -Ayala/M -Ayers/M -Aymara/M -Ayrshire/M -Ayurveda/M -Ayyubid/M -Azana/M -Azania/M -Azazel/M -Azerbaijan/M -Azerbaijani/MS -Azores/M -Azov/M -Aztec/SM -Aztecan/M -Aztlan/M -B/MNT -BA/M -BASIC/SM -BB/M -BBB/M -BBC/M -BBQ -BBS -BBSes -BC/M -BFF -BIA -BIOS -BITNET -BLT/SM -BM/M -BMW/M -BO -BP/M -BPOE -BR -BS/M -BSA -BSD/SM -BTU -BTW -BYOB -Ba/M -Baal/SM -Baath/M -Baathist/M -Babbage/M -Babbitt/M -Babel/MS -Babylon/MS -Babylonia/M -Babylonian/SM -Bacall/M -Bacardi/M -Bacchanalia/M -Bacchic -Bacchus/M -Bach/M -Backus/M -Bacon/M -Bactria/M -Baden/M -Badlands/M -Baedeker/MS -Baez/M -Baffin/M -Baggies/M -Baghdad/M -Baguio/M -Baha'i/M -Baha'ullah/M -Bahama/SM -Bahamanian -Bahamas/M -Bahamian/MS -Bahia/M -Bahrain/M -Baidu/M -Baikal/M -Bailey/M -Baird/M -Bakelite/M -Baker/M -Bakersfield/M -Baku/M -Bakunin/M -Balanchine/M -Balaton/M -Balboa/M -Balder/M -Baldwin/SM -Balearic/M -Balfour/M -Bali/M -Balinese/M -Balkan/MS -Balkans/M -Balkhash/M -Ball/M -Ballard/M -Balthazar/M -Baltic/M -Baltimore/M -Baluchistan/M -Balzac/M -Bamako/M -Bambi/M -Banach/M -Bancroft/M -Bandung/M -Bangalore/M -Bangkok/M -Bangladesh/M -Bangladeshi/SM -Bangor/M -Bangui/M -Banjarmasin/M -Banjul/M -Banks/M -Banneker/M -Bannister/M -Banting/M -Bantu/MS -Baotou/M -Baptist/SM -Baptiste/M -Barabbas/M -Barack/M -Barbadian/SM -Barbados/M -Barbara/M -Barbarella/M -Barbarossa/M -Barbary/M -Barber/M -Barbie/M -Barbour/M -Barbra/M -Barbuda/M -Barcelona/M -Barceloneta/M -Barclay/SM -Barclays/M -Bardeen/M -Barents/M -Barker/M -Barkley/M -Barlow/M -Barnabas/M -Barnaby/M -Barnard/M -Barnaul/M -Barnes/M -Barnett/M -Barney/M -Barnum/M -Baroda/M -Barquisimeto/M -Barr/M -Barranquilla/M -Barrera/M -Barrett/M -Barrie/M -Barron/M -Barry/M -Barrymore/M -Bart/M -Barth/MS -Bartholdi/M -Bartholomew/M -Bartlett/M -Bartok/M -Barton/M -Baruch/M -Baryshnikov/M -Basel/M -Basho/M -Basie/M -Basil/M -Basque/MS -Basra/M -Bass/M -Basseterre/M -Bastille/M -Basutoland/M -Bataan/M -Bates/M -Bathsheba/M -Batista/M -Batman/M -Battle/M -Batu/M -Baudelaire/M -Baudouin/M -Baudrillard/M -Bauer/M -Bauhaus/M -Baum/M -Bavaria/M -Bavarian/M -Baxter/M -Bayamon -Bayer/M -Bayes/M -Bayesian/M -Bayeux/M -Baylor/M -Bayonne/M -Bayreuth/M -Baywatch/M -Be/MH -Beach/M -Beadle/M -Bean/M -Beard/M -Beardmore/M -Beardsley/M -Bearnaise/M -Beasley/M -Beatlemania/M -Beatles/M -Beatrice/M -Beatrix/M -Beatriz/M -Beatty/M -Beau/M -Beaufort/M -Beaujolais/M -Beaumarchais/M -Beaumont/M -Beauregard/M -Beauvoir/M -Bechtel/M -Beck/MR -Becker/M -Becket/M -Beckett/M -Beckley/M -Beckman -Becky/M -Becquerel/M -Bede/M -Bedouin/SM -Beebe/M -Beecher/M -Beefaroni/M -Beelzebub/M -Beerbohm/M -Beethoven/M -Beeton/M -Begin/M -Behan/M -Behring/M -Beiderbecke/M -Beijing/M -Beirut/M -Bekesy/M -Bela/M -Belarus/M -Belarusian -Belau/M -Belem/M -Belfast/M -Belg -Belgian/SM -Belgium/M -Belgrade/M -Belinda/M -Belize/M -Bell/M -Bella/M -Bellamy/M -Bellatrix/M -Belleek/M -Bellingham/M -Bellini/M -Bellow/M -Belmont/M -Belmopan/M -Beloit/M -Belorussian/MS -Belshazzar/M -Beltane/M -Belushi/M -Ben/M -Benacerraf/M -Benchley/M -Bend/MR -Bender/M -Bendictus -Bendix/M -Benedict/M -Benedictine/MS -Benelux/M -Benet/M -Benetton/M -Bengal/SM -Bengali/M -Benghazi/M -Benin/M -Beninese/M -Benita/M -Benito/M -Benjamin/M -Bennett/M -Bennie/M -Benny/M -Benson/M -Bentham/M -Bentley/M -Benton/M -Benz/M -Benzedrine/M -Beowulf/M -Berber/SM -Berenice/M -Beretta/M -Berg/MNR -Bergen/M -Berger/M -Bergerac/M -Bergman/M -Bergson/M -Beria/M -Bering/M -Berkeley/M -Berkshire/SM -Berkshires/M -Berle/M -Berlin/SZMR -Berliner/M -Berlioz/M -Berlitz/M -Bermuda/SM -Bermudan/SM -Bermudian/SM -Bern/M -Bernadette/M -Bernadine/M -Bernanke/M -Bernard/M -Bernardo/M -Bernays/M -Bernbach/M -Bernese -Bernhardt/M -Bernice/M -Bernie/M -Bernini/M -Bernoulli/M -Bernstein/M -Berra/M -Berry/M -Bert/M -Berta/M -Bertelsmann/M -Bertha/M -Bertie/M -Bertillon/M -Bertram/M -Bertrand/M -Berwick/M -Beryl/M -Berzelius/M -Bess/M -Bessel/M -Bessemer/M -Bessie/M -Best/M -Betelgeuse/M -Beth/M -Bethany/M -Bethe/M -Bethesda/M -Bethlehem/M -Bethune/M -Betsy/M -Bette/M -Bettie/M -Betty/M -Bettye/M -Beulah/M -Beveridge -Beverley/M -Beverly/M -Beyer/M -Bharat/M -Bhopal/M -Bhutan/M -Bhutanese/M -Bhutto/M -Bi/M -Bialystok/M -Bianca/M -Bib -Bible/MS -Bic/M -Biddle/M -Biden/M -Bierce/M -BigQuery/M -Bigfoot/M -Biggles/M -Biko/M -Bilbao/M -Bilbo/M -Bill/MJ -Billie/M -Billings/M -Billy/M -Bimini/M -Binghamton/M -Biogen/M -Bioko/M -Bird/M -Birdseye/M -Birkenstock/M -Birmingham/M -Biro/M -Biscay/M -Biscayne/M -Bishkek/M -Bishop/M -Bismarck/M -Bismark/M -Bisquick/M -Bissau/M -BitTorrent/M -Bizet/M -Bjerknes/M -Bjork/M -Bk/M -BlackBerry/M -Blackbeard/M -Blackburn/M -Blackfeet/M -Blackfoot/M -Blackpool/M -Blacksburg/M -Blackshirt/M -Blackstone/M -Blackwell/M -Blaine/M -Blair/M -Blake/M -Blanca/M -Blanchard/M -Blanche/M -Blankenship/M -Blantyre/M -Blatz/M -Blavatsky/M -Blenheim/M -Blevins/M -Bligh/M -Bloch/M -Blockbuster/M -Bloemfontein/M -Blondel/M -Blondie/M -Bloom/MR -Bloomer/M -Bloomfield/M -Bloomingdale/M -Bloomington/M -Bloomsburg/M -Bloomsbury/M -Blu -Blucher/M -Bluebeard/M -Bluetooth/M -Blvd -Blythe/M -Boadicea -Boas/M -Bob/M -Bobbi/M -Bobbie/M -Bobbitt/M -Bobby/M -Boccaccio/M -Bodhidharma/M -Bodhisattva/M -Bodleian -Boeing/M -Boeotia/M -Boeotian/M -Boer/SM -Boethius/M -Bogart/M -Bogota/M -Bohemia/M -Bohemian/SM -Bohr/M -Boise/M -Bojangles/M -Boleyn/M -Bolivar/M -Bolivia/M -Bolivian/MS -Bollywood/M -Bologna/M -Bolshevik/SM -Bolsheviki -Bolshevism/M -Bolshevist/M -Bolshoi/M -Bolton/M -Boltzmann/M -Bombay/M -Bonaparte/M -Bonaventure/M -Bond/M -Bonhoeffer/M -Boniface/M -Bonita/M -Bonn/MR -Bonner/M -Bonneville/M -Bonnie/M -Bono/M -Booker/M -Boole/M -Boolean/M -Boone/M -Bootes/M -Booth/M -Bordeaux/M -Borden/M -Bordon/M -Boreas/M -Borg/SM -Borges/M -Borgia/M -Borglum/M -Boris/M -Bork/M -Borlaug/M -Born/M -Borneo/M -Borobudur/M -Borodin/M -Boru/M -Bosch/M -Bose/M -Bosnia/M -Bosnian -Bosporus/M -Boston/MS -Bostonian/M -Boswell/M -Botha -Botox -Botswana/M -Botticelli/M -Boulder/M -Boulez/M -Bourbaki/M -Bourbon/SM -Bournemouth/M -Bovary/M -Bowditch/M -Bowell/M -Bowen/M -Bowers/M -Bowery/M -Bowie/M -Bowman/M -Boyd/M -Boyer/M -Boyle/M -Br/MT -Brad/MY -Bradbury/M -Braddock/M -Bradenton/M -Bradford/M -Bradley/M -Bradly/M -Bradshaw/M -Bradstreet/M -Brady/M -Bragg/M -Brahe/M -Brahma/MS -Brahmagupta/M -Brahman/MS -Brahmani -Brahmanism/SM -Brahmaputra/M -Brahms/M -Braille/MS -Brain/M -Brampton/M -Bran/M -Branch/M -Brandeis/M -Branden/M -Brandenburg/M -Brandi/M -Brandie/M -Brando/M -Brandon/M -Brandt/M -Brandy/M -Brant/M -Braque/M -Brasilia/M -Bratislava/M -Brattain/M -Bray/M -Brazil/M -Brazilian/MS -Brazos/M -Brazzaville/M -Breakspear/M -Breathalyzer -Brecht/M -Breckenridge/M -Bremen/M -Bremerton/M -Brenda/M -Brendan/M -Brennan/M -Brenner/M -Brent/M -Brenton/M -Brest/M -Bret/M -Breton/M -Brett/M -Brewer/M -Brewster/M -Brexit -Brezhnev/M -Brian/M -Briana/M -Brianna/M -Brice/M -Bridalveil/M -Bridgeport/M -Bridger/M -Bridges/M -Bridget/M -Bridgetown/M -Bridgett/M -Bridgette/M -Bridgman/M -Brie/SM -Brigadoon/M -Briggs/M -Brigham/M -Bright/M -Brighton/M -Brigid/M -Brigitte/M -Brillo/M -Brillouin -Brinkley/M -Brisbane/M -Bristol/M -Brit/SM -Britain/M -Britannia/M -Britannic/M -Britannica/M -Briticism/SM -British/MRZ -Britisher/M -Britney/M -Briton/MS -Britt/MN -Brittany/SM -Britten/M -Brittney/M -Brno/M -Broadway/SM -Brobdingnag/M -Brobdingnagian/M -Brock/M -Brokaw/M -Bronson/M -Bronte/M -Brontosaurus -Bronx/M -Brooke/MS -Brooklyn/M -Brooks/M -Bros -Brown/MG -Browne/M -Brownian/M -Brownie/S -Browning/M -Brownshirt/M -Brownsville/M -Brubeck/M -Bruce/M -Bruckner/M -Bruegel -Brummel/M -Brunei/M -Bruneian/MS -Brunelleschi/M -Brunhilde/M -Bruno/M -Brunswick/M -Brussels/M -Brut/M -Brutus/M -Bryan/M -Bryant/M -Bryce/M -Brynner/M -Bryon/M -Brzezinski/M -Btu/M -Buber/M -Buchanan/M -Bucharest/M -Buchenwald/M -Buchwald/M -Buck/M -Buckingham/M -Buckley/M -Buckner/M -Bud/M -Budapest/M -Buddha/SM -Buddhism/SM -Buddhist/SM -Buddy/M -Budweiser/M -Buffalo/M -Buffy/M -Buford/M -Bugatti/M -Bugzilla/M -Buick/M -Bujumbura/M -Bukhara/M -Bukharin/M -Bulawayo/M -Bulfinch/M -Bulganin/M -Bulgar/M -Bulgari/M -Bulgaria/M -Bulgarian/SM -Bullock/M -Bullwinkle/M -Bultmann/M -Bumppo/M -Bunche/M -Bundesbank/M -Bundestag/M -Bunin/M -Bunker/M -Bunsen/M -Bunuel/M -Bunyan/M -Burbank/M -Burberry/M -Burch/M -Burger/M -Burgess/M -Burgoyne/M -Burgundian/M -Burgundy/SM -Burke/M -Burks/M -Burl/M -Burlington/M -Burma/M -Burmese/M -Burnett/M -Burns/M -Burnside/M -Burr/M -Burris/M -Burroughs/M -Bursa/M -Burt/M -Burton/M -Burundi/M -Burundian/MS -Busch/M -Bush/M -Bushido/M -Bushnell/M -Butler/M -Butterfingers/M -Buxtehude/M -Byblos/M -Byers/M -Byrd/M -Byron/M -Byronic/M -Byzantine/MS -Byzantium/M -C/SM -CA -CAD/M -CAI -CAM -CAP -CARE -CATV -CB -CBC/M -CBS/M -CCTV -CCU -CD/SM -CDC -CDT -CEO/M -CF -CFC/M -CFO -CGI -CIA/M -CID -CNN/M -CNS/M -CO/M -COBOL/SM -COD -COL -COLA -COVID -CPA/M -CPI/M -CPO -CPR/M -CPU/M -CRT/SM -CSS/M -CST/M -CT/M -CV -CVS/M -CZ -Ca/M -Cabernet/M -Cabot/M -Cabral/M -Cabrera/M -Cabrini/M -Cadette -Cadillac/M -Cadiz/M -Caedmon/M -Caerphilly/M -Caesar/SM -Cage/M -Cagney/M -Cahokia/M -Caiaphas/M -Cain/SM -Cairo/M -Caitlin/M -Cajun/MS -Cal/M -Calais/M -Calcutta/M -Calder/M -Calderon/M -Caldwell/M -Caleb/M -Caledonia/M -Calexico/M -Calgary/M -Calhoun/M -Cali/M -Caliban/M -Calif -California/M -Californian/SM -Caligula/M -Callaghan/M -Callahan/M -Callao/M -Callas/M -Callie/M -Calliope/M -Callisto/M -Caloocan/M -Calvary/M -Calvert/M -Calvin/M -Calvinism/MS -Calvinist/MS -Calvinistic -Camacho/M -Camarillo/M -Cambodia/M -Cambodian/SM -Cambrian/SM -Cambridge/M -Camden/M -Camel/M -Camelopardalis/M -Camelot/MS -Camembert/MS -Cameron/M -Cameroon/SM -Cameroonian/MS -Camilla/M -Camille/M -Camoens/M -Campanella/M -Campbell/M -Campinas/M -Campos/M -Camry/M -Camus/M -Can/M -Canaan/M -Canaanite/MS -Canad -Canada/M -Canadian/SM -Canadianism -Canaletto/M -Canaries/M -Canaveral/M -Canberra/M -Cancer/SM -Cancun/M -Candace/M -Candice/M -Candide/M -Candy/M -Cannes/M -Cannon/M -Canon/M -Canopus/M -Cantabrigian/M -Canterbury/M -Canton/M -Cantonese/M -Cantor/M -Cantrell/M -Cantu/M -Canute/M -Capablanca/M -Capek/M -Capella/M -Capet/M -Capetian/M -Capetown/M -Caph/M -Capistrano/M -Capitol/SM -Capitoline/M -Capone/M -Capote/M -Capra/M -Capri/M -Capricorn/MS -Capt -Capuchin/M -Capulet/M -Cara/M -Caracalla/M -Caracas/M -Caravaggio/M -Carboloy/M -Carbondale/M -Carboniferous/M -Carborundum/M -Cardenas/M -Cardiff/M -Cardin/M -Cardozo/M -Carey/M -Carib/MS -Caribbean/MS -Carina/M -Carissa/M -Carl/M -Carla/M -Carlene/M -Carlin/M -Carlo/MS -Carlos/M -Carlsbad/M -Carlson/M -Carlton/M -Carly/M -Carlyle/M -Carmela/M -Carmella/M -Carmelo/M -Carmen/M -Carmichael/M -Carmine/M -Carnap/M -Carnation/M -Carnegie/M -Carney/M -Carnot/M -Carol/M -Carole/M -Carolina/M -Caroline/M -Carolingian/M -Carolinian/M -Carolyn/M -Carpathian/SM -Carpathians/M -Carpenter/M -Carr/M -Carranza/M -Carrie/RM -Carrier/M -Carrillo/M -Carroll/M -Carson/M -Carter/M -Cartersville/M -Cartesian/M -Carthage/M -Carthaginian/MS -Cartier/M -Cartwright/M -Caruso/M -Carver/M -Cary/M -Casablanca/M -Casals/M -Casandra/M -Casanova/SM -Cascades/M -Case/M -Casey/M -Cash/M -Casio/M -Caspar/M -Casper/M -Caspian/M -Cassandra/SM -Cassatt/M -Cassidy/M -Cassie/M -Cassiopeia/M -Cassius/M -Castaneda/M -Castilian -Castillo/M -Castlereagh/M -Castor/M -Castries/M -Castro/M -Catalan/SM -Catalina/M -Catalonia/M -Catawba/M -Caterpillar/M -Cathay/M -Cather/M -Catherine/M -Cathleen/M -Catholic/MS -Catholicism/MS -Cathryn/M -Cathy/M -Catiline/M -Cato/M -Catskill/SM -Catskills/M -Catt/M -Catullus/M -Caucasian/MS -Caucasoid -Caucasus/M -Cauchy/M -Cavendish/M -Cavour/M -Caxton/M -Cayenne/M -Cayman/M -Cayuga/SM -Cayuse -Cb -Cd/M -Ce/M -Ceausescu/M -Cebu/M -Cebuano/M -Cecelia/M -Cecil/M -Cecile/M -Cecilia/M -Cecily/M -Cedric/M -Celeste/M -Celgene/M -Celia/M -Celina/M -Cellini/M -Celsius/M -Celt/SM -Celtic/SM -Cenozoic/M -Centaurus/M -Centigrade -Central -Cepheid/M -Cepheus/M -Cerberus/M -Cerenkov/M -Ceres/M -Cerf/M -Cervantes/M -Cesar/M -Cesarean/M -Cessna/M -Cetus/M -Ceylon/M -Ceylonese -Cezanne/M -Cf/M -Ch'in/M -Ch/N -Chablis/M -Chad/M -Chadian/MS -Chadwick/M -Chagall/M -Chaitanya/M -Chaitin/M -Chaldea -Chaldean/M -Challenger/M -Chalmers -Chamberlain/M -Chambers/M -Chambersburg/M -Champaign/M -Champlain/M -Champollion/M -Chan/M -Chance/M -Chancellorsville/M -Chandigarh/M -Chandler/M -Chandon/M -Chandra/M -Chandragupta/M -Chandrasekhar/M -Chanel/M -Chaney/M -Chang/M -Changchun/M -Changsha/M -Chantilly/M -Chaplin/M -Chaplinesque -Chapman/M -Chappaquiddick/M -Chapultepec/M -Charbray/M -Chardonnay/M -Charity/M -Charlemagne/M -Charlene/M -Charles/M -Charleston/MS -Charley/M -Charlie/M -Charlotte/M -Charlottesville/M -Charlottetown/M -Charmaine/M -Charmin/M -Charolais/M -Charon/M -Chartism/M -Chartres/M -Charybdis/M -Chase/M -Chasity/M -Chateaubriand/M -Chattahoochee/M -Chattanooga/M -Chatterley/M -Chatterton/M -Chaucer/M -Chauncey/M -Chautauqua/M -Chavez/M -Chayefsky/M -Che/M -Chechen/M -Chechnya/M -Cheddar/M -Cheer/M -Cheerios/M -Cheetos/M -Cheever/M -Chekhov/M -Chekhovian -Chelsea/M -Chelyabinsk/M -Chen/M -Cheney/M -Chengdu/M -Chennai/M -Cheops/M -Cheri/M -Cherie/M -Chernenko/M -Chernobyl/M -Chernomyrdin/M -Cherokee/MS -Cherry/M -Cheryl/M -Chesapeake/M -Cheshire/M -Chester/M -Chesterfield/M -Chesterton/M -Chevalier/M -Cheviot/M -Chevrolet/M -Chevron/M -Chevy/M -Cheyenne/SM -Chi/M -Chianti/MS -Chiba/M -Chibcha/M -Chicago/M -Chicagoan/M -Chicana/M -Chicano/M -Chickasaw/MS -Chiclets/M -Chico/M -Chihuahua/MS -Chile/M -Chilean/MS -Chimborazo/M -Chimera/MS -Chimu/M -Chin/M -China/M -Chinatown/M -Chinese/M -Chinook/MS -Chipewyan/M -Chippendale/M -Chippewa/SM -Chiquita/M -Chirico/M -Chisholm/M -Chisinau/M -Chittagong/M -Chivas/M -Chloe/M -Choctaw/SM -Chomsky/M -Chongqing/M -Chopin/M -Chopra/M -Chou/M -Chretien/M -Chris/M -Christ/MS -Christa/M -Christchurch/M -Christendom/MS -Christensen/M -Christi/M -Christian/SM -Christianity/SM -Christianize -Christie/M -Christina/M -Christine/M -Christlike -Christmas/MS -Christmastide/MS -Christmastime/MS -Christoper/M -Christopher/M -Chromebook/MS -Chronicles -Chrysler/M -Chrysostom/M -Chrystal/M -Chuck/M -Chukchi/M -Chumash/M -Chung/M -Church/M -Churchill/M -Churriguera/M -Chuvash/M -Ci/M -Cicero/M -Cid/M -Cimabue/M -Cincinnati/M -Cinderella/MS -Cindy/M -CinemaScope/M -Cinerama/M -Cipro/M -Circe/M -Cisco/M -Citibank/M -Citigroup/M -Citroen/M -Cl/MV -Claiborne/M -Clair/M -Claire/M -Clairol/M -Clancy/M -Clapeyron/M -Clapton/M -Clara/M -Clare/M -Clarence/M -Clarendon/M -Clarice/M -Clarissa/M -Clark/M -Clarke/M -Clarksville/M -Claude/M -Claudette/M -Claudia/M -Claudine/M -Claudio/M -Claudius/M -Claus/M -Clausewitz/M -Clausius/M -Clay/M -Clayton/M -Clearasil/M -Clem/XM -Clemenceau/M -Clemens/M -Clement/MS -Clementine/M -Clements/M -Clemons/M -Clemson/M -Cleo/M -Cleopatra/M -Cleveland/M -Cliburn/M -Cliff/M -Clifford/M -Clifton/M -Cline/M -Clint/M -Clinton/M -Clio/M -Clive/M -Clojure/M -Clorets/M -Clorox/M -Closure/M -Clotho/M -Clouseau/M -Clovis/M -Clyde/M -Clydesdale/M -Clytemnestra/M -Cm/M -Cmdr -Co/M -Cobain/M -Cobb/M -Cochabamba/M -Cochin/M -Cochise/M -Cochran/M -Cockney/M -Cocteau/M -Cod -Cody/M -Coffey/M -Cognac/M -Cohan/M -Cohen/M -Coimbatore/M -Cointreau/M -Coke/SM -Col/M -Colbert/M -Colby/M -Cole/M -Coleen/M -Coleman/M -Coleridge/M -Colette/M -Colfax/M -Colgate/M -Colin/M -Colleen/M -Collier/M -Collin/SM -Collins/M -Colo -Cologne/M -Colombia/M -Colombian/MS -Colombo/M -Colon/M -Coloradan/SM -Colorado/M -Coloradoan -Colosseum/M -Colt/M -Coltrane/M -Columbia/M -Columbine/M -Columbus/M -Com -Comanche/MS -Combs/M -Comdr -Comintern/M -Commandment -Commons/M -Commonwealth -Communion/SM -Communism -Communist/SM -Como/M -Comoran -Comoros/M -Compaq/M -Compton/M -CompuServe/M -Comte/M -Conakry/M -Conan/M -Concepcion/M -Concetta/M -Concord/SM -Concorde/M -Condillac/M -Condorcet/M -Conestoga/M -Confederacy/M -Confederate/MS -Confucian/SM -Confucianism/MS -Confucius/M -Cong/M -Congo/M -Congolese/M -Congregational -Congregationalist/MS -Congress/MS -Congressional -Congreve/M -Conley/M -Conn/MR -Connecticut/M -Connellsville/M -Connemara/M -Conner/M -Connery/M -Connie/M -Connolly/M -Connors/M -Conrad/M -Conrail/M -Conroe/M -Conservative -Constable/M -Constance/M -Constantine/M -Constantinople/M -Constitution -Consuelo/M -Continent/M -Continental/M -Contreras/M -Conway/M -Cook/M -Cooke/M -Cooley/M -Coolidge/M -Cooper/M -Cooperstown/M -Coors/M -Copacabana/M -Copeland/M -Copenhagen/M -Copernican/M -Copernicus/M -Copland/M -Copley/M -Copperfield/M -Coppertone/M -Coppola/M -Coptic/M -Cora/M -Cordelia/M -Cordilleras/M -Cordoba/M -Corey/M -Corfu/M -Corina/M -Corine/M -Corinne/M -Corinth/M -Corinthian/MS -Corinthians/M -Coriolanus/M -Coriolis/M -Cork -Corleone/M -Cormack/M -Corneille/M -Cornelia/M -Cornelius/M -Cornell/M -Corning/M -Cornish/MS -Cornwall/M -Cornwallis/M -Coronado/M -Corot/M -Corp -Correggio/M -Corrine/M -Corsica/M -Corsican/M -Cortes/MS -Cortland/M -Corvallis/M -Corvette/M -Corvus/M -Cory/M -Cosby/M -CosmosDB/M -Cossack/M -Costco/M -Costello/M -Costner/M -Cote/M -Cotonou/M -Cotopaxi/M -Cotswold/M -Cotton/M -Coulomb/M -Coulter/M -Couperin/M -Courbet/M -Courtney/M -Cousteau/M -Coventry/SM -Covington/M -Coward/M -Cowell/M -Cowley/M -Cowper/M -Cox/M -Coy/M -Coyle/M -Cozumel/M -Cpl -Cr/MT -Crabbe/M -Craft/M -Craig/M -Cranach/M -Crane/M -Cranmer/M -Crater/M -Crawford/M -Cray/M -Crayola/M -Creation/M -Creator/M -Crecy/M -Cree/DSM -Creek/SM -Creighton/M -Creole/SM -Creon/M -Cressida/M -Crest/M -Cretaceous/M -Cretan/SM -Crete/M -Crichton/M -Crick/M -Crimea/M -Crimean/M -Criollo/M -Crisco/M -Cristina/M -Croat/SM -Croatia/M -Croatian/MS -Croce/M -Crockett/M -Croesus/M -Cromwell/M -Cromwellian/M -Cronin/M -Cronkite/M -Cronus/M -Crookes/M -Crosby/M -Cross/M -Crow/SM -Crowley/M -Crucifixion/MS -Cruikshank/M -Cruise/M -Crusades's -Crusoe/M -Crux/M -Cruz/M -Cryptozoic/M -Crystal/M -Csonka/M -Ct -Ctesiphon/M -Cthulhu/M -Cu/M -Cuba/M -Cuban/SM -Cuchulain/M -Cuisinart/M -Culbertson/M -Cullen/M -Cumberland/M -Cummings/M -Cunard/M -Cunningham/M -Cupid/M -Curacao/M -Curie/M -Curitiba/M -Currier/M -Curry/RM -Curt/M -Curtis/M -Custer/M -Cuvier/M -Cuzco/M -Cybele/M -Cyclades/M -Cyclopes/M -Cyclops/M -Cygnus/M -Cymbeline/M -Cynthia/M -Cyprian/M -Cypriot/MS -Cyprus/M -Cyrano/M -Cyril/M -Cyrillic/M -Cyrus/M -Czech/M -Czechia/M -Czechoslovak -Czechoslovakia/M -Czechoslovakian/SM -Czechs -Czerny/M -D/M -DA/M -DAR -DAT/M -DBMS/M -DC/M -DD/M -DDS/M -DDT/S -DE -DEA -DEC/SD -DH -DHS -DI -DJ -DMCA -DMD/M -DMZ -DNA/M -DOA -DOB -DOD -DOE -DOS/M -DOT -DP/SM -DPT -DST -DTP -DUI -DVD/S -DVR/SM -DWI -Dachau/M -Dacron/SM -Dada/M -Dadaism/M -Daedalus/M -Daguerre/M -Dagwood/M -Dahomey/M -Daimler/M -Daisy/M -Dakar/M -Dakota/SM -Dakotan/M -Dalai -Dale/M -Daley/M -Dali/M -Dalian/M -Dallas/M -Dalmatia/M -Dalmatian/SM -Dalton/M -Damascus/M -Dame/MN -Damian/M -Damien/M -Damion/M -Damocles/M -Damon/M -Dan/M -Dana/M -Danae/M -Danbury/M -Dane/SM -Danelaw/M -Dangerfield/M -Danial/M -Daniel/SM -Danielle/M -Daniels/M -Danish/M -Dannie/M -Danny/M -Danone/M -Dante/M -Danton/M -Danube/M -Danubian/M -Danville/M -Daphne/M -Darby/M -Darcy/M -Dardanelles/M -Dare/M -Daren/M -Darfur/M -Darin/M -Dario/M -Darius/M -Darjeeling/M -Darla/M -Darlene/M -Darling/M -Darnell/M -Darrel/M -Darrell/M -Darren/M -Darrin/M -Darrow/M -Darryl/M -Darth/M -Dartmoor/M -Dartmouth/M -Darvon/M -Darwin/M -Darwinian/M -Darwinism/SM -Darwinist -Daryl/M -Datamation -Daugherty/M -Daumier/M -Davao/M -Dave/M -Davenport/M -David/MS -Davidson/M -Davies/M -Davis/M -Davy/SM -Dawes/M -Dawkins -Dawn/M -Dawson/M -Day/M -Dayan -Dayton/M -DeGeneres/M -DeKalb/M -Deadhead/M -Dean/M -Deana/M -Deandre/M -Deann/M -Deanna/M -Deanne/M -Death/M -Debbie/M -Debby/M -Debian/M -Debora/M -Deborah/M -Debouillet/M -Debra/M -Debs/M -Debussy/M -Dec/M -Decalogue/M -Decatur/M -Decca/M -Deccan/M -December/SM -Decker/M -Dedekind/M -Dee/M -Deena/M -Deere/M -Defoe/M -Degas/M -Deidre/M -Deimos/M -Deirdre/M -Deity -Dejesus/M -Del/M -Delacroix/M -Delacruz/M -Delaney/M -Delano/M -Delaware/MS -Delawarean/SM -Delbert/M -Deleon/M -Delgado/M -Delhi/M -Delia/M -Delibes/M -Delicious/M -Delilah/M -Delilahs -Delius/M -Dell/M -Della/M -Delmar/M -Delmarva/M -Delmer/M -Delmonico/M -Delores/M -Deloris/M -Delphi/M -Delphic/M -Delphinus/M -Delta/M -Deltona/M -Dem/G -Demavend/M -Demerol/M -Demeter/M -Demetrius/M -Deming/M -Democrat/SM -Democratic -Democritus/M -Demosthenes/M -Dempsey/M -Dena/M -Denali -Deneb/M -Denebola/M -Deng/M -Denis/M -Denise/M -Denmark/M -Dennis/M -Denny/M -Denton/M -Denver/M -Deon/M -Depp/M -Derby/M -Derek/M -Derick/M -Dermot/M -Derrick/M -Derrida/M -Descartes/M -Desdemona/M -Desiree/M -Desmond/M -Detroit/M -Deuteronomy/M -Devanagari/M -Devi/M -Devin/M -Devon/M -Devonian/M -Dewar/M -Dewayne/M -Dewey/M -Dewitt/M -Dexedrine/M -Dexter/M -Dhaka/M -Dhaulagiri/M -Di/SM -DiCaprio/M -DiMaggio/M -Diaghilev/M -Dial/M -Diana/M -Diane/M -Diann/M -Dianna/M -Dianne/M -Dias -Diaspora/MS -Dick/XM -Dickens/M -Dickensian -Dickerson/M -Dickinson/M -Dickson/M -Dictaphone/SM -Diderot/M -Dido/M -Didrikson/M -Diefenbaker/M -Diego/M -Diem/M -Dietrich/M -Dijkstra/M -Dijon/M -Dilbert/MS -Dillard/M -Dillinger/M -Dillon/M -Dina/M -Dinah/M -Dino/M -Diocletian/M -Diogenes/M -Dion/M -Dionne/M -Dionysian/M -Dionysus/M -Diophantine/M -Dior/M -Dipper/M -Dir -Dirac/M -Dirichlet/M -Dirk/M -Dis/M -Disney/M -Disneyland/M -Disraeli/M -Divine/M -Diwali/M -Dix/M -Dixie/M -Dixiecrat/M -Dixieland/SM -Dixon/M -Django/M -Djibouti/M -Dmitri/M -Dnepropetrovsk/M -Dniester/M -Dobbin/M -Doberman/M -Dobro/M -Doctor -Doctorow/M -Dodge/M -Dodgson/M -Dodoma/M -Dodson/M -Doe/M -Doha/M -Dolby/M -Dole/M -Dollie/M -Dolly/M -Dolores/M -Domesday/M -Domingo/M -Dominguez/M -Dominic/M -Dominica/M -Dominican/MS -Dominick/M -Dominion -Dominique/M -Domitian/M -Don/SM -Dona/M -Donahue/M -Donald/M -Donaldson/M -Donatello/M -Donetsk/M -Donizetti/M -Donn/MR -Donna/M -Donne/M -Donnell/M -Donner/M -Donnie/M -Donny/M -Donovan/M -Dooley/M -Doolittle/M -Doonesbury/M -Doppler/M -Dora/M -Dorcas/M -Doreen/M -Dorian/M -Doric/M -Doris/M -Doritos/M -Dorothea/M -Dorothy/M -Dorset/M -Dorsey/M -Dorthy/M -Dortmund/M -Dostoevsky/M -Dot/M -Dothan/M -Dotson/M -Douala/M -Douay/M -Doubleday/M -Doug/M -Douglas/M -Douglass/M -Douro/M -Dover/M -Dow/M -Downs/M -Downy/M -Doyle/M -Dr -Draco/M -Draconian/M -Dracula/M -Drake/M -Dramamine/SM -Drambuie/M -Drano/M -Dravidian/M -Dreiser/M -Dresden/M -Drew/M -Dreyfus/M -Dristan/M -Dropbox/M -Drudge/M -Drupal/M -Dryden/M -Dschubba/M -Du -DuPont/M -Duane/M -Dubai/M -Dubcek/M -Dubhe/M -Dublin/M -Dubrovnik/M -Dubuque/M -Duchamp/M -Dudley/M -Duffy/M -Duisburg/M -Duke/M -Dulles/M -Duluth/M -Dumas/M -Dumbledore/M -Dumbo/M -Dunant/M -Dunbar/M -Duncan/M -Dundee -Dunedin/M -Dunkirk/M -Dunlap/M -Dunn/M -Dunne/M -Duracell/M -Duran/M -Durant/M -Durante/M -Durban/M -Durer/M -Durex/M -Durham/MS -Durkheim/M -Duroc/M -Durocher/M -Duse/M -Dushanbe/M -Dusseldorf/M -Dustbuster/M -Dustin/M -Dusty/M -Dutch/M -Dutchman/M -Dutchmen/M -Dutchwoman -Duvalier/M -Dvina/M -Dvorak/M -Dwayne/M -Dwight/M -Dy/M -Dyer/M -Dylan/M -DynamoDB/M -Dyson/M -Dzerzhinsky/M -Dzungaria/M -E/SM -EC -ECG/M -ECMAScript/M -EDP/M -EDT -EEC/M -EEG/M -EEO -EEOC -EFL -EFT -EKG/M -ELF/M -EM -EMT -ENE/M -EOE -EPA/M -ER -ERA -ESE/M -ESL -ESP/M -ESPN/M -ESR -EST/M -ET -ETA -ETD -EU -EULA/S -Eakins/M -Earhart/M -Earl/M -Earle/M -Earlene/M -Earline/M -Earnest/M -Earnestine/M -Earnhardt/M -Earp/M -East/SZMR -Easter/M -Eastern/R -Eastman/M -Eastwood/M -Eaton/M -Eben/M -Ebeneezer/M -Ebert/M -Ebola/M -Ebonics/M -Ebony/M -Ebro/M -Ecclesiastes/M -Eco/M -Ecstasy -Ecuador/M -Ecuadoran/SM -Ecuadorean -Ecuadorian/SM -Ed/MNX -Edam/SM -Edda/M -Eddie/M -Eddington/M -Eddy/M -Eden/M -Edgar/M -Edgardo/M -Edinburgh/M -Edison/M -Edith/M -Edmond/M -Edmonton/M -Edmund/M -Edna/M -Edsel/M -Eduardo/M -Edward/SM -Edwardian/M -Edwardo/M -Edwards/M -Edwin/M -Edwina/M -Eeyore/M -Effie/M -Efrain/M -Efren/M -Eggo/M -Egypt/M -Egyptian/MS -Egyptology/M -Ehrenberg/M -Ehrlich/M -Eichmann/M -Eiffel/M -Eileen/M -Einstein/MS -Eire/M -Eisenhower/M -Eisenstein/M -Eisner/M -Elaine/M -Elam/M -Elanor/M -Elasticsearch/M -Elastoplast/M -Elba/M -Elbe/M -Elbert/M -Elbrus/M -Eldersburg/M -Eldon/M -Eleanor/M -Eleazar/M -Electra/M -Elena/M -Elgar/M -Eli/M -Elias/M -Elijah/M -Elinor/M -Eliot/M -Elisa/M -Elisabeth/M -Elise/M -Eliseo/M -Elisha/M -Eliza/M -Elizabeth/M -Elizabethan/SM -Elizabethtown/M -Elkhart/M -Ella/M -Ellen/M -Ellesmere/M -Ellie/M -Ellington/M -Elliot/M -Elliott/M -Ellis/M -Ellison/M -Elma/M -Elmer/M -Elmira/M -Elmo/M -Elnath/M -Elnora/M -Elohim/M -Eloise/M -Eloy/M -Elroy/M -Elsa/M -Elsie/M -Elsinore/M -Eltanin/M -Elton/M -Elul/M -Elva/M -Elvia/M -Elvin/M -Elvira/M -Elvis/M -Elway/M -Elwood/M -Elyria/M -Elysee/M -Elysian/M -Elysium/SM -Emacs/M -Emanuel/M -Emerson/M -Emery/M -Emil/M -Emile/M -Emilia/M -Emilio/M -Emily/M -Eminem/M -Eminence -Emma/M -Emmanuel/M -Emmett/M -Emmy/M -Emory/M -Encarta/M -Endymion/M -Eng/M -Engels/M -England/M -English/MRS -Englishman/M -Englishmen/M -Englishwoman/M -Englishwomen/M -Enid/M -Enif/M -Eniwetok/M -Enkidu/M -Enoch/M -Enos/M -Enrico/M -Enrique/M -Enron/M -Enterprise/M -Eocene/M -Epcot/M -Ephesian/MS -Ephesus/M -Ephraim/M -Epictetus/M -Epicurean/M -Epicurus/M -Epimethius/M -Epiphany/SM -Episcopal -Episcopalian/MS -Epistle -Epsom/M -Epson/M -Epstein/M -Equuleus/M -Er/M -Erasmus/M -Erato/M -Eratosthenes/M -Erebus/M -Erector/M -Erewhon/M -Erhard/M -Eric/M -Erica/M -Erich/M -Erick/M -Ericka/M -Erickson/M -Eridanus/M -Erie/M -Erik/M -Erika/M -Erin/M -Eris/MS -Eritrea/M -Eritrean/SM -Erlang/M -Erlenmeyer/M -Erma/M -Erna/M -Ernest/M -Ernestine/M -Ernesto/M -Ernie/M -Ernst/M -Eros/MS -Errol/M -Erse/M -ErvIn/M -Erwin/M -Esau/M -Escher/M -Escherichia/M -Escondido -Eskimo/MS -Esmeralda/M -Esperanto/M -Esperanza/M -Espinoza/M -Esq/M -Esquire/MS -Essen/M -Essene/M -Essequibo/M -Essex/M -Essie/M -Establishment -Esteban/M -Estela/M -Estella/M -Estelle/M -Ester/M -Esterhazy/M -Estes/M -Esther/M -Estonia/M -Estonian/SM -Estrada/M -Ethan/M -Ethel/M -Ethelred/M -Ethernet/M -Ethiopia/M -Ethiopian/SM -Etna/M -Eton/M -Etruria/M -Etruscan/M -Etta/M -Eu/M -Eucharist/MS -Eucharistic -Euclid/M -Eugene/M -Eugenia/M -Eugenie/M -Eugenio/M -Eula/M -Euler/M -Eumenides/M -Eunice/M -Euphrates/M -Eur -Eurasia/M -Eurasian/MS -Euripides/M -Eurodollar/SM -Europa/M -Europe/M -European/MS -Eurydice/M -Eustachian/M -Eustis/M -Euterpe/M -Eva/M -Evan/SM -Evangelical -Evangelina/M -Evangeline/M -Evangelist/M -Evans/M -Evansville/M -Eve/M -Evelyn/M -Evenki/M -EverReady/M -Everest/M -Everett/M -Everette/M -Everglades/M -Evert/M -Evian/M -Evita/M -Ewing/M -Excalibur/M -Excedrin/M -Excellency/SM -Exchequer -Exercycle/M -Exocet/M -Exodus/M -Exxon/M -Eyck/M -Eyre/M -Eysenck/M -Ezekiel/M -Ezra/M -F/MD -FAA -FAQ/SM -FBI/M -FCC -FD -FDA -FDIC/M -FDR/M -FHA/M -FICA/M -FIFO -FL -FM/SM -FNMA/M -FOFL -FORTRAN/M -FPO -FSF/M -FSLIC -FTC -FUD/S -FWD -FWIW -FY -FYI -Faberge/M -Fabian/MS -Facebook/M -Faeroe/M -Fafnir/M -Fagin/M -Fahd/M -Fahrenheit/M -Fairbanks/M -Fairfield/M -Fairhope/M -Faisal/M -Faisalabad/M -Faith/M -Fajardo/M -Falasha/M -Falkland/SM -Falklands/M -Fallopian/M -Falstaff/M -Falwell/M -Fannie/M -Fanny/M -Faraday/M -Fargo/M -Farley/M -Farmer/M -Farmington/M -Farragut/M -Farrakhan/M -Farrell/M -Farrow/M -Farsi/M -Fassbinder/M -Fatah/M -Fates/M -Father/SM -Fatima/M -Fatimid/M -Faulkner/M -Faulknerian/M -Fauntleroy/M -Faust/M -Faustian/M -Faustino/M -Faustus/M -Fawkes/M -Fay/M -Faye/M -Fayetteville/M -Fe/M -Feb/M -February/SM -Fed/SM -FedEx/M -Federal/MS -Federalist/M -Federico/M -Feds/M -Felecia/M -Felice/M -Felicia/M -Felicity/M -Felipe/M -Felix/M -Fellini/M -Fenian/M -Ferber/M -Ferdinand/M -Fergus/M -Ferguson/M -Ferlinghetti/M -Fermat/M -Fermi/M -Fern/M -Fernandez/M -Fernando/M -Ferrari/M -Ferraro/M -Ferrell/M -Ferris/M -Feynman/M -Fez/M -Fiat/M -Fiberglas/M -Fibonacci/M -Fichte/M -Fidel/M -Fido/M -Fielding/M -Fields/M -Figaro/M -Figueroa/M -Fiji/M -Fijian/MS -Filipino/MS -Fillmore/M -Filofax/M -Finch/M -Finland/M -Finlay/M -Finley/M -Finn/SM -Finnbogadottir/M -Finnegan/M -Finnish/M -Fiona/M -Firebase/M -Firefox/M -Firestone/M -Fischer/M -Fisher/M -Fisk/M -Fitch/M -Fitchburg/M -Fitzgerald/M -Fitzpatrick/M -Fitzroy/M -Fizeau/M -Fla -Flagstaff/M -Flanagan/M -Flanders/M -Flathead -Flatt/M -Flaubert/M -Fleischer/M -Fleming/M -Flemish/M -Fletcher/M -Flint/M -Flintstones/M -Flo/M -Flora/M -Florence/M -Florentine/M -Flores/M -Florida/M -Floridan/M -Floridian/SM -Florine/M -Florsheim/M -Flory/M -Flossie/M -Flowers/M -Floyd/M -Flynn/M -Fm/M -Foch/M -Fokker/M -Foley/M -Folgers/M -Folsom/M -Fomalhaut/M -Fonda/M -Foosball/M -Forbes/M -Ford/M -Foreman/M -Forest/MR -Forester/M -Formica/MS -Formosa/M -Formosan/M -Forrest/M -Forster/M -Fortaleza/M -Fosse/M -Foster/M -Fotomat/M -Foucault/M -Fourier/M -Fourneyron/M -Fourth -Fowler/M -Fox/MS -Fr/MD -Fragonard/M -Fran/M -France/SM -Frances/M -Francesca/M -Francine/M -Francis/M -Francisca/M -Franciscan/MS -Francisco/M -Franck/M -Franco/M -Francois/M -Francoise/M -Francophile -Franglais/M -Frank/SM -Frankel/M -Frankenstein/M -Frankfort/M -Frankfurt/MR -Frankfurter/M -Frankie/M -Frankish -Franklin/M -Franks/M -Franny/M -Franz/M -Fraser/M -Frau/MN -Fraulein -Frazier/M -Fred/M -Freda/M -Freddie/M -Freddy/M -Frederic/M -Frederick/M -Fredericksburg/M -Fredericton/M -Fredric/M -Fredrick/M -Freeman/M -Freemason/SM -Freemasonry/SM -Freetown/M -Freida/M -Fremont/M -French/MS -Frenchman/M -Frenchmen/M -Frenchwoman/M -Frenchwomen/M -Freon/M -Fresnel/M -Fresno/M -Freud/M -Freudian/M -Frey/M -Freya/M -Fri/M -Friday/SM -Frieda/M -Friedan/M -Friedman/M -Friedmann/M -Friend/SM -Frigga/M -Frigidaire/M -Frisbee/M -Frisco/M -Frisian/MS -Frito/M -Fritz/M -Frobisher/M -Frodo/M -Froissart/M -Fromm/M -Fronde/M -Frontenac/M -Frost/M -Frostbelt/M -Frunze/M -Fry/M -Frye/M -Fuchs/M -Fuentes/M -Fugger/M -Fuji/M -Fujian/M -Fujitsu/M -Fujiwara/M -Fujiyama/M -Fukuoka/M -Fukuyama/M -Fulani/M -Fulbright/M -Fuller/M -Fullerton/M -Fulton/M -Funafuti/M -Fundy/M -Furies/M -Furman/M -Furtwangler/M -Fushun/M -Fuzhou/M -Fuzzbuster/M -G/MNRB -GA -GAO -GATT/M -GB/M -GCC/M -GDP/M -GE/M -GED -GHQ/M -GHz -GI -GIF -GIGO -GM/M -GMAT -GMO -GMT/M -GNP/M -GNU/M -GOP/M -GP/M -GPA -GPO -GPS -GPU -GSA -GTE/M -GU -GUI/M -Ga/M -Gable/M -Gabon/M -Gabonese/M -Gaborone/M -Gabriel/M -Gabriela/M -Gabrielle/M -Gacrux/M -Gadsden/M -Gaea/M -Gael/SM -Gaelic/M -Gagarin/M -Gage/M -Gaia/M -Gail/M -Gaiman/M -Gaines/M -Gainesville/M -Gainsborough/M -Galahad/SM -Galapagos/M -Galatea/M -Galatia/M -Galatians/M -Galaxy -Galbraith/M -Gale/M -Galen/M -Galibi/M -Galilean/SM -Galilee/M -Galileo/M -Gall/M -Gallagher/M -Gallegos/M -Gallic/M -Gallicism/SM -Gallo/M -Galloway/M -Gallup/M -Galois/M -Galsworthy/M -Galvani/M -Galveston/M -Gama -Gamay/M -Gambia/M -Gambian/SM -Gamble/M -Gamow/M -Gandalf/M -Gandhi/M -Gandhian/M -Ganesha/M -Ganges/M -Gangtok/M -Gansu/M -Gantry/M -Ganymede/M -Gap/M -Garbo/M -Garcia/M -Gardner/M -Gareth/M -Garfield/M -Garfunkel/M -Gargantua/M -Garibaldi/M -Garland/M -Garner/M -Garrett/M -Garrick/M -Garrison/M -Garry/M -Garth/M -Garvey/M -Gary/M -Garza/M -Gascony/M -Gasser/M -Gastonia/M -Gastroenterology -Gates/M -Gatling/M -Gatorade/M -Gatsby/M -Gatun/M -Gauguin/M -Gaul/SM -Gaulish -Gauss/M -Gaussian/M -Gautama/M -Gautier/M -Gavin/M -Gawain/M -Gay/M -Gayle/M -Gaza/M -Gaziantep/M -Gd/M -Gdansk/M -Ge/M -Geffen/M -Gehenna/M -Gehrig/M -Geiger/M -Gelbvieh/M -Geller/M -Gemini/MS -Gen/M -Gena/M -Genaro/M -Gene/M -Genesis/M -Genet/M -Geneva/M -Genevieve/M -Genghis/M -Genoa/SM -Gentoo/M -Gentry/M -Geo/M -Geoffrey/M -George/MS -Georgetown/M -Georgette/M -Georgia/M -Georgian/MS -Georgina/M -Ger/M -Gerald/M -Geraldine/M -Gerard/M -Gerardo/M -Gerber/M -Gere/M -Geritol/M -German/MS -Germanic/M -Germany/M -Geronimo/M -Gerry/M -Gershwin/M -Gertrude/M -Gestapo/SM -Gethsemane/M -Getty/M -Gettysburg/M -Gewurztraminer/M -Ghana/M -Ghanaian -Ghats/M -Ghazvanid/M -Ghent/M -Ghibelline/M -Giacometti/M -Giannini/M -Giauque/M -Gibbon/M -Gibbs/M -Gibraltar/MS -Gibson/M -Gide/M -Gideon/M -Gielgud/M -Gienah/M -Gil/M -Gila/M -Gilbert/M -Gilberto/M -Gilchrist/M -Gilda/M -Gilead/M -Giles/M -Gilgamesh/M -Gill/M -Gillespie/M -Gillette/M -Gilliam/M -Gillian/M -Gilligan/M -Gilman -Gilmore/M -Gilroy/M -Gina/M -Ginger/M -Gingrich/M -Ginny/M -Gino/M -Ginsberg/M -Ginsburg/M -Ginsu/M -Giorgione/M -Giotto/M -Giovanni/M -Giraudoux/M -Giselle/M -Gish/M -GitHub/M -Giuliani/M -Giuseppe/M -Giza/M -Gk -Gladstone/MS -Gladys/M -Glaser/M -Glasgow/M -Glass/M -Glastonbury/M -Glaswegian/SM -Glaxo/M -Gleason/M -Glen/M -Glenda/M -Glendale -Glenlivet/M -Glenn/M -Glenna/M -Gloria/M -Gloucester/M -Glover/M -Gnostic/M -Gnosticism/M -GnuPG -Goa/M -Gobi/M -God/M -Godard/M -Goddard/M -Godel/M -Godhead/M -Godiva/M -Godot/M -Godspeed/SM -Godthaab/M -Godunov/M -Godzilla/M -Goebbels/M -Goering/M -Goethals/M -Goethe/M -Goff/M -Gog/M -Gogol/M -Goiania/M -Golan/M -Golconda/M -Golda/M -Goldberg/M -Golden/M -Goldie/M -Goldilocks/M -Golding/M -Goldman/M -Goldsboro/M -Goldsmith/M -Goldwater/M -Goldwyn/M -Golgi/M -Golgotha/M -Goliath/M -Gomez/M -Gomorrah/M -Gompers/M -Gomulka/M -Gondwanaland/M -Gonzales/M -Gonzalez/M -Gonzalo/M -Good/M -Goodall/M -Goode/M -Goodman/M -Goodrich/M -Goodwill/M -Goodwin/M -Goodyear/M -Google/M -Goolagong/M -Gopher -Gorbachev/M -Gordian/M -Gordimer/M -Gordon/M -Gore/M -Goren/M -Gorey/M -Gorgas/M -Gorgon/M -Gorgonzola/M -Gorky/M -Gospel/MS -Goteborg/M -Goth/M -Gotham/M -Gothic/MS -Goths -Gouda/SM -Gould/M -Gounod/M -Governor -Goya/M -Gr/B -Grable/M -Gracchus/M -Grace/M -Graceland/M -Gracie/M -Graciela/M -Grady/M -Graffias/M -Grafton/M -Graham/M -Grahame/M -Grail/M -Grammy/M -Grampians/M -Granada/M -Grant/M -Grass/M -Graves/M -Gray/M -Grayslake/M -Grecian/M -Greece/M -Greek/SM -Greeley/M -Green/SM -Greene/M -Greenland/M -Greenlandic -Greenpeace/M -Greensboro/M -Greensleeves/M -Greenspan/M -Greenville/M -Greenwich/M -Greer/M -Greg/M -Gregg/M -Gregorian/M -Gregorio/M -Gregory/M -Grenada/M -Grenadian/MS -Grenadines/M -Grendel/M -Grenoble/M -Gresham/M -Greta/M -Gretchen/M -Gretel/M -Gretzky/M -Grey/M -Grieg/M -Griffin/M -Griffith/M -Grimes/M -Grimm/M -Grinch/M -Gris/M -Gromyko/M -Gropius/M -Gross/M -Grosz/M -Grotius/M -Grover/M -Grozny -Grumman/M -Grundy/M -Grunewald/M -Grus/M -Gruyere/SM -Guadalajara/M -Guadalcanal/M -Guadalquivir/M -Guadalupe/M -Guadeloupe/M -Guallatiri/M -Guam/M -Guamanian -Guangdong/M -Guangzhou/M -Guantanamo/M -Guarani/M -Guarnieri/M -Guatemala/M -Guatemalan/MS -Guayama/M -Guayaquil/M -Gucci/M -Guelph/M -Guernsey/MS -Guerra/M -Guerrero/M -Guevara/M -Guggenheim/M -Guiana/M -Guido -Guillermo/M -Guinea/M -Guinean/MS -Guinevere/M -Guinness/M -Guiyang/M -Guizhou/M -Guizot/M -Gujarat/M -Gujarati/M -Gujranwala/M -Gulfport/M -Gullah/M -Gulliver/M -Gumbel/M -Gunther/M -Guofeng/M -Gupta/M -Gurkha/M -Gus/M -Gustav/M -Gustavo/M -Gustavus/M -Gutenberg/M -Guthrie/M -Gutierrez/M -Guy/M -Guyana/M -Guyanese/M -Guzman/M -Gwalior/M -Gwen/M -Gwendoline/M -Gwendolyn/M -Gwyn/M -Gypsy/SM -H/M -HBO/M -HBase/M -HDD -HDMI -HDTV -HF/M -HHS -HI -HIV/M -HM -HMO/M -HMS -HOV -HP/M -HPV -HQ/M -HR -HRH -HS -HSBC/M -HST -HT -HTML/M -HTTP -HUD/M -Ha/M -Haas/M -Habakkuk/M -Haber/M -Hadar/M -Hades/M -Hadoop/M -Hadrian/M -Hafiz/M -Hagar/M -Hagerstown/M -Haggai/M -Hagiographa/M -Hague/M -Hahn/M -Haida/SM -Haifa/M -Hainan/M -Haiphong/M -Haiti/M -Haitian/MS -Hakka/M -Hakluyt/M -Hal/SM -Haldane/M -Hale/M -Haleakala/M -Haley/M -Halifax/M -Hall/M -Halley/M -Halliburton/M -Hallie/M -Hallmark/M -Halloween/MS -Hallstatt/M -Halon/M -Hals/M -Halsey/M -Ham/M -Haman/M -Hamburg/MS -Hamhung/M -Hamilcar/M -Hamill/M -Hamilton/M -Hamiltonian/M -Hamitic/M -Hamlet/M -Hamlin/M -Hammarskjold/M -Hammerstein/M -Hammett/M -Hammond/M -Hammurabi/M -Hampshire/M -Hampton/M -Hamsun/M -Han/SM -Hancock/M -Handel/M -Handy/M -Haney/M -Hanford/M -Hangul/M -Hangzhou/M -Hank/M -Hanna/M -Hannah/M -Hannibal/M -Hanoi/M -Hanover/M -Hanoverian/M -Hans/MN -Hansel/M -Hansen/M -Hanson/M -Hanuka -Hanukkah/M -Hanukkahs -Hapsburg/M -Harare/M -Harbin/M -Hardin/M -Harding/M -Hardy/M -Hargreaves/M -Harlan/M -Harlem/M -Harlequin/M -Harley/M -Harlingen/M -Harlow/M -Harmon/M -Harold/M -Harper/M -Harpy/SM -Harrell/M -Harriet/M -Harriett/M -Harrington/M -Harris/M -Harrisburg/M -Harrison/M -Harrisonburg/M -Harrods/M -Harry/M -Hart/M -Harte/M -Hartford/M -Hartline/M -Hartman/M -Harvard/M -Harvey/M -Hasbro/M -Hasidim/M -Haskell/M -Hastings/M -Hatfield/M -Hathaway/M -Hatsheput/M -Hatteras/M -Hattie/M -Hattiesburg/M -Hauptmann/M -Hausa/M -Hausdorff/M -Havana/MS -Havarti/M -Havel/M -Havoline/M -Haw -Hawaii/M -Hawaiian/SM -Hawking/M -Hawkins/M -Hawks -Hawthorne/M -Hay/SM -Hayden/M -Haydn/M -Hayek/M -Hayes/M -Haynes/M -Hays/M -Hayward/M -Haywood/M -Hayworth/M -Hazel/M -Hazleton/M -Hazlitt/M -He/M -Head/M -Hearst/M -Heath/MR -Heather/M -Heaviside/M -Heb -Hebe/M -Hebei/M -Hebert/M -Hebraic/M -Hebraism/SM -Hebrew/MS -Hebrews/M -Hebrides/M -Hecate/M -Hector/M -Hecuba/M -Heep/M -Hefner/M -Hegel/M -Hegelian/M -Hegira/M -Heidegger/M -Heidelberg/M -Heidi/M -Heifetz/M -Heilongjiang/M -Heimlich/M -Heine/M -Heineken/M -Heinlein/M -Heinrich/M -Heinz/M -Heisenberg/M -Heisman/M -Helen/M -Helena/M -Helene/M -Helga/M -Helicobacter -Helicon/M -Heliopolis/M -Helios/M -Hellene/SM -Hellenic/M -Hellenism/MS -Hellenist -Hellenistic/M -Hellenization/M -Hellenize/M -Heller/M -Hellespont/M -Hellman/M -Helmholtz/M -Heloise/M -Helsinki/M -Helvetian -Helvetius/M -Hemet/M -Hemingway/M -Henan/M -Hench/M -Henderson/M -Hendrick/MS -Hendricks/M -Hendrix/M -Henley/M -Hennessy/M -Henri/M -Henrietta/M -Henrik/M -Henry/M -Hensley/M -Henson/M -Hepburn/M -Hephaestus/M -Hepplewhite/M -Hera/M -Heracles/M -Heraclitus/M -Herakles/M -Herbart/M -Herbert/M -Herculaneum/M -Herculean -Hercules/M -Herder/M -Hereford/SM -Herero/M -Heriberto/M -Herman/M -Hermaphroditus/M -Hermes/M -Herminia/M -Hermitage/M -Hermite/M -Hermosillo/M -Hernandez/M -Herod/M -Herodotus/M -Heroku/M -Herr/MG -Herrera/M -Herrick/M -Herring/M -Herschel/M -Hersey/M -Hershel/M -Hershey/M -Hertz/M -Hertzsprung/M -Herzegovina/M -Herzl/M -Heshvan/M -Hesiod/M -Hesperia/M -Hesperus/M -Hess/M -Hesse/M -Hessian/M -Hester/M -Heston/M -Hettie/M -Hewitt/M -Hewlett/M -Heyerdahl/M -Heywood/M -Hezbollah/M -Hezekiah/M -Hf/M -Hg/M -Hialeah/M -Hiawatha/M -Hibernia/M -Hibernian -Hickman/M -Hickok/M -Hickory/M -Hicks/M -Hieronymus/M -Higashiosaka -Higgins/M -Highlander/SM -Highlands -Highness/M -Hightstown/M -Hilario/M -Hilary/M -Hilbert/M -Hilda/M -Hildebrand/M -Hilfiger/M -Hill/M -Hillary/M -Hillel/M -Hilton/M -Himalaya/SM -Himalayan -Himalayas/M -Himmler/M -Hinayana/M -Hindemith/M -Hindenburg/M -Hindi/M -Hindu/SM -Hinduism/SM -Hindustan/M -Hindustani/SM -Hines/M -Hinesville/M -Hinton/M -Hipparchus/M -Hippocrates/M -Hippocratic/M -Hiram/M -Hirobumi/M -Hirohito/M -Hiroshima/M -Hispanic/SM -Hispaniola/M -Hiss/M -Hitachi/M -Hitchcock/M -Hitler/MS -Hittite/SM -Hmong/M -Ho/M -Hobart/M -Hobbes/M -Hobbs/M -Hockney/M -Hodge/SM -Hodges/M -Hodgkin/M -Hoff/M -Hoffa/M -Hoffman/M -Hofstadter/M -Hogan/M -Hogarth/M -Hogwarts/M -Hohenlohe/M -Hohenstaufen/M -Hohenzollern/M -Hohhot/M -Hohokam/M -Hokkaido/M -Hokusai/M -Holbein/M -Holcomb/M -Holden/M -Holder/M -Holiday/M -Holiness -Holland/ZSMR -Hollander/M -Hollerith/M -Holley/M -Hollie/M -Hollis/M -Holloway/M -Holly/M -Hollywood/M -Holman/M -Holmes/M -Holocaust/M -Holocene/M -Holst/M -Holstein/SM -Holt/M -Homer/M -Homeric/M -Hon -Honda/M -Honduran/MS -Honduras/M -Honecker/M -Honeywell/M -Hong -Honiara/M -Honolulu/M -Honorable -Honshu/M -Hood/M -Hooke/RM -Hooker/M -Hooper/M -Hoosier/MS -Hooters/M -Hoover/MS -Hope/M -Hopewell/M -Hopi/SM -Hopkins/M -Hopper/M -Horace/M -Horacio/M -Horatio/M -Hormel/M -Hormuz/M -Horn/M -Hornblower/M -Horne/M -Horowitz/M -Horthy/M -Horton/M -Horus/M -Hosea/M -Host/SM -Hotpoint/M -Hottentot/SM -Houdini/M -Houma/M -House/M -Housman/M -Houston/M -Houyhnhnm/M -Hovhaness/M -Howard/M -Howe/M -Howell/MS -Howells/M -Howrah -Hoyle/M -Hrothgar/M -Hts -Huang/M -Hubbard/M -Hubble/M -Hubei/M -Huber/M -Hubert/M -Huck/M -Huddersfield -Hudson/M -Huerta/M -Huey/M -Huff/M -Huffman/M -Huggins/M -Hugh/MS -Hughes/M -Hugo/M -Huguenot/MS -Hui/M -Huitzilopotchli/M -Hull/M -Humberto/M -Humboldt/M -Hume/M -Hummel/M -Hummer/M -Humphrey/SM -Humvee/M -Hun/SM -Hunan/M -Hung/M -Hungarian/SM -Hungary/M -Hunspell/M -Hunt/MR -Hunter/M -Huntington/M -Huntley/M -Huntsville/M -Hurd/M -Hurley/M -Huron/M -Hurst/M -Hus/M -Hussein/M -Husserl/M -Hussite/M -Huston/M -Hutchinson/M -Hutton/M -Hutu/M -Huxley/M -Huygens/M -Hyades/M -Hyde/M -Hyderabad/M -Hydra/M -Hymen/M -Hyperion/M -Hyundai/M -Hz/M -I'd -I'll -I'm -I've -I/M -IA -IBM/M -ICBM/SM -ICC -ICU -ID/SM -IDE -IE -IED -IEEE -IKEA/M -IL -IMF/M -IMHO -IMNSHO -IMO -IN -ING/M -INRI -INS -IOU/M -IP -IPA -IPO -IQ/M -IRA/SM -IRC -IRS/M -ISBN -ISIS -ISO/M -ISP -ISS -IT -IUD -IV/SM -IVF -Ia -Iaccoca/M -Iago/M -Ian/M -Iapetus/M -Ibadan/M -Iberia/M -Iberian/M -Ibiza/M -Iblis/M -Ibo/M -Ibsen/M -Icahn/M -Icarus/M -Ice -Iceland/MRZ -Icelander/M -Icelandic/M -Ida/M -Idaho/SM -Idahoan/MS -Idahoes -Ieyasu/M -Ignacio/M -Ignatius/M -Igor/M -Iguassu/M -Ijsselmeer/M -Ike/M -Ikhnaton/M -Ila/M -Ilene/M -Iliad/SM -Ill -Illinois/M -Illinoisan/MS -Illuminati/M -Ilyushin/M -Imelda/M -Imhotep/M -Imodium/M -Imogene/M -Imus/M -In/M -Ina/M -Inc -Inca/SM -Inchon/M -Incorporated -Ind -Independence/M -India/M -Indian/MS -Indiana/M -Indianan/SM -Indianapolis/M -Indianian -Indies/M -Indio/M -Indira/M -Indochina/M -Indochinese/M -Indonesia/M -Indonesian/SM -Indore/M -Indra/M -Indus/M -Indy/SM -Ines/M -Inez/M -Inge/M -Inglewood -Ingram/M -Ingres/M -Ingrid/M -Innocent/M -Innsbruck -Inonu/M -Inquisition/M -Inst -Instagram/M -Instamatic/M -Intel/M -Intelsat/M -Internationale/M -Internet/SM -Interpol/M -Inuit/MS -Inuktitut/M -Invar/M -Io/M -Ionesco/M -Ionian/MS -Ionic/SM -Iowa/SM -Iowan/MS -Iphigenia/M -Ipswich -Iqaluit/M -Iqbal/M -Iquitos/M -Ir/M -Ira/M -Iran/M -Iranian/SM -Iraq/M -Iraqi/MS -Ireland/M -Irene/M -Iris/M -Irish/MR -Irishman/M -Irishmen/M -Irishwoman/M -Irishwomen/M -Irkutsk/M -Irma/M -Iroquoian/SM -Iroquois/M -Irrawaddy/M -Irtish/M -Irvin/M -Irvine/M -Irving/M -Irwin/M -Isaac/M -Isabel/M -Isabela/M -Isabella/M -Isabelle/M -Isaiah/M -Iscariot/M -Isfahan/M -Isherwood/M -Ishim/M -Ishmael/M -Ishtar/M -Isiah/M -Isidro/M -Isis/M -Islam/MS -Islamabad/M -Islamic/M -Islamism/M -Islamist/M -Islamophobia -Islamophobic -Ismael/M -Ismail/M -Isolde/M -Ispell/M -Israel/SM -Israeli/SM -Israelite/M -Issac/M -Issachar/M -Istanbul/M -Isuzu/M -It -Itaipu/M -Ital -Italian/SM -Italianate -Italy/M -Itasca/M -Ithaca/M -Ithacan/M -Ito/M -Iva/M -Ivan/M -Ivanhoe/M -Ives/M -Ivorian -Ivory/M -Ivy/M -Iyar/M -Izaak/M -Izanagi/M -Izanami/M -Izhevsk/M -Izmir/M -Izod/M -Izvestia/M -J/MD -JCS -JD -JFK/M -JP -JPEG -JV -Jack/M -Jackie/M -Jacklyn/M -Jackson/M -Jacksonian/M -Jacksonville/M -Jacky/M -Jaclyn/M -Jacob/SM -Jacobean/M -Jacobi/M -Jacobin/M -Jacobite/M -Jacobs/M -Jacobson/M -Jacquard/M -Jacqueline/M -Jacquelyn/M -Jacques/M -Jacuzzi/M -Jagger/M -Jagiellon/M -Jaguar/M -Jahangir/M -Jaime/M -Jain/M -Jainism/M -Jaipur/M -Jakarta/M -Jake/M -Jamaal/M -Jamaica/M -Jamaican/SM -Jamal/M -Jamar/M -Jame/SM -Jamel/M -James/M -Jamestown/M -Jami/M -Jamie/M -Jan/M -Jana/M -Janacek/M -Jane/M -Janell/M -Janelle/M -Janesville/M -Janet/M -Janette/M -Janice/M -Janie/M -Janine/M -Janis/M -Janissary/M -Janjaweed/M -Janna/M -Jannie/M -Jansen/M -Jansenist/M -January/SM -Janus/M -Jap/SM -Japan/M -Japanese/MS -Japura/M -Jared/M -Jarlsberg/M -Jarred/M -Jarrett/M -Jarrod/M -Jarvis/M -Jasmine/M -Jason/M -Jasper/M -Jataka/M -Java/SM -JavaScript/M -Javanese/M -Javier/M -Jaxartes/M -Jay/M -Jayapura/M -Jayawardene/M -Jaycee/MS -Jaycees/M -Jayne/M -Jayson/M -Jean/M -Jeanette/M -Jeanie/M -Jeanine/M -Jeanne/M -Jeannette/M -Jeannie/M -Jeannine/M -Jed/M -Jedi/M -Jeep/M -Jeeves/M -Jeff/M -Jefferey/M -Jefferson/M -Jeffersonian/M -Jeffery/M -Jeffrey/M -Jeffry/M -Jehoshaphat/M -Jehovah/M -Jekyll/M -Jenifer/M -Jenkins/M -Jenna/M -Jenner/M -Jennie/M -Jennifer/M -Jennings/M -Jenny/M -Jensen/M -Jephthah/M -Jerald/M -Jeremiah/M -Jeremiahs -Jeremy/M -Jeri/M -Jericho/M -Jermaine/M -Jeroboam/M -Jerold/M -Jerome/M -Jerri/M -Jerrod/M -Jerrold/M -Jerry/M -Jersey/MS -Jerusalem/M -Jess/M -Jesse/M -Jessica/M -Jessie/M -Jesuit/MS -Jesus/M -Jetway/M -Jew/SM -Jewel/M -Jewell/M -Jewess/MS -Jewish/PM -Jewry/M -Jezebel/SM -Jiangsu/M -Jiangxi/M -Jidda/M -Jilin/M -Jill/M -Jillian/M -Jim/M -Jimenez/M -Jimmie/M -Jimmy/M -Jinan/M -Jinnah/M -Jinny/M -Jivaro/M -Jo/M -Joan/M -Joann/M -Joanna/M -Joanne/M -Joaquin/M -Job/SM -Jobs/M -Jocasta/M -Jocelyn/M -Jock/M -Jockey/M -Jodi/M -Jodie/M -Jody/M -Joe/M -Joel/M -Joey/M -Jogjakarta/M -Johann/M -Johanna/M -Johannes/M -Johannesburg/M -John/SM -Johnathan/M -Johnathon/M -Johnie/M -Johnnie/M -Johnny/M -Johns/M -Johnson/M -Johnston/M -Johnstown/M -Jolene/M -Jolson/M -Jon/M -Jonah/M -Jonahs -Jonas/M -Jonathan/M -Jonathon/M -Jones/M -Jonesboro/M -Joni/M -Jonson/M -Joplin/M -Jordan/M -Jordanian/MS -Jorge/M -Jose/M -Josef/M -Josefa/M -Josefina/M -Joseph/M -Josephine/M -Josephs -Josephson/M -Josephus/M -Josh/M -Joshua/M -Josiah/M -Josie/M -Josue/M -Joule/M -Jove/M -Jovian/M -Joy/M -Joyce/M -Joycean/M -Joyner/M -Jpn -Jr/M -Juan/M -Juana/M -Juanita/M -Juarez/M -Jubal/M -Judaeo -Judah/M -Judaic -Judaical -Judaism/MS -Judas/MS -Judd/M -Jude/M -Judea/M -Judges -Judith/M -Judson/M -Judy/M -Juggernaut/M -Jul -Jules/M -Julia/M -Julian/M -Juliana/M -Julianne/M -Julie/M -Juliet/M -Juliette/M -Julio/M -Julius/M -Julliard/M -July/SM -Jun/M -June/SM -Juneau/M -Jung/M -Jungfrau/M -Jungian/M -Junior/SM -Junker/SM -Juno/M -Jupiter/M -Jurassic/M -Jurua/M -Justice/M -Justin/M -Justine/M -Justinian/M -Jutland/M -Juvenal/M -K/SMNGJ -KB/M -KC -KFC/M -KGB/M -KIA -KKK/M -KO/M -KP -KS -KY -Kaaba/M -Kabul/M -Kafka/M -Kafkaesque/M -Kagoshima/M -Kahlua/M -Kahului/M -Kaifeng/M -Kailua/M -Kaiser/MS -Kaitlin/M -Kalahari/M -Kalamazoo/M -Kalashnikov/M -Kalb/M -Kalevala/M -Kalgoorlie/M -Kali/M -Kalmyk/M -Kama/M -Kamchatka/M -Kamehameha/M -Kampala/M -Kampuchea/M -Kan/SM -Kanchenjunga/M -Kandahar/M -Kandinsky/M -Kane/M -Kaneohe/M -Kankakee/M -Kannada/M -Kano/M -Kanpur/M -Kansan/MS -Kansas/M -Kant/M -Kantian/M -Kaohsiung/M -Kaposi/M -Kara/M -Karachi/M -Karaganda/M -Karakorum/M -Karamazov/M -Kareem/M -Karen/M -Karenina/M -Kari/M -Karin/M -Karina/M -Karl/M -Karla/M -Karloff/M -Karo/M -Karol/M -Karroo/M -Karyn/M -Kasai/M -Kasey/M -Kashmir/SM -Kasparov/M -Kate/M -Katelyn/M -Katharine/M -Katherine/M -Katheryn/M -Kathiawar/M -Kathie/M -Kathleen/M -Kathmandu/M -Kathrine/M -Kathryn/M -Kathy/M -Katie/M -Katina/M -Katmai/M -Katowice/M -Katrina/M -Katy/M -Kauai/M -Kaufman/M -Kaunas/M -Kaunda/M -Kawabata/M -Kawasaki/M -Kay/M -Kaye/M -Kayla/M -Kazakh/M -Kazakhs -Kazakhstan/M -Kazan/M -Kazantzakis/M -Kb/M -Keaton/M -Keats/M -Keck/M -Keenan/M -Keewatin/M -Keillor/M -Keisha/M -Keith/M -Keller/M -Kelley/M -Kelli/M -Kellie/M -Kellogg/M -Kelly/M -Kelsey/M -Kelvin/M -Kemerovo/M -Kemp/M -Kempis/M -Ken/M -Kendall/M -Kendra/M -Kendrick/M -Kenmore/M -Kennan/M -Kennedy/M -Kenneth/M -Kennewick/M -Kennith/M -Kenny/M -Kenosha/M -Kent/M -Kenton/M -Kentuckian/MS -Kentucky/M -Kenya/M -Kenyan/SM -Kenyatta/M -Kenyon/M -Keogh/M -Keokuk/M -Kepler/M -Kerensky/M -Keri/M -Kermit/M -Kern/M -Kerouac/M -Kerr/M -Kerri/M -Kerry/M -Kettering/M -Keven/M -Kevin/M -Kevlar/M -Kevorkian/M -Kewpie/M -Key/M -Keynes/M -Keynesian/M -Khabarovsk/M -Khachaturian/M -Khalid/M -Khan/M -Kharkov/M -Khartoum/M -Khayyam/M -Khazar/M -Khmer/M -Khoikhoi/M -Khoisan/M -Khomeini/M -Khorana/M -Khrushchev/M -Khufu/M -Khulna/M -Khwarizmi/M -Khyber/M -Kickapoo/M -Kidd/M -Kiel/M -Kierkegaard/M -Kieth/M -Kiev/M -Kigali/M -Kikuyu/M -Kilauea/M -Kilimanjaro/M -Killeen/M -Kilroy/M -Kim/M -Kimberley/M -Kimberly/M -King/M -Kingsport/M -Kingston/M -Kingstown/M -Kinko's -Kinney/M -Kinsey/M -Kinshasa/M -Kiowa/MS -Kip/M -Kipling/M -Kirby/M -Kirchhoff/M -Kirchner/M -Kirghistan/M -Kirghiz/M -Kirghizia/M -Kiribati/M -Kirinyaga/M -Kirk/M -Kirkland/M -Kirkpatrick/M -Kirov/M -Kirsten/M -Kisangani/M -Kishinev/M -Kislev/M -Kissimmee/M -Kissinger/M -Kit/M -Kitakyushu/M -Kitchener/M -Kitty/M -Kiwanis/M -Klan/M -Klansman/M -Klaus/M -Klee/M -Kleenex/MS -Klein/M -Klimt/M -Kline/M -Klingon/M -Klondike/MS -Kmart/M -Knapp/M -Knesset/M -Kngwarreye/M -Knickerbocker/M -Knievel/M -Knight/M -Knopf/M -Knossos/M -Knowles/M -Knox/M -Knoxville/M -Knudsen/M -Knuth/M -Knuths -Kobe/M -Koch/M -Kochab/M -Kodachrome/M -Kodak/M -Kodaly/M -Kodiak/M -Koestler/M -Kohinoor/M -Kohl/M -Koizumi/M -Kojak/M -Kokomo/M -Kolyma/M -Kommunizma/M -Kong/M -Kongo/M -Konrad/M -Koontz/M -Koppel/M -Korea/M -Korean/SM -Kornberg/M -Kory/M -Korzybski/M -Kosciusko/M -Kossuth/M -Kosygin/M -Kotlin/M -Koufax/M -Kowloon/M -Kr/M -Kraft/M -Krakatoa/M -Krakow/M -Kramer/M -Krasnodar/M -Krasnoyarsk/M -Krebs/M -Kremlin/M -Kremlinologist -Kremlinology -Kresge/M -Kringle/M -Kris/M -Krishna/M -Krishnamurti/M -Krista/M -Kristen/M -Kristi/M -Kristie/M -Kristin/M -Kristina/M -Kristine/M -Kristopher/M -Kristy/M -Kroc/M -Kroger/M -Kronecker/M -Kropotkin/M -Kruger/M -Krugerrand/M -Krupp/M -Krystal/M -Kshatriya/M -Kublai/M -Kubrick/M -Kuhn/M -Kuibyshev/M -Kulthumm/M -Kunming/M -Kuomintang/M -Kurd/M -Kurdish/M -Kurdistan/M -Kurosawa/M -Kurt/M -Kurtis/M -Kusch/M -Kutuzov/M -Kuwait/M -Kuwaiti/SM -Kuznets/M -Kuznetsk/M -Kwakiutl/M -Kwan/M -Kwangju/M -Kwanzaa/MS -Ky/MH -Kyle/M -Kyoto/M -Kyrgyzstan/M -Kyushu/M -L'Amour/M -L'Enfant -L'Oreal/M -L'Ouverture/M -L/MN -LA -LAN/M -LBJ/M -LC -LCD/M -LCM -LDC -LED/M -LG/M -LGBT -LIFO -LL -LLB/M -LLD/M -LNG -LOGO -LP/M -LPG -LPN/SM -LSAT -LSD/M -LVN -La/SM -Lab -Laban/M -Labrador/SM -Labradorean -Lacey/M -Lachesis/M -Lactobacillus -Lacy/M -Ladoga/M -Ladonna/M -Lady/M -Ladyship/MS -Lafayette/M -Lafitte/M -Lagos/M -Lagrange/M -Lagrangian/M -Lahore/M -Laius/M -Lajos/M -Lakeisha/M -Lakeland/M -Lakewood -Lakisha/M -Lakota/M -Lakshmi/M -Lamaism/SM -Lamar/M -Lamarck/M -Lamaze/M -Lamb/M -Lambert/M -Lamborghini/M -Lambrusco/M -Lamentations -Lamont/M -Lana/M -Lanai/M -Lancashire/M -Lancaster/M -Lance/M -Lancelot/M -Land/M -Landon/M -Landry/M -Landsat/M -Landsteiner/M -Lane/M -Lang/M -Langerhans/M -Langland/M -Langley/M -Langmuir/M -Lanka/M -Lankan/M -Lanny/M -Lansing/M -Lanzhou/M -Lao/SM -Laocoon/M -Laos/M -Laotian/SM -Laplace/M -Laplacian -Lapland/MR -Lapp/SM -Lara/M -Laramie/M -Lardner/M -Laredo/M -Larousse/M -Larry/M -Lars/MN -Larsen/M -Larson/M -Lascaux/M -Lassa/M -Lassen/M -Lassie/M -Lat/M -Latasha/M -Lateran/M -Latham/M -Latin/MRS -Latina -Latino/SM -Latinx -Latisha/M -Latonya/M -Latoya/M -Latrobe/M -Latvia/M -Latvian/MS -Laud/MR -Lauder/M -Laue/M -Laundromat/M -Laura/M -Laurasia/M -Laurel/M -Lauren/M -Laurence/M -Laurent/M -Lauri/M -Laurie/M -Laval/M -Lavern/M -Laverne/M -Lavoisier/M -Lavonne/M -Lawanda/M -Lawrence/M -Lawson/M -Lawton/M -Layamon/M -Layla/M -Layton/M -Lazaro/M -Lazarus/M -Le/SM -Lea/M -Leach/M -Leadbelly/M -Leah/M -Leakey/M -Lean/M -Leander/M -Leann/M -Leanna/M -Leanne/M -Lear/M -Learjet/M -Leary/M -Leavenworth/M -Lebanese/M -Lebanon/M -Lebesgue/M -Leblanc/M -Leda/M -Lederberg/M -Lee/M -Leeds/M -Leesburg/M -Leeuwenhoek/M -Leeward/M -Left -Legendre/M -Leger/M -Leghorn/M -Lego/M -Legree/M -Lehman/M -Leibniz/M -Leicester/SM -Leiden/M -Leif/M -Leigh/M -Leila/M -Leipzig/M -Lela/M -Leland/M -Lelia/M -Lemaitre/M -Lemuel/M -Lemuria/M -Len/M -Lena/M -Lenard/M -Lenin/M -Leningrad/M -Leninism/M -Leninist/M -Lennon/M -Lenny/M -Leno/M -Lenoir/M -Lenora/M -Lenore/M -Lent/SMN -Lenten/M -Leo/SM -Leola/M -Leominster/M -Leon/M -Leona/M -Leonard/M -Leonardo/M -Leoncavallo/M -Leonel/M -Leonid/M -Leonidas/M -Leonor/M -Leopold/M -Leopoldo/M -Lepidus/M -Lepke/M -Lepus/M -Lerner/M -Leroy/M -Les/M -Lesa/M -Lesley/M -Leslie/M -Lesotho/M -Lesseps/M -Lessie/M -Lester/M -Lestrade/M -Leta/M -Letha/M -Lethe/M -Leticia/M -Letitia/M -Letterman/M -Levant/M -Levesque/M -Levi/SM -Leviathan/M -Levine/M -Leviticus/M -Levitt/M -Levy/M -Lew/M -Lewinsky/M -Lewis/M -Lewiston/M -Lewisville/M -Lexington/M -Lexus/M -Lhasa/MS -Lhotse/M -Li/MY -Liaoning/M -Libby/M -Liberace/M -Liberal -Liberia/M -Liberian/SM -Libra/MS -LibreOffice/M -Libreville/M -Librium/M -Libya/M -Libyan/SM -Lichtenstein/M -Lidia/M -Lie/M -Lieberman/M -Liebfraumilch/M -Liechtenstein/ZMR -Liechtensteiner/M -Liege/M -Lieut -Lila/M -Lilia/M -Lilian/M -Liliana/M -Lilith/M -Liliuokalani/M -Lille/M -Lillian/M -Lillie/M -Lilliput/M -Lilliputian/MS -Lilly/M -Lilongwe/M -Lily/M -Lima/M -Limbaugh/M -Limbo -Limburger/M -Limoges/M -Limousin/M -Limpopo/M -Lin/M -Lina/M -Lincoln/MS -Lind/M -Linda/M -Lindbergh/M -Lindsay/M -Lindsey/M -Lindy/M -Linnaeus/M -Linotype/M -Linton/M -Linus/M -Linux/MS -Linwood/M -Lionel/M -Lipizzaner/M -Lippi/M -Lippmann/M -Lipscomb/M -Lipton/M -Lisa/M -Lisbon/M -Lissajous/M -Lister/M -Listerine/M -Liston/M -Liszt/M -Lithuania/M -Lithuanian/MS -Little/M -Litton/M -Livermore/M -Liverpool/M -Liverpudlian/SM -Livia/M -Livingston/M -Livingstone/M -Livonia/M -Livy/M -Liz/M -Liza/M -Lizzie/M -Lizzy/M -Ljubljana/M -Llewellyn/M -Lloyd/M -Ln -Loafer/SM -Lobachevsky/M -Lochinvar/M -Locke/M -Lockean/M -Lockheed/M -Lockwood/M -Lodge/M -Lodi/M -Lodz/M -Loewe/M -Loewi/M -Loews/M -Logan/M -Lohengrin/M -Loire/M -Lois/M -Loki/M -Lola/M -Lolita/M -Lollard/M -Lollobrigida/M -Lombard/M -Lombardi/M -Lombardy/M -Lome/M -Lompoc/M -Lon/M -London/MRZ -Londoner/M -Long/M -Longfellow/M -Longmont/M -Longstreet/M -Longueuil -Longview/M -Lonnie/M -Lopez/M -Lora/M -Lorain/M -Loraine/M -Lord/SM -Lordship/SM -Lorelei/M -Loren/M -Lorena/M -Lorene/M -Lorentz/M -Lorentzian -Lorenz/M -Lorenzo/M -Loretta/M -Lori/M -Lorie/M -Lorna/M -Lorraine/M -Lorre/M -Lorrie/M -Los -Lot/M -Lothario/SM -Lott/M -Lottie/M -Lou/M -Louella/M -Louie/M -Louis/M -Louisa/M -Louise/M -Louisiana/M -Louisianan/MS -Louisianian/MS -Louisville/M -Lourdes/M -Louvre/M -Love/M -Lovecraft/M -Lovelace/M -Lowe/M -Lowell/M -Lowenbrau/M -Lowery/M -Lowlands -Loyang/M -Loyd/M -Loyola/M -Lr -Lt -Ltd -Lu/M -Luanda/M -Luann/M -Lubavitcher/M -Lubbock/M -Lubumbashi/M -Lucas/M -Luce/M -Lucia/M -Lucian/M -Luciano/M -Lucien/M -Lucifer/M -Lucile/M -Lucille/M -Lucinda/M -Lucio/M -Lucite/SM -Lucius/M -Lucknow/M -Lucretia/M -Lucretius/M -Lucy/M -Luddite/MS -Ludhiana/M -Ludwig/M -Luella/M -Lufthansa/M -Luftwaffe/M -Luger/M -Lugosi/M -Luigi/M -Luis/M -Luisa/M -Luke/M -Lula/M -Lully/M -Lulu/M -Lumiere/M -Luna/M -Lupe/M -Lupercalia/M -Lupus/M -Luria/M -Lusaka/M -Lusitania/M -Luther/M -Lutheran/SM -Lutheranism/MS -Luvs/M -Luxembourg/ZMR -Luxembourger/M -Luxembourgian -Luz/M -Luzon/M -Lvov/M -LyX/M -Lyallpur -Lycra/M -Lycurgus/M -Lydia/M -Lydian/SM -Lyell/M -Lyle/M -Lyly/M -Lyman/M -Lyme/M -Lynch/M -Lynchburg/M -Lynda/M -Lyndon/M -Lynette/M -Lynn/M -Lynne/M -Lynnette/M -Lyon/SM -Lyons/M -Lyra/M -Lysenko/M -Lysistrata/M -Lysol/M -M/SMGB -MA/M -MASH -MB/M -MBA/M -MC -MCI/M -MD/M -MDT -ME -MEGO/S -MFA/M -MGM/M -MHz -MI/M -MIA -MIDI/M -MIPS -MIRV -MIT/M -MM -MN -MO -MOOC -MP/M -MPEG -MRI/M -MS/M -MSG/M -MST/M -MSW -MT/M -MTV/M -MVP/M -MW -Maalox/M -Mabel/M -Mable/M -Mac/M -MacArthur/M -MacBride/M -MacDonald/M -MacLeish/M -Macao/M -Macaulay/M -Macbeth/M -Maccabees -Maccabeus/M -Mace/M -Macedon/M -Macedonia/M -Macedonian/SM -Mach/M -Machiavelli/M -Machiavellian/M -Macias/M -Macintosh/M -Mack/M -Mackenzie/M -Mackinac/M -Mackinaw/M -Macmillan/M -Macon/M -Macumba/M -Macy/M -Madagascan/SM -Madagascar/M -Madam -Madden/M -Maddox/M -Madeira/SM -Madeleine/M -Madeline/M -Madelyn/M -Madera/M -Madge/M -Madison/M -Madonna/SM -Madras/M -Madrid/M -Madurai/M -Mae/M -Maeterlinck/M -Mafia/MS -Mafioso/M -Magdalena/M -Magdalene/M -Magellan/M -Magellanic/M -Maggie/M -Maghreb/M -Magi -Maginot/M -Magnificat -Magnitogorsk/M -Magog/M -Magoo/M -Magritte/M -Magsaysay/M -Magus -Magyar/SM -Mahabharata/M -Maharashtra/M -Mahavira/M -Mahayana/M -Mahayanist/M -Mahdi/M -Mahfouz/M -Mahican/SM -Mahler/M -Mai/M -Maidenform/M -Maigret/M -Mailer/M -Maillol/M -Maiman/M -Maimonides/M -Maine/MZR -Mainer/M -Maisie/M -Maitreya/M -Maj -Majesty -Major/M -Majorca/M -Majuro/M -Makarios/M -Maker/M -Malabar/M -Malabo/M -Malacca/M -Malachi/M -Malagasy/M -Malamud/M -Malaprop/M -Malawi/M -Malawian/SM -Malay/MS -Malaya/M -Malayalam/M -Malayan/MS -Malaysia/M -Malaysian/MS -Malcolm/M -Maldive/MS -Maldives/M -Maldivian/MS -Maldonado/M -Male/M -Mali/M -Malian/SM -Malibu/M -Malinda/M -Malinowski/M -Mallarme/M -Mallomars/M -Mallory/M -Malone/M -Malory/M -Malplaquet/M -Malraux/M -Malta/M -Maltese/M -Malthus/M -Malthusian/SM -Mameluke/M -Mamet/M -Mamie/M -Mamore/M -Man/M -Managua/M -Manama/M -Manasseh/M -Manchester/M -Manchu/SM -Manchuria/M -Manchurian/M -Mancini/M -Mancunian/MS -Mandalay/M -Mandarin/M -Mandela/M -Mandelbrot/M -Mandeville/M -Mandingo/M -Mandrell/M -Mandy/M -Manet/M -Manfred/M -Manhattan/SM -Mani/M -Manichean/M -Manila/SM -Manitoba/M -Manitoulin/M -Mankato/M -Manley/M -Mann/GM -Mannheim/M -Manning/M -Mansfield/M -Manson/M -Manteca/M -Mantegna/M -Mantle/M -Manuel/M -Manuela/M -Manx/M -Mao/M -Maoism/SM -Maoist/SM -Maori/MS -Mapplethorpe/M -Maputo/M -Mar/SM -Mara/M -Maracaibo/M -Marat/M -Maratha/M -Marathi/M -Marathon/M -Marc/M -Marceau/M -Marcel/M -Marcelino/M -Marcella/M -Marcelo/M -March/MS -Marci/M -Marcia/M -Marciano/M -Marcie/M -Marco/MS -Marconi/M -Marcos/M -Marcus/M -Marcuse -Marcy/M -Marduk/M -Margaret/M -Margarita/M -Margarito/M -Marge/M -Margery/M -Margie/M -Margo/M -Margot -Margret/M -Margrethe/M -Marguerite/M -Mari/SM -Maria/M -MariaDB/M -Marian/M -Mariana/SM -Marianas/M -Marianne/M -Mariano/M -Maribel/M -Maricela/M -Marie/M -Marietta/M -Marilyn/M -Marin/M -Marina/M -Marine/SM -Mario/M -Marion/M -Maris/M -Marisa/M -Marisol/M -Marissa/M -Maritain/M -Maritza/M -Mariupol -Marius/M -Marjorie/M -Marjory/M -Mark/SM -Markab/M -Markham/M -Markov/M -Marks/M -Marla/M -Marlboro/M -Marlborough/M -Marlene/M -Marley/M -Marlin/M -Marlon/M -Marlowe/M -Marmara/M -Marne/M -Maronite/M -Marple/M -Marquesas/M -Marquette/M -Marquez/M -Marquis/M -Marquita/M -Marrakesh/M -Marriott/M -Mars/MS -Marsala/M -Marseillaise/MS -Marseilles/M -Marsh/M -Marsha/M -Marshall/M -Marta/M -Martel/M -Martha/M -Martial/M -Martian/SM -Martin/M -Martina/M -Martinez/M -Martinique/M -Marty/M -Marva/M -Marvell/M -Marvin/M -Marx/M -Marxian -Marxism/SM -Marxist/SM -Mary/M -Maryann/M -Maryanne/M -Maryellen/M -Maryland/MR -Marylander/M -Marylou/M -Marysville/M -Masada/M -Masai/M -Masaryk/M -Mascagni/M -Masefield/M -Maserati/M -Maseru/M -Mashhad/M -Mason/MS -Masonic/M -Masonite/M -Mass/MS -Massachusetts/M -Massasoit/M -Massenet/M -Massey/M -Master/S -MasterCard/M -Masters/M -Mather/M -Matheson/M -Mathew/SM -Mathews/M -Mathewson/M -Mathias/M -Mathis/M -Matilda/M -Matisse/M -Matlab/M -Matt/M -Mattel/M -Matterhorn/M -Matthew/SM -Matthews/M -Matthias/M -Mattie/M -Maud/M -Maude/M -Maugham/M -Maui/M -Mauldin/M -Maupassant/M -Maura/M -Maureen/M -Mauriac/M -Maurice/M -Mauricio/M -Maurine/M -Mauritania/M -Mauritanian/SM -Mauritian/SM -Mauritius/M -Mauro/M -Maurois/M -Mauryan/M -Mauser/M -Mavis/M -Max/M -Maximilian/M -Maxine/M -Maxwell/M -May/SMR -Maya/SM -Mayan/MS -Mayer/M -Mayfair/M -Mayflower/M -Maynard/M -Mayo/M -Maypole -Mayra/M -Mays/M -Maytag/M -Mazama/M -Mazarin/M -Mazatlan/M -Mazda/M -Mazola/M -Mazzini/M -Mb/M -Mbabane/M -Mbini/M -McAdam/M -McAllen/M -McBride/M -McCain/M -McCall/M -McCarthy/M -McCarthyism/M -McCartney/M -McCarty/M -McClain/M -McClellan/M -McClure/M -McConnell/M -McCormick/M -McCoy/M -McCray/M -McCullough/M -McDaniel/M -McDonald/M -McDonnell/M -McDowell/M -McEnroe/M -McFadden/M -McFarland/M -McGee/M -McGovern/M -McGowan/M -McGuffey/M -McGuire/M -McHenry/M -McIntosh/M -McIntyre/M -McJob -McKay/M -McKee/M -McKenzie/M -McKinley/M -McKinney/M -McKnight/M -McLaughlin/M -McLean/M -McLeod/M -McLuhan/M -McMahon/M -McMillan/M -McNamara/M -McNaughton/M -McNeil/M -McPherson/M -McQueen/M -McVeigh/M -Md/M -Me -Mead/M -Meade/M -Meadows/M -Meagan/M -Meany/M -Mecca/MS -Medan/M -Medea/M -Medellin/M -Medford/M -Media/M -Medicaid/SM -Medicare/SM -Medici/M -Medina/M -Mediterranean/MS -Medusa/M -Meg/M -Megan/M -Meghan/M -Meier/M -Meighen/M -Meiji/M -Meir/M -Mejia/M -Mekong/M -Mel/M -Melanesia/M -Melanesian/M -Melanie/M -Melba/M -Melbourne/M -Melchior/M -Melchizedek/M -Melendez/M -Melinda/M -Melisa/M -Melisande/M -Melissa/M -Mellon/M -Melody/M -Melpomene/M -Melton/M -Melva/M -Melville/M -Melvin/M -Memcached/M -Memling/M -Memphis/M -Menander/M -Mencius/M -Mencken/M -Mendel/M -Mendeleev/M -Mendelian/M -Mendelssohn/M -Mendez/M -Mendocino/M -Mendoza/M -Menelaus/M -Menelik/M -Menes/M -Mengzi -Menifee/M -Menkalinan/M -Menkar/M -Menkent/M -Mennen/M -Mennonite/MS -Menominee/M -Menotti/M -Mensa/M -Mentholatum/M -Menuhin/M -Menzies/M -Mephisto -Mephistopheles/M -Merak/M -Mercado/M -Mercator/M -Merced/M -Mercedes/M -Mercer/M -Mercia/M -Merck/M -Mercurochrome/M -Mercury/SM -Meredith/M -Merino/M -Merle/M -Merlin/M -Merlot/M -Merovingian/M -Merriam/M -Merrick/M -Merrill/M -Merrimack/M -Merritt/M -Merthiolate/M -Merton/M -Mervin/M -Mesa/M -Mesabi/M -Mesmer/M -Mesolithic/M -Mesopotamia/M -Mesopotamian -Mesozoic/M -Messerschmidt/M -Messiaen/M -Messiah/M -Messiahs -Messianic -Messieurs -Metallica/M -Metamucil/M -Methodism/SM -Methodist/SM -Methuselah/M -Metternich/M -Meuse/M -Mex -Mexicali/M -Mexican/MS -Mexico/M -Meyer/MS -Meyerbeer/M -Meyers/M -Mfume/M -Mg/M -Mgr -MiG/M -Mia/M -Miami/MS -Miaplacidus/M -Micah/M -Micawber/M -Mich/M -Michael/M -Michaelmas/MS -Micheal/M -Michel/M -Michelangelo/M -Michele/M -Michelin/M -Michelle/M -Michelob/M -Michelson/M -Michigan/M -Michigander/MS -Michiganite -Mick/M -Mickey/M -Mickie/M -Micky/M -Micmac/SM -Micronesia/M -Micronesian/M -Microsoft/M -Midas/M -Middleton/M -Middletown/M -Mideast -Mideastern -Midland/MS -Midway/M -Midwest/M -Midwestern/MR -Miguel/M -Mike/M -Mikhail/M -Mikoyan/M -Milagros/M -Milan/M -Milanese -Mildred/M -Miles/M -Milford/M -Milken/M -Mill/SMR -Millard/M -Millay/M -Miller/M -Millet/M -Millicent/M -Millie/M -Millikan/M -Mills/M -Milne/M -Milo/M -Milosevic/M -Milquetoast/M -Miltiades/M -Milton/M -Miltonian -Miltonic/M -Miltown/M -Milwaukee/M -Mimi/M -Mimosa/M -Min/M -Minamoto/M -Mindanao/M -Mindoro/M -Mindy/M -Minerva/M -Ming/M -Mingus/M -Minn -Minneapolis/M -Minnelli/M -Minnesota/M -Minnesotan/SM -Minnie/M -Minoan/MS -Minolta/M -Minos/M -Minot/M -Minotaur/M -Minsk/M -Minsky/M -Mintaka/M -Minuit/M -Minuteman/M -Miocene/M -Mir/M -Mira/M -Mirabeau/M -Mirach/M -Miranda/M -Mirfak/M -Miriam/M -Miro/M -Mirzam/M -Miskito/M -Miss -Mississauga/M -Mississippi/M -Mississippian/SM -Missoula/M -Missouri/M -Missourian/MS -Missy/M -Mistassini/M -Mister -Mistress -Misty/M -Mitch/M -Mitchel/M -Mitchell/M -Mitford/M -Mithra/M -Mithridates/M -Mitsubishi/M -Mitterrand/M -Mitty/M -Mitzi/M -Mixtec/M -Mizar/M -Mk -Mlle -Mme/S -Mn/M -Mnemosyne/M -Mo/M -Mobil/M -Mobile/M -Mobutu/M -Modesto/M -Modigliani/M -Moe/M -Moet/M -Mogadishu/M -Mogul/MS -Mohacs/M -Mohamed/M -Mohammad/M -Mohammedan/SM -Mohammedanism/SM -Mohave/SM -Mohawk/SM -Mohegan -Moho/M -Mohorovicic/M -Moira/M -Moises/M -Moiseyev/M -Mojave/SM -Moldavia/M -Moldavian -Moldova/M -Moldovan -Moliere/M -Molina/M -Moll/M -Mollie/M -Molly/M -Molnar/M -Moloch/M -Molokai/M -Molotov/M -Moluccas/M -Mombasa/M -Mon/SM -Mona/M -Monacan -Monaco/M -Mondale/M -Monday/SM -Mondrian/M -Monegasque/SM -Monera/M -Monessen/M -Monet/M -MongoDB/M -Mongol/SM -Mongolia/M -Mongolian/SM -Mongolic/M -Mongoloid -Monica/M -Monique/M -Monk/M -Monmouth/M -Monongahela/M -Monroe/M -Monrovia/M -Monsanto/M -Monsieur/M -Monsignor/SM -Mont/M -Montague/M -Montaigne/M -Montana/M -Montanan/SM -Montcalm/M -Monte/M -Montenegrin/M -Montenegro/M -Monterey/M -Monterrey/M -Montesquieu/M -Montessori/M -Monteverdi/M -Montevideo/M -Montezuma/M -Montgolfier/M -Montgomery/M -Monticello/M -Montoya/M -Montpelier/M -Montrachet/M -Montreal/M -Montserrat/M -Monty/M -Moody/M -Moog/M -Moon/M -Mooney/M -Moor/SM -Moore/M -Moorish/M -Morales/M -Moran/M -Moravia/M -Moravian/M -Mordred/M -More/M -Moreno/M -Morgan/SM -Morgantown/M -Moriarty/M -Morin/M -Morison/M -Morita/M -Morley/M -Mormon/SM -Mormonism/SM -Moro/M -Moroccan/SM -Morocco/M -Moroni/M -Morpheus/M -Morphy/M -Morris/M -Morrison/M -Morristown/M -Morrow/M -Morse/M -Mort/M -Mortimer/M -Morton/M -Mosaic/M -Moscow/M -Moseley/M -Moselle/M -Moses/M -Mosley/M -Moss/M -Mosul/M -Motorola/M -Motown/M -Motrin/M -Mott/M -Moulton/M -Mount/M -Mountbatten/M -Mountie/MS -Moussorgsky/M -Mouthe/M -Mouton/M -Mowgli/M -Mozambican/SM -Mozambique/M -Mozart/M -Mozilla/M -Mr/SM -Ms/S -Msgr -Mt -Muawiya/M -Mubarak/M -Mueller/M -Muenster/MS -Mugabe/M -Muhammad/M -Muhammadan/MS -Muhammadanism/SM -Muir/M -Mujib/M -Mulder/M -Mullen/M -Muller/M -Mulligan/M -Mullikan/M -Mullins/M -Mulroney/M -Multan/M -Multics -Mumbai/M -Mumford/M -Munch/M -Munchhausen/M -Muncie/M -Munich/M -Munoz/M -Munro/M -Munster/M -Muppet/M -Murasaki/M -Murat/M -Murchison/M -Murcia -Murdoch/M -Murfreesboro/M -Muriel/M -Murillo/M -Murine/M -Murmansk/M -Murphy/M -Murray/M -Murrieta/M -Murrow/M -Murrumbidgee/M -Muscat/M -Muscovite/M -Muscovy/M -Muse/M -Musharraf/M -Musial/M -Muskegon/M -Muskogee/M -Muslim/MS -Mussolini/M -Mussorgsky/M -Mutsuhito/M -Muzak/M -MySQL/M -MySpace/M -Myanmar/M -Mycenae/M -Mycenaean/M -Myers/M -Mylar/MS -Myles/M -Myra/M -Myrdal/M -Myrna/M -Myron/M -Myrtle/M -Mysore/M -Myst/M -N'Djamena -N/MD -NAACP/M -NAFTA/M -NASA/M -NASCAR/M -NASDAQ/M -NATO/M -NB -NBA/M -NBC/M -NBS -NC -NCAA/M -NCO -ND -NE/M -NEH -NF -NFC -NFL/M -NH -NHL/M -NIH -NIMBY -NJ -NLRB -NM -NORAD/M -NOW -NP -NPR/M -NR -NRA -NRC -NS -NSA/M -NSC -NSF -NSFW -NT -NV -NVIDIA/M -NW/M -NWT -NY -NYC -NYSE -NZ -Na/M -Nabisco/M -Nabokov/M -Nader/M -Nadia/M -Nadine/M -Nagasaki/M -Nagoya/M -Nagpur/M -Nagy/M -Nahuatl/MS -Nahum/M -Naipaul/M -Nair/M -Nairobi/M -Naismith/M -Nam/M -Namath/M -Namibia/M -Namibian/MS -Nampa/M -Nan/M -Nanak/M -Nanchang/M -Nancy/M -Nanette/M -Nanjing/M -Nannie/M -Nanook/M -Nansen/M -Nantes/M -Nantucket/M -Naomi/M -Napa/M -Naphtali/M -Napier/M -Naples/M -Napoleon/MS -Napoleonic/M -Napster/M -Narcissus/M -Narmada/M -Narnia/M -Narraganset -Narragansett/M -Nash/M -Nashua/M -Nashville/M -Nassau/M -Nasser/M -Nat/M -Natalia/M -Natalie/M -Natasha/M -Natchez/M -Nate/MN -Nathan/SM -Nathaniel/M -Nathans/M -Nation/M -Nationwide/M -Nativity/M -Naugahyde/M -Nauru/M -Nautilus/M -Navajo/SM -Navajoes -Navarre/M -Navarro/M -Navratilova/M -Navy -Nazarene/M -Nazareth/M -Nazca/M -Nazi/SM -Nazism/MS -Nb/M -Nd/M -Ndjamena/M -Ne/M -NeWS -NeWSes -Neal/M -Neanderthal/SM -Neapolitan/M -Neb -Nebr -Nebraska/M -Nebraskan/MS -Nebuchadnezzar/M -Ned/M -Nefertiti/M -Negev/M -Negress/MS -Negritude -Negro/MS -Negroes -Negroid/SM -Negros/M -Nehemiah/M -Nehru/M -Neil/M -Nelda/M -Nell/M -Nellie/M -Nelly/M -Nelsen/M -Nelson/M -Nembutal/M -Nemesis/M -Neo/M -Neogene/M -Neolithic -Nepal/M -Nepalese/M -Nepali/MS -Neptune/M -Nereid/M -Nerf/M -Nero/M -Neruda/M -Nescafe/M -Nesselrode/M -Nestle/M -Nestor/M -Nestorius/M -Netflix/M -Netherlander/SM -Netherlands/M -Netscape/M -Nettie/M -Netzahualcoyotl/M -Nev/M -Neva/M -Nevada/M -Nevadan/SM -Nevadian -Nevis/M -Nevsky/M -Newark/M -Newburgh/M -Newcastle/M -Newfoundland/MRS -Newman/M -Newport/M -Newsweek/M -Newton/M -Newtonian/M -Nexis/M -Ngaliema/M -Nguyen/M -Ni/M -Niagara/M -Niamey/M -Nibelung/M -Nicaea/M -Nicaragua/M -Nicaraguan/SM -Niccolo/M -Nice/M -Nicene/M -Nichiren/M -Nicholas/M -Nichole/M -Nichols/M -Nicholson/M -Nick/M -Nickelodeon/M -Nicklaus/M -Nickolas/M -Nicobar/M -Nicodemus/M -Nicola/SM -Nicolas/M -Nicole/M -Nicosia/M -Niebuhr/M -Nielsen/M -Nietzsche/M -Nieves/M -Nigel/M -Niger/M -Nigeria/M -Nigerian/MS -Nigerien/M -Nightingale/M -Nijinsky/M -Nike/M -Nikita/M -Nikkei/M -Nikki/M -Nikolai/M -Nikon/M -Nile/M -Nimitz/M -Nimrod/M -Nina/M -Nineveh/M -Nintendo/M -Niobe/M -Nippon/M -Nipponese/M -Nirenberg/M -Nirvana/M -Nisan/M -Nisei/M -Nissan/M -Nita/M -Nivea/M -Nixon/M -Nkrumah/M -No/SM -NoDoz/M -Noah/M -Nobel/M -Nobelist/MS -Noble/M -Noe/M -Noel/SM -Noelle/M -Noemi/M -Nokia/M -Nola/M -Nolan/M -Nome/M -Nona/M -Nootka/M -Nora/M -Norbert/M -Norberto/M -Nordic/MS -Noreen/M -Norfolk/M -Noriega/M -Norma/M -Normal/M -Norman/MS -Normand/M -Normandy/M -Norplant/M -Norris/M -Norse/M -Norseman/M -Norsemen/M -North/M -Northampton/M -Northeast/MS -Northerner/M -Northrop/M -Northrup/M -Norths -Northwest/SM -Norton/M -Norw -Norway/M -Norwegian/SM -Norwich/M -Nosferatu/M -Nostradamus/M -Nottingham/M -Nouakchott/M -Noumea/M -Nov/M -Nova/M -Novartis/M -November/MS -Novgorod/M -Novocain/MS -Novocaine -Novokuznetsk/M -Novosibirsk/M -Noxzema/M -Noyce/M -Noyes/M -Np/M -Nubia/M -Nubian/M -Nukualofa/M -Numbers/M -Nunavut/M -Nunez/M -Nunki/M -Nuremberg/M -Nureyev/M -NutraSweet/M -NyQuil/M -Nyasa/M -Nyerere/M -O'Brien/M -O'Casey/M -O'Connell/M -O'Connor/M -O'Donnell/M -O'Hara/M -O'Higgins/M -O'Keeffe/M -O'Neil/M -O'Neill/M -O'Rourke/M -O'Toole/M -O/SM -OAS/M -OB -OCR -OD/SM -OE -OED -OH -OHSA/M -OJ -OK/SMDG -OMB/M -ON -OPEC/M -OR -OS/M -OSHA/M -OSes -OT -OTB -OTC -OTOH -Oahu/M -Oakland/M -Oakley/M -Oates/M -Oaxaca/M -Ob/M -Obadiah/M -Obama/M -Obamacare -Oberlin/M -Oberon/M -Ocala/M -Ocaml/M -Occam/M -Occident -Occidental/MS -Oceania/M -Oceanside -Oceanus/M -Ochoa/M -Oct/M -Octavia/M -Octavian/M -Octavio/M -October/SM -Odell/M -Oder/M -Odessa/M -Odets/M -Odin/M -Odis/M -Odom/M -Odysseus/M -Odyssey/M -Oedipal/M -Oedipus/M -Oersted/M -Ofelia/M -Offenbach/M -OfficeMax/M -Ogbomosho/M -Ogden/M -Ogilvy/M -Oglethorpe/M -Ohio/M -Ohioan/SM -Oise/M -Ojibwa/SM -Okayama -Okeechobee/M -Okefenokee/M -Okhotsk/M -Okinawa/M -Okinawan -Okla -Oklahoma/M -Oklahoman/M -Oktoberfest/M -Ola/M -Olaf/M -Olajuwon/M -Olav/M -Oldenburg/M -Oldfield/M -Oldsmobile/M -Olduvai/M -Olen/M -Olenek/M -Olga/M -Oligocene/M -Olin/M -Olive/MR -Oliver/M -Olivetti/M -Olivia/M -Olivier/M -Ollie/M -Olmec/M -Olmsted/M -Olsen/M -Olson/M -Olympia/SM -Olympiad/MS -Olympian/MS -Olympic/SM -Olympics/M -Olympus/M -Omaha/MS -Oman/M -Omani/MS -Omar/M -Omayyad/M -Omdurman/M -Omnipotent -Omsk/M -Onassis/M -Oneal/M -Onega/M -Onegin/M -Oneida/MS -Onion/M -Ono/M -Onondaga/MS -Onsager/M -Ont -Ontarian -Ontario/M -Oort/M -Opal/M -Opel/M -OpenOffice/M -Ophelia/M -Ophiuchus/M -Oppenheimer/M -Opposition -Oprah/M -Ora/M -Oracle/M -Oran/M -Orange/M -Oranjestad/M -Orbison/M -Ordovician/M -Ore/N -Oreg -Oregon/M -Oregonian/SM -Orem/M -Oreo/M -Orestes/M -Orient/M -Oriental/MS -Orientalism -Orin/M -Orinoco/M -Orion/M -Oriya/M -Orizaba/M -Orkney/M -Orlando/M -Orleans/M -Orlon/MS -Orly/M -Orpheus/M -Orphic/M -Orr/M -Ortega/M -Orthodox -Ortiz/M -Orval/M -Orville/M -Orwell/M -Orwellian/M -Os/M -Osage/MS -Osaka/M -Osbert/M -Osborn/M -Osborne/M -Oscar/MS -Osceola/M -Osgood/M -Oshawa/M -Oshkosh/M -Osiris/M -Oslo/M -Osman/M -Ostrogoth/M -Ostwald/M -Osvaldo/M -Oswald/M -Othello/M -Otis/M -Ottawa/SM -Otto/M -Ottoman/M -Ouagadougou/M -Ouija/MS -Ovid/M -Owen/SM -Owens/M -Owensboro/M -Oxford/SM -Oxnard/M -Oxonian/M -Oxus/M -Oxycontin/M -Oz/M -Ozark/MS -Ozarks/M -Ozymandias/M -Ozzie/M -P/MN -PA/M -PAC/M -PARC/S -PASCAL -PBS/M -PBX -PC/SM -PCB -PCMCIA -PCP/M -PD -PDF -PDQ -PDT -PE -PET/M -PFC -PG -PGP -PHP/M -PIN -PJ's -PLO/M -PM/SMDG -PMS/M -PO -POW/M -PP -PPS -PR -PRC/M -PRO -PS/M -PST/M -PT -PTA/M -PTO -PVC/M -PW -PX -Pa/M -Paar/M -Pablo/M -Pablum/M -Pabst/M -Pace/M -Pacheco/M -Pacific/M -Pacino/M -Packard/M -Padang -Paderewski/M -Padilla/M -Paganini/M -Page/M -Paglia/M -Pahlavi/M -Paige/M -Paine/M -Paiute/SM -Pakistan/M -Pakistani/SM -Palembang/M -Paleocene/M -Paleogene/M -Paleolithic/M -Paleozoic/M -Palermo/M -Palestine/M -Palestinian/SM -Palestrina/M -Paley/M -Palikir/M -Palisades/M -Palladio/M -Palmdale/M -Palmer/M -Palmerston/M -Palmolive/M -Palmyra/M -Palomar/M -Pam/M -Pamela/M -Pamirs/M -Pampers/M -Pan/M -Panama/SM -Panamanian/MS -Panasonic/M -Pandora/M -Pangaea/M -Pankhurst/M -Panmunjom/M -Pansy/M -Pantagruel/M -Pantaloon/M -Pantheon/M -Panza/M -Paracelsus/M -Paraclete/M -Paradise -Paraguay/M -Paraguayan/MS -Paralympic/S -Paramaribo/M -Paramount/M -Parana/M -Parcheesi/M -Pareto/M -Paris/M -Parisian/MS -Park/SMR -Parker/M -Parkersburg/M -Parkinson/M -Parkinsonism -Parkman/M -Parks/M -Parliament/M -Parmenides -Parmesan/MS -Parnassus/MS -Parnell/M -Parr/M -Parrish/M -Parsifal/M -Parsons/M -Parthenon/M -Parthia/M -Pasadena/M -Pascagoula/M -Pascal/SM -Pasco/M -Pasquale/M -Passion/SM -Passover/MS -Pasternak/M -Pasteur/M -Pat/M -Patagonia/M -Patagonian/M -Pate/M -Patel/M -Paterson/M -Patna/M -Patrica/M -Patrice/M -Patricia/M -Patrick/M -Patsy/M -Patterson/M -Patti/M -Patton/M -Patty/M -Paul/GM -Paula/M -Paulette/M -Pauli/M -Pauline/M -Pauling/M -Pavarotti/M -Pavlov/M -Pavlova/M -Pavlovian/M -Pawnee/SM -PayPal/M -Payne/M -Pb/M -Pd/M -Peabody/M -Peace/M -Peale/M -Pearl/M -Pearlie/M -Pearson/M -Peary/M -Pechora/M -Peck/M -Peckinpah/M -Pecos/M -Pedro/M -Peel/M -Peg/M -Pegasus/MS -Peggy/M -Pei/M -Peiping/M -Peking/SM -Pekingese/SM -Pele/M -Pelee/M -Peloponnese/M -Pembroke/M -Pen/M -Pena/M -Penderecki/M -Penelope/M -Penn/M -Penna -Penney/M -Pennington/M -Pennsylvania/M -Pennsylvanian/MS -Penny/M -Pennzoil/M -Pensacola/M -Pentagon/M -Pentateuch/M -Pentax/M -Pentecost/SM -Pentecostal/MS -Pentecostalism -Pentium/SM -Peoria/M -Pepin/M -Pepsi/M -Pepys/M -Pequot/M -Percheron/M -Percival/M -Percy/M -Perelman/M -Perez/M -Periclean/M -Pericles/M -Perkins/M -Perl/SM -Perm/M -Permalloy/M -Permian/M -Pernod/M -Peron/M -Perot/M -Perrier/M -Perry/RM -Perseid/M -Persephone/M -Persepolis/M -Perseus/M -Pershing/M -Persia/M -Persian/SM -Perth/M -Peru/M -Peruvian/MS -Peshawar/M -Petain/M -Petaluma/M -Pete/RMZ -Peter/M -Peters/MN -Petersen/M -Peterson/M -Petra/M -Petrarch/M -Petty/M -Peugeot/M -Pfc -Pfizer/M -PhD/M -Phaedra/M -Phaethon/M -Phanerozoic/M -Pharaoh/M -Pharaohs -Pharisaic -Pharisaical -Pharisee/MS -Phekda/M -Phelps/M -Phidias/M -Phil/MY -Philadelphia/M -Philby/M -Philemon/M -Philip/MS -Philippe/M -Philippians/M -Philippine/SM -Philippines/M -Philips/M -Philistine/M -Phillip/SM -Phillipa/M -Phillips/M -Philly/M -Phipps/M -Phobos/M -Phoebe/M -Phoenicia/M -Phoenician/SM -Phoenix/M -Photostat/MS -Photostatted -Photostatting -Phrygia/M -Phyllis/M -Piaf/M -Piaget/M -Pianola/M -Picasso/M -Piccadilly/M -Pickering/M -Pickett/M -Pickford/M -Pickwick/M -Pict/M -Piedmont/M -Pierce/M -Pierre/M -Pierrot/M -Pike/M -Pilate/MS -Pilates/M -Pilcomayo/M -Pilgrim/SM -Pillsbury/M -Pinatubo/M -Pincus/M -Pindar/M -Pinkerton/M -Pinocchio/M -Pinochet/M -Pinter/M -Pinyin -Pippin/M -Piraeus/M -Pirandello/M -Pisa/M -Pisces/M -Pisistratus/M -Pissaro/M -Pitcairn/M -Pitt/SM -Pittman/M -Pitts/M -Pittsburgh/M -Pittsfield/M -Pius/M -Pizarro/M -Pkwy -Pl -Planck/M -Plano -Plantagenet/M -Plasticine/M -Plataea/M -Plath/M -Plato/M -Platonic -Platonism/M -Platonist/M -Platte/M -Plautus/M -PlayStation/M -Playboy/M -Playtex/M -Pleiades/M -Pleistocene/M -Plexiglas/MS -Pliny/M -Pliocene/SM -Plutarch/M -Pluto/M -Plymouth/M -Pm/M -Po/M -Pocahontas/M -Pocatello/M -Pocono/SM -Poconos/M -Podgorica/M -Podhoretz/M -Podunk/M -Poe/M -Pogo/M -Poincare/M -Poiret/M -Poirot/M -Poisson/M -Poitier/M -Pokemon/M -Pol/MY -Poland/M -Polanski/M -Polaris/M -Polaroid/MS -Pole/SM -Polish/M -Politburo/M -Polk/M -Pollard/M -Pollock/M -Pollux/M -Polly/M -Pollyanna/M -Polo/M -Poltava/M -Polyhymnia/M -Polynesia/M -Polynesian/MS -Polyphemus/M -Pomerania/M -Pomeranian/M -Pomona/M -Pompadour/M -Pompeian -Pompeii/M -Pompey/M -Ponce/M -Pontchartrain/M -Pontiac/M -Pontianak/M -Pooh/M -Poole/M -Poona/M -Pope/M -Popeye/M -Popocatepetl/M -Popper/M -Poppins/M -Popsicle/M -Porfirio/M -Porrima/M -Porsche/M -Port/MR -Porter/M -Porterville/M -Portia/M -Portland/M -Porto/M -Portsmouth/M -Portugal/M -Portuguese/M -Poseidon/M -Post/M -PostgreSQL/M -Potemkin/M -Potomac/M -Potsdam/M -Pottawatomie/M -Potter/M -Potts/M -Pottstown/M -Poughkeepsie/M -Pound/M -Poussin/M -Powell/M -PowerPC/M -PowerPoint/M -Powers/M -Powhatan/M -Poznan/M -Pr/M -Prada/M -Prado/M -Praetorian/M -Prague/M -Praia/M -Prakrit/M -Pratchett/M -Pratt/M -Pravda/M -Praxiteles/M -Preakness/M -Precambrian/M -Preminger/M -Premyslid/M -Prensa/M -Prentice/M -Pres -Presbyterian/SM -Presbyterianism/MS -Prescott/M -Presley/M -Preston/M -Pretoria/M -Priam/M -Pribilof/M -Price/M -Priceline/M -Priestley/M -Prince/M -Princeton/M -Principe/M -Priscilla/M -Prius/M -Private -Procrustean/M -Procrustes/M -Procter/M -Procyon/M -Prof -Prohibition -Prokofiev/M -Promethean/M -Prometheus/M -Prophets -Proserpina/M -Proserpine/M -Protagoras/M -Proterozoic/M -Protestant/MS -Protestantism/SM -Proteus/M -Proudhon/M -Proust/M -Provencal/MS -Provence/M -Proverbs -Providence/SM -Provo/M -Prozac/MS -Prudence/M -Prudential/M -Pruitt/M -Prussia/M -Prussian/MS -Prut/M -Pryor/M -Psalms/M -Psalter/MS -Psyche/M -Pt/M -Ptah/M -Ptolemaic/M -Ptolemy/SM -Pu/M -Puccini/M -Puck/M -Puckett/M -Puebla/M -Pueblo/M -Puerto -Puget/M -Pugh/M -Pulaski/M -Pulitzer/M -Pullman/MS -Punch/M -Punic/M -Punjab/M -Punjabi/M -Purana/M -Purcell/M -Purdue/M -Purim/MS -Purina/M -Puritan/M -Puritanism/MS -Purus/M -Pusan/M -Pusey/M -Pushkin/M -Pushtu/M -Putin/M -Putnam/M -Puzo/M -Pvt -PyTorch/M -Pygmalion/M -Pygmy/SM -Pyle/M -Pym/M -Pynchon/M -Pyongyang/M -Pyotr/M -Pyrenees/M -Pyrex/MS -Pyrrhic/M -Pythagoras/M -Pythagorean/M -Pythias/M -Python/M -Q -QA -QB -QC -QED -QM -QWERTY -Qaddafi/M -Qantas/M -Qatar/M -Qatari/MS -Qingdao/M -Qinghai/M -Qiqihar/M -Qom/M -Quaalude/M -Quaker/MS -Quakerism/SM -Qualcomm/M -Quaoar/M -Quasimodo/M -Quaternary/M -Quayle/M -Que -Quebec/M -Quebecois/M -Quechua/M -Queen/MS -Queens/M -Queensland/M -Quentin/M -Quetzalcoatl/M -Quezon/M -Quincy/M -Quinn/M -Quintilian/M -Quinton/M -Quirinal/M -Quisling/M -Quito/M -Quixote/M -Quixotism/M -Qumran/M -Quonset/M -Quran -Quranic -R/M -RAF/M -RAM/SM -RBI -RC -RCA/M -RCMP -RD -RDA -RDS/M -REIT -REM/SM -RF -RFC/S -RFD -RI -RIF -RIP -RISC -RN/M -RNA/M -ROFL -ROM/M -ROTC/M -RP -RR -RSFSR -RSI -RSV -RSVP -RTFM -RV/SM -Ra/M -Rabat/M -Rabelais/M -Rabelaisian/M -Rabin/M -Rachael/M -Rachel/M -Rachelle/M -Rachmaninoff/M -Racine/M -Radcliff/M -Radcliffe/M -Rae/M -Rafael/M -Raffles/M -Ragnarok/M -Rainier/M -Raleigh/M -Ralph/M -Rama/M -Ramada/M -Ramadan/MS -Ramakrishna/M -Ramanujan/M -Ramayana/M -Rambo/M -Ramirez/M -Ramiro/M -Ramon/M -Ramona/M -Ramos/M -Ramsay/M -Ramses/M -Ramsey/M -Rand/M -Randal/M -Randall/M -Randell/M -Randi/M -Randolph/M -Randy/M -Rangoon/M -Rankin/M -Rankine/M -Raoul/M -Raphael/M -Rappaport/M -Rapunzel/M -Raquel/M -Rasalgethi/M -Rasalhague/M -Rasmussen/M -Rasputin/M -Rasta -Rastaban/M -Rastafarian/MS -Rastafarianism -Rather/M -Ratliff/M -Raul/M -Ravel/M -Rawalpindi/M -Ray/M -RayBan/M -Rayburn/M -Rayleigh/M -Raymond/M -Raymundo/M -Rb/M -Rd -Re/M -Reading/M -Reagan/M -Reaganomics/M -Realtor/M -Reasoner/M -Reba/M -Rebekah/M -Recife/M -Reconstruction/M -Redding/M -Redeemer/M -Redford/M -Redgrave/M -Redis/M -Redmond/M -Redshift/M -Reebok/M -Reed/M -Reese/M -Reeves/M -Reformation/MS -Refugio/M -Reggie/M -Regina/M -Reginae/M -Reginald/M -Regor/M -Regulus/M -Rehnquist/M -Reich/M -Reichstag's -Reid/M -Reilly/M -Reinaldo/M -Reinhardt/M -Reinhold/M -Remarque/M -Rembrandt/M -Remington/M -Remus/M -Rena/M -Renaissance/SM -Renascence -Renault/M -Rene/M -Renee/M -Reno/M -Renoir/M -Rep -Representative -Republican/SM -Republicanism -Requiem/MS -Resistance -Restoration/M -Resurrection -Reuben/M -Reunion/M -Reuters/M -Reuther/M -Rev -Reva/M -Revelation/SM -Revelations/M -Revere/M -Reverend/M -Revlon/M -Rex/M -Reyes/M -Reykjavik/M -Reyna/M -Reynaldo/M -Reynolds/M -Rf/M -Rh/M -Rhea/M -Rhee/M -Rheingau/M -Rhenish/M -Rhiannon/M -Rhine/M -Rhineland/M -Rhoda/M -Rhode/S -Rhodes/M -Rhodesia/M -Rhodesian -Rhonda/M -Rhone/M -Ribbentrop/M -Ricardo/M -Rice/M -Rich/M -Richard/MS -Richards/M -Richardson/M -Richelieu/M -Richie/M -Richmond/M -Richter/M -Richthofen/M -Rick/M -Rickenbacker/M -Rickey/M -Rickie/M -Rickover/M -Ricky/M -Rico/M -Riddle/M -Ride/M -Riefenstahl/M -Riel/M -Riemann/M -Riesling/MS -Riga/M -Rigel/M -Riggs/M -Right -Rigoberto/M -Rigoletto/M -Riley/M -Rilke/M -Rimbaud/M -Ringling/M -Ringo/M -Rio/SM -Rios/M -Ripley/M -Risorgimento/M -Rita/M -Ritalin/M -Ritz/M -Rivas/M -Rivera/M -Rivers/M -Riverside/M -Riviera/MS -Riyadh/M -Rizal/M -Rn/M -Roach/M -Roanoke/M -Rob/M -Robbie/M -Robbin/MS -Robbins/M -Robby/M -Roberson/M -Robert/MS -Roberta/M -Roberto/M -Roberts/M -Robertson/M -Robeson/M -Robespierre/M -Robin/M -Robinson/M -Robitussin/M -Robles/M -Robson/M -Robt/M -Robyn/M -Rocco/M -Rocha/M -Rochambeau/M -Roche/M -Rochelle/M -Rochester/M -Rock/M -Rockefeller/M -Rockford/M -Rockies/M -Rockne/M -Rockwell/M -Rocky/SM -Rod/M -Roddenberry/M -Roderick/M -Rodger/MS -Rodgers/M -Rodin/M -Rodney/M -Rodolfo/M -Rodrick/M -Rodrigo/M -Rodriguez/M -Rodriquez/M -Roeg/M -Roentgen -Rogelio/M -Roger/MS -Rogers/M -Roget/M -Rojas/M -Roku/M -Rolaids/M -Roland/M -Rolando/M -Rolex/M -Rolland/M -Rollerblade/M -Rollins/M -Rolodex/M -Rolvaag/M -Rom -Roman/MS -Romanesque/MS -Romania/M -Romanian/MS -Romano/M -Romanov/M -Romans/M -Romansh/M -Romanticism -Romany/SM -Rome/SM -Romeo/M -Romero/M -Rommel/M -Romney/M -Romulus/M -Ron/M -Ronald/M -Ronda/M -Ronnie/M -Ronny/M -Ronstadt/M -Rontgen -Rooney/M -Roosevelt/M -Root/M -Roquefort/SM -Rorschach/M -Rory/M -Rosa/M -Rosales/M -Rosalie/M -Rosalind/M -Rosalinda/M -Rosalyn/M -Rosanna/M -Rosanne/M -Rosario/M -Roscoe/M -Rose/M -Roseann/M -Roseau/M -Rosecrans/M -Rosella/M -Rosemarie/M -Rosemary/M -Rosenberg/M -Rosendo/M -Rosenzweig/M -Rosetta/M -Rosicrucian/M -Rosie/M -Roslyn/M -Ross/M -Rossetti/M -Rossini/M -Rostand/M -Rostov/M -Rostropovich/M -Roswell/M -Rotarian/M -Roth/M -Rothko/M -Rothschild/M -Rotterdam/M -Rottweiler/M -Rouault/M -Rourke/M -Rousseau/M -Rove/RM -Rover/M -Rowe/M -Rowena/M -Rowland/M -Rowling/M -Roxanne/M -Roxie/M -Roxy/M -Roy/M -Royal/M -Royce/M -Rozelle/M -Rte -Ru/MH -Rubaiyat/M -Rubbermaid/M -Ruben/SM -Rubens/M -Rubicon/MS -Rubik/M -Rubin/M -Rubinstein/M -Ruby/M -Ruchbah/M -Rudolf/M -Rudolph/M -Rudy/M -Rudyard/M -Rufus/M -Ruhr/M -Ruiz/M -Rukeyser/M -Rumpelstiltskin/M -Rumsfeld/M -Runnymede/M -Runyon/M -Rupert/M -Rush/M -Rushdie/M -Rushmore/M -Ruskin/M -Russ/M -Russel/M -Russell/M -Russia/M -Russian/SM -Russo/M -Rustbelt/M -Rusty/M -Rutan/M -Rutgers/M -Ruth/M -Rutherford/M -Ruthie/M -Rutledge/M -Rwanda/MS -Rwandan/SM -Rwy -Rx -Ry -Ryan/M -Rydberg/M -Ryder/M -Ryukyu/M -S/MN -SA -SAC -SALT/M -SAM/M -SAP/M -SARS/M -SASE -SAT -SBA -SC/M -SCSI/M -SD -SDI -SE/M -SEATO -SEC/M -SF -SGML/M -SIDS/M -SJ -SJW -SK -SLR -SO/S -SOB/M -SOP/M -SOS/M -SOSes -SPCA -SPF -SQL -SQLite/M -SRO -SS -SSA -SSE/M -SSS -SST -SSW/M -ST -STD -STOL -SUSE/M -SUV -SVN/M -SW/M -SWAK -SWAT -Saab/M -Saar/M -Saarinen/M -Saatchi/M -Sabbath/M -Sabbaths -Sabik/M -Sabin/M -Sabina/M -Sabine/M -Sabre/M -Sabrina/M -Sacajawea/M -Sacco/M -Sachs/M -Sacramento/M -Sadat/M -Saddam/M -Sadducee/M -Sade/M -Sadie/M -Sadr/M -Safavid/M -Safeway/M -Sagan/M -Saginaw/M -Sagittarius/MS -Sahara/M -Saharan/M -Sahel/M -Saigon/M -Saiph/M -Sakai/M -Sakha/M -Sakhalin/M -Sakharov/M -Saki/M -Saks/M -Sal/MY -Saladin/M -Salado/M -Salamis/M -Salas/M -Salazar/M -Salem/M -Salerno/M -Salesforce/M -Salinas/M -Salinger/M -Salisbury/M -Salish/M -Salk/M -Sallie/M -Sallust/M -Sally/M -Salome/M -Salonika/M -Salton/M -Salvador/M -Salvadoran/SM -Salvadorean/MS -Salvadorian/MS -Salvatore/M -Salween/M -Salyut/M -Sam/M -Samantha/M -Samar/M -Samara/M -Samaritan/MS -Samarkand/M -Sammie/M -Sammy/M -Samoa/M -Samoan/SM -Samoset/M -Samoyed/M -Sampson/M -Samson/M -Samsonite/M -Samsung/M -Samuel/M -Samuelson/M -San'a -San/M -Sana/M -Sanchez/M -Sancho/M -Sand/ZM -Sandburg/M -Sanders/M -Sandinista/M -Sandoval/M -Sandra/M -Sandy/M -Sanford/M -Sanforized/M -Sang/MR -Sanger/M -Sanhedrin/M -Sanka/M -Sankara/M -Sanskrit/M -Santa/M -Santana/M -Santayana/M -Santeria/M -Santiago/M -Santos/M -Sappho/M -Sapporo/M -Sara/M -Saracen/MS -Saragossa/M -Sarah/M -Sarajevo/M -Saran/M -Sarasota/M -Saratov/M -Sarawak/M -Sardinia/M -Sargasso/M -Sargent/M -Sargon/M -Sarnoff/M -Saroyan/M -Sarto/M -Sartre/M -Sasha/M -Sask -Saskatchewan/M -Saskatoon/M -Sasquatch/MS -Sassanian/M -Sassoon/M -Sat/M -Satan/M -Satanism/M -Satanist/M -Saturday/MS -Saturn/M -Saturnalia/M -Saudi/MS -Saul/M -Saunders/M -Saundra/M -Saussure/M -Sauternes -Savage/M -Savannah/M -Savior/M -Savonarola/M -Savoy/M -Savoyard/M -Sawyer/M -Saxon/MS -Saxony/M -Sayers/M -Sb/M -Sc/M -Scala/M -Scan -Scandinavia/M -Scandinavian/MS -Scaramouch/M -Scarborough/M -Scarlatti/M -Scheat/M -Schedar/M -Scheherazade/M -Schelling/M -Schenectady/M -Schiaparelli/M -Schick/M -Schiller/M -Schindler/M -Schlesinger/M -Schliemann/M -Schlitz/M -Schloss/M -Schmidt/M -Schnabel/M -Schnauzer/M -Schneider/M -Schoenberg/M -Schopenhauer/M -Schrieffer/M -Schrodinger/M -Schroeder/M -Schubert/M -Schultz/M -Schulz/M -Schumann/M -Schumpeter/M -Schuyler/M -Schuylkill/M -Schwartz/M -Schwarzenegger/M -Schwarzkopf/M -Schweitzer/M -Schweppes/M -Schwinger/M -Schwinn/M -Scientologist/SM -Scientology/M -Scipio/M -Scopes/M -Scorpio/SM -Scorpius/M -Scorsese/M -Scot/SM -Scotch/MS -Scotchman/M -Scotchmen/M -Scotchwoman/M -Scotchwomen/M -Scotia/M -Scotland/M -Scotsman/M -Scotsmen/M -Scotswoman/M -Scotswomen/M -Scott/M -Scottie/SM -Scottish/M -Scottsdale/M -Scrabble/MS -Scranton/M -Scriabin/M -Scribner/M -Scripture/SM -Scrooge/M -Scruggs/M -Scud/M -Sculley/M -Scylla/M -Scythia/M -Scythian/M -Se/MH -Seaborg/M -Seagram/M -Sean/M -Sears/M -Seaside/M -Seattle/M -Sebastian/M -Sebring/M -Sec -Seconal/M -Secretariat/M -Secretary -Seder/MS -Sedna/M -Seebeck/M -Seeger/M -Sega/M -Segovia/M -Segre/M -Segundo/M -Segway/S -Seiko/M -Seine/M -Seinfeld/M -Sejong/M -Selassie/M -Selectric/M -Selena/M -Seleucid/M -Seleucus/M -Selim/M -Seljuk/M -Selkirk/M -Sellers/M -Selma/M -Selznick/M -Semarang/M -Seminole/MS -Semiramis/M -Semite/MS -Semitic/SM -Semtex/M -Senate/MS -Sendai/M -Seneca/MS -Senegal/M -Senegalese/M -Senghor/M -Senior/M -Sennacherib/M -Sennett/M -Sensurround/M -Seoul/M -Sep -Sephardi/M -Sepoy/M -Sept/M -September/MS -Septuagint/MS -Sequoya/M -Serb/SM -Serbia/M -Serbian/MS -Serena/M -Serengeti/M -Sergei/M -Sergio/M -Serpens/M -Serra/M -Serrano/M -Set/M -Seth/M -Seton/M -Seurat/M -Seuss/M -Sevastopol/M -Severn/M -Severus/M -Seville/M -Sevres/M -Seward/M -Sextans/M -Sexton/M -Seychelles/M -Seyfert/M -Seymour/M -Sgt -Shaanxi/M -Shackleton/M -Shaffer/M -Shah/M -Shaka/M -Shaker -Shakespeare/M -Shakespearean/M -Shana/M -Shandong/M -Shane/M -Shanghai/M -Shankara/M -Shanna/M -Shannon/M -Shantung/M -Shanxi/M -Shapiro/M -SharePoint/M -Shari'a/M -Shari/M -Sharif/M -Sharlene/M -Sharon/M -Sharp/M -Sharpe/M -Sharron/M -Shasta/M -Shaula/M -Shaun/M -Shauna/M -Shavian/M -Shavuot/M -Shaw/M -Shawn/M -Shawna/M -Shawnee/SM -Shcharansky/M -Shea/M -Sheba/M -Shebeli/M -Sheboygan/M -Sheena/M -Sheetrock/M -Sheffield/M -Sheila/M -Shelby/M -Sheldon/M -Shelia/M -Shell/M -Shelley/M -Shelly/M -Shelton/M -Shenandoah/M -Shenyang/M -Sheol/M -Shepard/M -Shepherd/M -Sheppard/M -Sheratan/M -Sheraton/M -Sheree/M -Sheri/M -Sheridan/M -Sherlock/M -Sherman/M -Sherpa/M -Sherri/M -Sherrie/M -Sherry/M -Sherwood/M -Sheryl/M -Shetland/SM -Shetlands/M -Shevardnadze/M -Shevat/M -Shi'ite/M -Shields/M -Shiite/MS -Shijiazhuang/M -Shikoku/M -Shillong/M -Shiloh/M -Shinto/MS -Shintoism/MS -Shintoist/MS -Shiraz/M -Shirley/M -Shiva/M -Shockley/M -Short/M -Shorthorn/M -Shoshone/SM -Shostakovitch/M -Shrek/M -Shreveport/M -Shriner/M -Shropshire/M -Shula/M -Shylock/M -Shylockian/M -Si/M -Siam/M -Siamese/M -Sibelius/M -Siberia/M -Siberian/MS -Sibyl/M -Sichuan/M -Sicilian/SM -Sicily/M -Sid/M -Siddhartha/M -Sidney/M -Siegfried/M -Siemens/M -Sierpinski/M -Sierras -Sigismund/M -Sigmund/M -Sigurd/M -Sihanouk/M -Sikh/M -Sikhism -Sikhs -Sikkim/M -Sikkimese/M -Sikorsky/M -Silas/M -Silesia/M -Silurian/SM -Silva/M -Silvia/M -Simenon/M -Simmental/M -Simmons/M -Simon/M -Simone/M -Simpson/SM -Simpsons/M -Simpsonville/M -Sims/M -Sinai/M -Sinatra/M -Sinbad/M -Sinclair/M -Sindbad/M -Sindhi/M -Singapore/M -Singaporean/SM -Singer/M -Singh/M -Singleton/M -Sinhalese/M -Sinkiang/M -Sioux/M -Sir/SM -Sirius/M -Sistine/M -Sisyphean/M -Sisyphus/M -Siva/M -Sivan/M -Sjaelland/M -Skinner/M -Skippy/M -Skopje/M -Skye/M -Skylab/M -Skype/M -Slackware/M -Slashdot/M -Slater/M -Slav/SM -Slavic/M -Slavonic/M -Slidell/M -Slinky/M -Sloan/M -Sloane/M -Slocum/M -Slovak/SM -Slovakia/M -Slovakian -Slovene/SM -Slovenia/M -Slovenian/MS -Slurpee/M -Sm/M -Small/M -Smetana/M -Smirnoff/M -Smith/M -Smithson/M -Smithsonian/M -Smokey/M -Smolensk/M -Smollett/M -Smuts/M -Smyrna -Sn/M -Snake/M -Snapple/M -Snead/M -Snell/M -Snickers/M -Snider/M -Snoopy/M -Snow/M -Snowbelt/M -Snyder/M -Soave/M -Soc -Socastee/M -Socorro/M -Socrates/M -Socratic/M -Soddy/M -Sodom/M -Sofia/M -Soho/M -Sol/M -Solis/M -Solomon/M -Solon/M -Solzhenitsyn/M -Somali/SM -Somalia/M -Somalian/MS -Somme/M -Somoza/M -Son/M -Sondheim/M -Sondra/M -Songhai/M -Songhua/M -Sonia/M -Sonja/M -Sonny/M -Sonora/M -Sontag/M -Sony/M -Sonya/M -Sophia/M -Sophie/M -Sophoclean/M -Sophocles/M -Sopwith/M -Sorbonne/M -Sosa/M -Soto/M -Souphanouvong/M -Sourceforge/M -Sousa/M -South/M -Southampton/M -Southeast/MS -Southerner/SM -Southey/M -Souths -Southwest/MS -Soviet/M -Soweto/M -Soyinka/M -Soyuz/M -Sp -Spaatz/M -Spackle/M -Spahn/M -Spain/M -Spam/M -Span -Spanglish -Spaniard/SM -Spanish/M -Sparks/M -Sparta/M -Spartacus/M -Spartan/MS -Spartanburg/M -Spears/M -Speer/M -Spence/RM -Spencer/M -Spencerian/M -Spengler/M -Spenglerian/M -Spenser/M -Spenserian/M -Sperry/M -Sphinx/M -Spica/M -Spielberg/M -Spillane/M -Spinoza/M -Spinx/M -Spiro/M -Spirograph/M -Spitsbergen/M -Spitz/M -Spock/M -Spokane/M -Springdale/M -Springfield/M -Springsteen/M -Sprint/M -Sprite/M -Sputnik/M -Sq -Squanto/M -Squibb/M -Sr/M -Srinagar/M -Srivijaya/M -St -Sta -Stacey/M -Staci/M -Stacie/M -Stacy/M -Stael/M -Stafford/M -StairMaster/M -Stalin/M -Stalingrad/M -Stalinist/M -Stallone/M -Stamford/M -Stan/M -Standish/M -Stanford/M -Stanislavsky/M -Stanley/M -Stanton/M -Staples/M -Starbucks/M -Stark/M -Starkey/M -Starr/M -Staten/M -States -Staubach/M -Staunton/M -Ste -Steadicam/M -Steele/M -Stefan/M -Stefanie/M -Stein/MR -Steinbeck/M -Steinem/M -Steiner/M -Steinmetz/M -Steinway/M -Stella/M -Stendhal/M -Stengel/M -Stephan/M -Stephanie/M -Stephen/MS -Stephens/M -Stephenson/M -Sterling/M -Stern/M -Sterne/M -Sterno/M -Stetson/M -Steuben/M -Steubenville/M -Steve/M -Steven/MS -Stevens/M -Stevenson/M -Stevie/M -Stewart/M -Stieglitz/M -Stilton/SM -Stimson/M -Stine/M -Stirling/M -Stockhausen/M -Stockholm/M -Stockton/M -Stoic/SM -Stoicism/MS -Stokes/M -Stolichnaya/M -Stolypin/M -Stone/M -Stonehenge/M -Stoppard/M -Stout/M -Stowe/M -Strabo/M -Stradivari -Stradivarius/M -Strasbourg/M -Strauss/M -Stravinsky/M -Streisand/M -Strickland/M -Strindberg/M -Stromboli/M -Strong/M -Stu/M -Stuart/MS -Studebaker/M -Stuttgart/M -Stuyvesant/M -Stygian/M -Styrofoam/SM -Styron/M -Styx/M -Suarez/M -Subaru/M -Sucre/M -Sucrets/M -Sudan/M -Sudanese/M -Sudetenland/M -Sudoku/M -Sudra/M -Sue/M -Suetonius/M -Suez/M -Suffolk/M -Sufi/M -Sufism/M -Suharto/M -Sui/M -Sukarno/M -Sukkot -Sulawesi/M -Suleiman/M -Sulla/M -Sullivan/M -Sumatra/M -Sumatran/SM -Sumeria/M -Sumerian/SM -Summer/MS -Summers/M -Sumner/M -Sumter/M -Sun/SM -Sunbeam/M -Sunbelt/M -Sundanese/M -Sundas/M -Sunday/MS -Sung/M -Sunkist/M -Sunni/SM -Sunnite/MS -Sunnyvale/M -Superbowl/M -Superfund/M -Superglue/M -Superior/M -Superman/M -Supt -Surabaya/M -Surat/M -Suriname/M -Surinamese -Surya/M -Susan/M -Susana/M -Susanna/M -Susanne/M -Susie/M -Susquehanna/M -Sussex/M -Sutherland/M -Sutton/M -Suva/M -Suwanee/M -Suzanne/M -Suzette/M -Suzhou/M -Suzuki/M -Suzy/M -Svalbard/M -Sven/M -Svengali/M -Sverdlovsk -Swahili/SM -Swammerdam/M -Swanee/M -Swansea/M -Swanson/M -Swazi/SM -Swaziland/M -Swed/N -Swede/SM -Sweden/M -Swedenborg/M -Swedish/M -Sweeney/M -Sweet/M -Swift/M -Swinburne/M -Swiss/MS -Swissair/M -Switz -Switzerland/M -Sybil/M -Sydney/M -Sykes/M -Sylvester/M -Sylvia/M -Sylvie/M -Synge/M -Syracuse/M -Syria/M -Syriac/M -Syrian/MS -Szilard/M -Szymborska/M -T'ang/M -T/MDG -TA -TARP -TB/M -TBA -TD -TDD -TEFL -TELNET/S -TELNETTed -TELNETTing -TESL -TESOL -TGIF -THC -TKO/M -TLC/M -TM -TN -TNT/M -TOEFL -TQM -TV/SM -TVA -TWA/M -TWX -TX -Ta/M -Tabasco/SM -Tabatha/M -Tabernacle/MS -Tabitha/M -Tabriz/MS -Tacitus/M -Tacoma/M -Tad/M -Tadzhik/M -Taegu/M -Taejon/M -Taft/M -Tagalog/SM -Tagore/M -Tagus/M -Tahiti/M -Tahitian/MS -Tahoe/M -Taichung/M -Tainan -Taine/M -Taipei/M -Taiping/M -Taiwan/M -Taiwanese/M -Taiyuan/M -Tajikistan/M -Taklamakan/M -Talbot/M -Taliban/M -Taliesin/M -Tallahassee/M -Tallchief/M -Talley/M -Talleyrand/M -Tallinn/M -Talmud/MS -Talmudic -Talmudist -Tamara/M -Tameka/M -Tamera/M -Tamerlane/M -Tami/M -Tamika/M -Tamil/MS -Tammany/M -Tammi/M -Tammie/M -Tammuz/M -Tammy/M -Tampa/M -Tampax/M -Tamra/M -Tamworth/M -Tancred/M -Taney/M -Tanganyika/M -Tangier/MS -Tangshan/M -Tania/M -Tanisha/M -Tanner/M -Tannhauser/M -Tantalus/M -Tanya/M -Tanzania/M -Tanzanian/SM -Tao/M -Taoism/MS -Taoist/MS -Tara/M -Tarantino/M -Tarawa/M -Tarazed/M -Tarbell/M -Target/M -Tarim/M -Tarkenton/M -Tarkington/M -Tartary/M -Tartuffe/M -Tarzan/M -Tasha/M -Tashkent/M -Tasman/M -Tasmania/M -Tasmanian/M -Tass/M -Tatar/MS -Tate/M -Tatum/M -Taurus/MS -Tavares/M -Tawney/M -Taylor/M -Tb/M -Tbilisi/M -Tc/M -Tchaikovsky/M -Te/M -TeX -TeXes -Teasdale/M -Technicolor/M -Tecumseh/M -Ted/M -Teddy/M -Teflon/MS -Tegucigalpa/M -Tehran -TelePrompTer -TelePrompter/M -Telemachus/M -Telemann/M -Teletype -Tell/MR -Teller/M -Telugu/M -Temecula/M -Tempe -Templar/M -Temple/M -Tenn/M -Tennessean/SM -Tennessee/M -Tennyson/M -Tennysonian -Tenochtitlan/M -TensorFlow/M -Teotihuacan/M -Terence/M -Teresa/M -Tereshkova/M -Teri/M -Terkel/M -Terpsichore/M -Terr/M -Terra/M -Terran/M -Terrance/M -Terrell/M -Terrence/M -Terri/M -Terrie/M -Terry/M -Tertiary/M -Tesla/M -Tess/M -Tessa/M -Tessie/M -Tet/M -Tethys/M -Tetons/M -Teuton/MS -Teutonic/M -Tevet/M -Tex/M -Texaco/M -Texan/MS -Texarkana/M -Texas/M -Th/M -Thackeray/M -Thad/M -Thaddeus/M -Thai/SM -Thailand/M -Thales/M -Thalia/M -Thames/M -Thanh/M -Thanksgiving/MS -Thant/M -Thar/M -Tharp/M -Thatcher/M -Thea/M -Thebes/M -Theiler/M -Thelma/M -Themistocles/M -Theocritus/M -Theodora/M -Theodore/M -Theodoric/M -Theodosius/M -Theosophy/M -Theravada/M -Theresa/M -Therese/M -Thermopylae/M -Thermos -Theron/M -Theseus/M -Thespian/M -Thespis/M -Thessalonian/SM -Thessaloniki/M -Thessaly/M -Thieu/M -Thimbu/M -Thimphu -Thomas/M -Thomism/M -Thomistic/M -Thompson/M -Thomson/M -Thor/M -Thorazine/M -Thoreau/M -Thornton/M -Thoroughbred/M -Thorpe/M -Thoth/M -Thrace/M -Thracian/M -Thu -Thucydides/M -Thule/M -Thunderbird/M -Thur/S -Thurber/M -Thurman/M -Thurmond/M -Thursday/SM -Thutmose/M -Ti/M -Tia/M -Tianjin/M -Tiber/M -Tiberius/M -Tibet/M -Tibetan/MS -Ticketmaster/M -Ticonderoga/M -Tide/M -Tienanmen/M -Tiffany/M -Tigris/M -Tijuana/M -Tillich/M -Tillman/M -Tilsit/M -Tim/M -Timbuktu/M -Timex/M -Timmy/M -Timon/M -Timor/M -Timothy/M -Timur/M -Timurid/M -Tina/M -Ting/M -Tinkerbell/M -Tinkertoy/M -Tinseltown/M -Tintoretto/M -Tippecanoe/M -Tipperary/M -Tirane -Tiresias/M -Tirol/M -Tirolean -Tisha/M -Tishri/M -Titan/SM -Titania/M -Titanic/M -Titian/M -Titicaca/M -Tito/M -Titus/M -Titusville/M -Tl/M -Tlaloc/M -Tlingit/M -Tm/M -Tobago/M -Tobit/M -Toby/M -Tocantins/M -Tocqueville/M -Tod/M -Todd/M -Togo/M -Togolese/M -Tojo/M -Tokay/M -Tokugawa/M -Tokyo/M -Tokyoite -Toledo/MS -Tolkien/M -Tolstoy/M -Toltec/M -Tolyatti/M -Tom/M -Tomas/M -Tombaugh/M -Tomlin/M -Tommie/M -Tommy/M -Tompkins/M -Tomsk/M -Tonga/M -Tongan/MS -Toni/M -Tonia/M -Tonto/M -Tony/M -Tonya/M -Topeka/M -Topsy/M -Torah/M -Torahs -Toronto/M -Torquemada/M -Torrance/M -Torrens/M -Torres/M -Torricelli/M -Tortola/M -Tortuga/M -Torvalds/M -Tory/SM -Tosca/M -Toscanini/M -Toshiba/M -Toto/M -Toulouse/M -Townes/M -Townsend/M -Toynbee/M -Toyoda/M -Toyota/M -Tracey/M -Traci/M -Tracie/M -Tracy/M -Trafalgar/M -Trailways/M -Trajan/M -Tran/M -Transcaucasia/M -Transvaal/M -Transylvania/M -Transylvanian/M -Trappist/SM -Travis/M -Travolta/M -Treasury/SM -Treblinka/M -Trekkie/M -Trent/M -Trenton/M -Trevelyan/M -Trevino/M -Trevor/M -Trey/M -Triangulum/M -Triassic/M -Tricia/M -Trident/M -Trieste/M -Trimurti/M -Trina/M -Trinidad/M -Trinidadian/MS -Trinity/SM -Tripitaka/M -Tripoli/M -Trippe/M -Trisha/M -Tristan/M -Triton/M -Trobriand/M -Troilus/M -Trojan/MS -Trollope/M -Trondheim/M -Tropicana/M -Trotsky/M -Troy/M -Troyes -Truckee/M -Trudeau/M -Trudy/M -Truffaut/M -Trujillo/M -Truman/M -Trumbull/M -Trump/M -Truth/M -Tsimshian/M -Tsiolkovsky/M -Tsitsihar/M -Tsongkhapa/M -Tswana/M -Tu/M -Tuamotu/M -Tuareg/M -Tubman/M -Tucker/M -Tucson/M -Tucuman/M -Tudor/SM -Tue/S -Tues/M -Tuesday/MS -Tulane/M -Tull/M -Tulsa/M -Tulsidas/M -Tums/M -Tungus/M -Tunguska/M -Tunis/M -Tunisia/M -Tunisian/MS -Tunney/M -Tupi/M -Tupperware/M -Tupungato/M -Turgenev/M -Turin/M -Turing/M -Turk/SM -Turkestan/M -Turkey/M -Turkic/MS -Turkish/M -Turkmenistan/M -Turlock/M -Turner/M -Turpin/M -Tuscaloosa/M -Tuscan/M -Tuscany/M -Tuscarora/MS -Tuscon/M -Tuskegee/M -Tussaud/M -Tut/M -Tutankhamen/M -Tutsi/M -Tutu/M -Tuvalu/M -Tuvaluan -Twain/M -Tweed/M -Tweedledee/M -Tweedledum/M -Twila/M -Twinkies/M -Twitter/M -Twizzlers/M -Twp -Ty/M -Tycho/M -Tylenol/M -Tyler/M -Tyndale/M -Tyndall/M -Tyre/M -Tyree/M -Tyrolean -Tyrone/M -Tyson/M -U/M -UAR -UAW -UBS/M -UCLA/M -UFO/SM -UHF/M -UK/M -UL -UN/M -UNESCO/M -UNICEF/M -UNIX/M -UPC -UPI/M -UPS/M -URL/S -US/M -USA/M -USAF -USB -USCG -USDA/M -USIA -USMC -USN -USO -USP -USPS -USS -USSR/M -UT/M -UTC -UV/M -Ubangi/M -Ubuntu/M -Ucayali/M -Uccello/M -Udall/M -Ufa/M -Uganda/M -Ugandan/MS -Uighur/M -Ujungpandang/M -Ukraine/M -Ukrainian/SM -Ulster/M -Ultrasuede/M -Ulyanovsk/M -Ulysses/M -Umbriel/M -Underwood/M -Ungava/M -Unicode/M -Unilever/M -Union/SM -Unionist -Uniontown/M -Uniroyal/M -Unitarian/MS -Unitarianism/MS -Unitas/M -Unix/S -Unukalhai/M -Upanishads/M -Updike/M -Upjohn/M -Upton/M -Ur/M -Ural/SM -Urals/M -Urania/M -Uranus/M -Urban/M -Urdu/M -Urey/M -Uriah/M -Uriel/M -Uris/M -Urquhart/M -Ursa/M -Ursula/M -Ursuline/M -Uruguay/M -Uruguayan/MS -Urumqi/M -Usenet/MS -Ustinov/M -Ut -Utah/M -Utahan/MS -Ute/SM -Utica/M -Utopia/SM -Utopian/SM -Utrecht/M -Utrillo/M -Uzbek/M -Uzbekistan/M -Uzi/SM -V/M -VA -VAT/M -VAX -VAXes -VBA/M -VCR/M -VD/M -VDT -VDU -VF -VFW/M -VG -VGA -VHF/M -VHS -VI/M -VIP/SM -VISTA -VJ -VLF/M -VOA -VP -VT -VTOL -Va/M -Vacaville/M -Vader/M -Vaduz/M -Val/M -Valarie/M -Valdez/M -Valdosta/M -Valencia/SM -Valenti/M -Valentin/M -Valentine/M -Valentino/M -Valenzuela/M -Valeria/M -Valerian/M -Valerie/M -Valery/M -Valhalla/M -Valium/MS -Valkyrie/SM -Vallejo/M -Valletta/M -Valois/M -Valparaiso/M -Valvoline/M -Van/M -Vance/M -Vancouver/M -Vandal/MS -Vanderbilt/M -Vandyke/M -Vanessa/M -Vang/M -Vanuatu/M -Vanzetti/M -Varanasi/M -Varese/M -Vargas/M -Vaseline/SM -Vasquez/M -Vassar/M -Vatican/M -Vauban/M -Vaughan/M -Vaughn/M -Vazquez/M -Veblen/M -Veda/SM -Vedanta/M -Vega/SM -Vegas/M -Vegemite/M -Vela/M -Velasquez/M -Velazquez/M -Velcro/MS -Velez/M -Velma/M -Velveeta/M -Venetian/SM -Venezuela/M -Venezuelan/SM -Venice/M -Venn/M -Ventolin/M -Venus/MS -Venusian/M -Vera/M -Veracruz/M -Verde/M -Verdi/M -Verdun/M -Verizon/M -Verlaine/M -Vermeer/M -Vermont/ZMR -Vermonter/M -Vern/M -Verna/M -Verne/M -Vernon/M -Verona/M -Veronese/M -Veronica/M -Versailles/M -Vesalius/M -Vespasian/M -Vespucci/M -Vesta/M -Vesuvius/M -Viacom/M -Viagra/M -Vic/M -Vicente/M -Vichy/M -Vicki/M -Vickie/M -Vicksburg/M -Vicky/M -Victor/M -Victoria/M -Victorian/MS -Victorianism -Victorville/M -Victrola/M -Vidal/M -Vienna/M -Viennese/M -Vientiane/M -Vietcong/M -Vietminh/M -Vietnam/M -Vietnamese/M -Vijayanagar/M -Vijayawada/M -Viking/MS -Vila/M -Villa/SM -Villarreal/M -Villas/M -Villon/M -Vilma/M -Vilnius/M -Vilyui/M -Vince/M -Vincent/M -Vindemiatrix/M -Vineland/M -Vinson/M -Viola/M -Violet/M -Virgie/M -Virgil/M -Virginia/M -Virginian/SM -Virgo/SM -Visa/M -Visalia/M -Visayans/M -Vishnu/M -Visigoth/M -Visigoths -Vistula/M -Vitim/M -Vito/M -Vitus/M -Vivaldi/M -Vivekananda/M -Vivian/M -Vivienne/M -Vlad/M -Vladimir/M -Vladivostok/M -Vlaminck/M -Vlasic/M -VoIP -Vogue/M -Volcker/M -Voldemort/M -Volga/M -Volgograd/M -Volkswagen/M -Volstead/M -Volta/M -Voltaire/M -Volvo/M -Vonda/M -Vonnegut/M -Voronezh/M -Vorster/M -Voyager/M -Vt -Vuitton/M -Vulcan/M -Vulg -Vulgate/SM -W/MDT -WA -WAC -WASP/M -WATS/M -WC -WHO/M -WI -WMD -WNW/M -WP -WSW/M -WTO -WV -WW -WWI -WWII -WWW/M -WY -WYSIWYG -Wabash/M -Wac -Waco/M -Wade/M -Wagner/M -Wagnerian/M -Wahhabi/M -Waikiki/M -Waite/M -Wake/M -Waksman/M -Wald/MN -Waldemar/M -Walden/M -Waldensian/M -Waldheim/M -Waldo/M -Waldorf/M -Wales/M -Walesa/M -Walgreen/SM -Walgreens/M -Walker/M -Walkman/M -Wall/SMR -Wallace/M -Wallenstein/M -Waller/M -Wallis/M -Walloon/M -Walls/M -Walmart/M -Walpole/M -Walpurgisnacht/M -Walsh/M -Walt/MRZ -Walter/M -Walters/M -Walton/M -Wanamaker/M -Wanda/M -Wang/M -Wankel/M -Ward/M -Ware/MG -Warhol/M -Waring/M -Warner/M -Warren/M -Warsaw/M -Warwick/M -Wasatch/M -Wash/M -Washington/M -Washingtonian/MS -Wassermann/M -Waterbury/M -Waterford/M -Watergate/M -Waterloo/MS -Waters/M -Watertown/M -Watkins/M -Watson/M -Watsonville/M -Watt/SM -Watteau/M -Watts/M -Watusi/M -Waugh/M -Wausau/M -Wave -Wayne/M -Waynesboro/M -Weaver/M -Web/MR -Webb/M -Weber/M -Webern/M -Webster/MS -Wed/M -Weddell/M -Wedgwood/M -Wednesday/MS -Weeks/M -Wehrmacht/M -Wei/M -Weierstrass/M -Weill/M -Weinberg/M -Weirton/M -Weiss/M -Weissmuller/M -Weizmann/M -Weldon/M -Welland/M -Weller/M -Welles/M -Wellington/SM -Wells/M -Welsh/M -Welshman/M -Welshmen/M -Welshwoman -Wenatchee/M -Wendell/M -Wendi/M -Wendy/M -Wesak/M -Wesley/M -Wesleyan/M -Wessex/M -Wesson/M -West/SM -Western/MRS -Westinghouse/M -Westminster/M -Weston/M -Westphalia/M -Weyden/M -Wezen/M -Wharton/M -Wheaties/M -Wheatstone/M -Wheeler/M -Wheeling/M -Whig/SM -Whipple/M -Whirlpool/M -Whistler/M -Whitaker/M -White/SM -Whitefield/M -Whitehall/M -Whitehead/M -Whitehorse/M -Whiteley/M -Whitfield/M -Whitley/M -Whitman/M -Whitney/M -Whitsunday/MS -Whittier/M -WiFi -Wicca/M -Wichita/M -Wiemar/M -Wiesel/M -Wiesenthal/M -Wiggins/M -Wigner/M -Wii/M -Wikileaks -Wikipedia/M -Wilberforce/M -Wilbert/M -Wilbur/M -Wilburn/M -Wilcox/M -Wilda/M -Wilde/MR -Wilder/M -Wiles/M -Wiley/M -Wilford/M -Wilfred/M -Wilfredo/M -Wilhelm/M -Wilhelmina/M -Wilkerson/M -Wilkes/M -Wilkins/M -Wilkinson/M -Will/M -Willa/M -Willamette/M -Willard/M -Willemstad/M -William/SM -Williams/M -Williamsburg/M -Williamson/M -Williamsport/M -Willie/M -Willis/M -Willy/M -Wilma/M -Wilmer/M -Wilmington/M -Wilson/M -Wilsonian/M -Wilton/M -Wimbledon/M -Wimsey/M -Winchell/M -Winchester/MS -Windbreaker/M -Windex/M -Windhoek/M -Windows/M -Windsor/SM -Windward/M -Winesap/M -Winfred/M -Winfrey/M -Winifred/M -Winkle/M -Winnebago/M -Winnie/M -Winnipeg/M -Winston/M -Winters/M -Winthrop/M -Wis -Wisc -Wisconsin/M -Wisconsinite/MS -Wise/M -Witt/M -Wittgenstein/M -Witwatersrand/M -Wm/M -Wobegon/M -Wodehouse/M -Wolf/M -Wolfe/M -Wolff/M -Wolfgang/M -Wollongong/M -Wollstonecraft/M -Wolsey/M -Wolverhampton -Wonder/M -Wonderbra/M -Wong/M -Wood/SM -Woodard/M -Woodhull/M -Woodland/M -Woodrow/M -Woods/M -Woodstock/M -Woodward/M -Woolf/M -Woolite/M -Woolongong/M -Woolworth/M -Wooster/M -Wooten/M -Worcester/SM -Worcestershire/M -WordPress/M -Wordsworth/M -Workman/M -Worms/M -Wotan/M -Wovoka/M -Wozniak/M -Wozzeck/M -Wrangell/M -Wren/M -Wright/M -Wrigley/M -Wroclaw/M -Wu/M -Wuhan/M -Wurlitzer/M -Wyatt/M -Wycherley/M -Wycliffe/M -Wyeth/M -Wylie/M -Wynn/M -Wyo -Wyoming/M -Wyomingite/SM -X/M -XEmacs/M -XL/M -XML -XS -XXL -Xamarin/M -Xanadu/M -Xanthippe/M -Xavier/M -Xe/SM -Xenakis/M -Xenia/M -Xenophon/M -Xerox/MS -Xerxes/M -Xhosa/M -Xi'an/M -Xian/SM -Xiaoping/M -Ximenes/M -Xingu/M -Xinjiang/M -Xiongnu/M -Xizang/M -Xmas/MS -Xochipilli/M -Xuzhou/M -Y/M -YMCA/M -YMHA -YMMV -YT -YWCA/M -YWHA -Yacc/M -Yahoo/M -Yahtzee/M -Yahweh/M -Yakima/M -Yakut/M -Yakutsk/M -Yale/M -Yalow/M -Yalta/M -Yalu/M -Yamagata/M -Yamaha/M -Yamoussoukro/M -Yang/M -Yangon/M -Yangtze/M -Yank/SM -Yankee/SM -Yaobang/M -Yaounde/M -Yaqui/M -Yaren -Yaroslavl/M -Yataro/M -Yates/M -Yauco/M -Yb/M -Yeager/M -Yeats/M -Yekaterinburg/M -Yellowknife/M -Yellowstone/M -Yeltsin/M -Yemen/M -Yemeni/SM -Yemenite -Yenisei/M -Yerevan/M -Yerkes/M -Yesenia/M -Yevtushenko/M -Yggdrasil/M -Yiddish/M -Ymir/M -Yoda/M -Yoknapatawpha/M -Yoko/M -Yokohama/M -Yolanda/M -Yong/M -Yonkers/M -York/M -Yorkie/M -Yorkshire/MS -Yorktown/M -Yoruba/M -Yosemite/M -Yossarian/M -YouTube/M -Young/M -Youngstown/M -Ypres/M -Ypsilanti/M -Yuan/M -Yucatan/M -Yugo/M -Yugoslav/MS -Yugoslavia/M -Yugoslavian/SM -Yukon/M -Yule/SM -Yuletide/MS -Yuma/SM -Yunnan/M -Yuri/M -Yves/M -Yvette/M -Yvonne/M -Z/SMNXT -Zachariah/M -Zachary/M -Zachery/M -Zagreb/M -Zaire/M -Zairian -Zambezi/M -Zambia/M -Zambian/SM -Zamboni/M -Zamenhof/M -Zamora/M -Zane/M -Zanuck/M -Zanzibar/M -Zapata/M -Zaporozhye/M -Zapotec/M -Zappa/M -Zara/M -Zarathustra/M -Zealand/M -Zebedee/M -Zechariah/M -Zedekiah/M -Zedong/M -Zeffirelli/M -Zeke/M -Zelig/M -Zelma/M -Zen/M -Zenger/M -Zeno/M -Zephaniah/M -Zephyrhills/M -Zephyrus/M -Zest/M -Zeus/M -Zhdanov -Zhejiang/M -Zhengzhou/M -Zhivago/M -Zhukov/M -Zibo/M -Ziegfeld/M -Ziegler/M -Ziggy/M -Zika -Zimbabwe/M -Zimbabwean/SM -Zimmerman/M -Zinfandel/M -Zion/SM -Zionism/SM -Zionist/SM -Ziploc/M -Zn/M -Zoe/M -Zola/M -Zollverein/M -Zoloft/M -Zomba/M -Zorn/M -Zoroaster/M -Zoroastrian/MS -Zoroastrianism/SM -Zorro/M -Zosma/M -Zr/M -Zsigmondy/M -Zubenelgenubi/M -Zubeneschamali/M -Zukor/M -Zulu/SM -Zululand -Zuni/M -Zurich/M -Zwingli/M -Zworykin/M -Zyrtec/M -Zyuganov/M -Zzz -a/S -aah -aardvark/SM -ab/SDY -aback -abacus/MS -abaft -abalone/SM -abandon/LSDG -abandonment/M -abase/LGDS -abasement/M -abash/GLDS -abashed/UY -abashment/M -abate/LGDS -abated/U -abatement/M -abattoir/MS -abbe/SM -abbess/MS -abbey/MS -abbot/MS -abbr -abbrev/S -abbreviate/DSGNX -abbreviation/M -abdicate/GNDSX -abdication/M -abdomen/SM -abdominal -abduct/DSG -abductee/MS -abduction/SM -abductor/MS -abeam -aberrant -aberration/MS -aberrational -abet/S -abetted -abetting -abettor/SM -abeyance/M -abhor/S -abhorred -abhorrence/M -abhorrent/Y -abhorring -abidance/M -abide/GS -abiding/Y -ability/IEMS -abject/YP -abjection/M -abjectness/M -abjuration/SM -abjuratory -abjure/ZGDRS -abjurer/M -ablate/XGNVDS -ablation/M -ablative/MS -ablaze -able/UT -abler -abloom -ablution/SM -abnegate/GNDS -abnegation/M -abnormal/Y -abnormality/SM -aboard -abode/MS -abolish/GDS -abolition/M -abolitionism/M -abolitionist/SM -abominable -abominably -abominate/DSGNX -abomination/M -aboriginal/MS -aborigine/SM -aborning -abort/GVDS -abortion/MS -abortionist/MS -abortive/Y -abound/DSG -about -above/M -aboveboard -abracadabra/M -abrade/GDS -abrasion/MS -abrasive/MYPS -abrasiveness/M -abreast -abridge/DSG -abridgment/MS -abroad -abrogate/XGNDS -abrogation/M -abrogator/MS -abrupt/TPRY -abruptness/M -abs/M -abscess/MDSG -abscissa/SM -abscission/M -abscond/ZGSDR -absconder/M -abseil/MDSG -absence/SM -absent/DYSG -absentee/MS -absenteeism/M -absentminded/YP -absentmindedness/M -absinthe/M -absolute/PMYTNS -absoluteness/M -absolution/M -absolutism/M -absolutist/MS -absolve/DSG -absorb/AGDS -absorbance -absorbency/M -absorbent/SM -absorbing/Y -absorption/M -absorptive -abstain/DRZGS -abstainer/M -abstemious/PY -abstemiousness/M -abstention/MS -abstinence/M -abstinent -abstract/GSPMDY -abstracted/YP -abstractedness/M -abstraction/SM -abstractness/MS -abstruse/YP -abstruseness/M -absurd/TPRY -absurdist/MS -absurdity/SM -absurdness/M -abundance/SM -abundant/Y -abuse's -abuse/EGVDS -abuser/MS -abusive/YP -abusiveness/M -abut/SL -abutment/MS -abutted -abutting -abuzz -abysmal/Y -abyss/MS -abyssal -ac -acacia/MS -academe/M -academia/M -academic/SM -academical/Y -academician/MS -academy/SM -acanthus/MS -accede/GDS -accelerate/GNXDS -acceleration/M -accelerator/SM -accent/MDSG -accented/U -accentual -accentuate/GNDS -accentuation/M -accept/DSBG -acceptability/M -acceptableness/M -acceptably/U -acceptance/SM -acceptation/MS -accepted/U -access/MDSG -accessibility/IM -accessible/I -accessibly/I -accession/MDGS -accessorize/DSG -accessory/SM -accident/MS -accidental/SMY -acclaim/MDGS -acclamation/M -acclimate/DSGN -acclimation/M -acclimatization/M -acclimatize/DSG -acclivity/SM -accolade/SM -accommodate/XGNDS -accommodating/Y -accommodation/M -accompanied/U -accompaniment/MS -accompanist/SM -accompany/DSG -accomplice/SM -accomplish/DSLG -accomplished/U -accomplishment/MS -accord/GMDS -accordance/M -accordant -according/Y -accordion/MS -accordionist/MS -accost/GMDS -account/MDSBG -accountability/M -accountable/U -accountancy/M -accountant/MS -accounted/U -accounting/M -accouter/SGD -accouterments/M -accredit/SGD -accreditation/M -accredited/U -accretion/MS -accrual/MS -accrue/GDS -acct -acculturate/DSGN -acculturation/M -accumulate/XGNVDS -accumulation/M -accumulator/MS -accuracy/IM -accurate/IY -accurateness/M -accursed/P -accursedness/M -accusation/MS -accusative/MS -accusatory -accuse/ZGDRS -accuser/M -accusing/Y -accustom/DSG -accustomed/U -ace/DSMG -acerbate/DSG -acerbic -acerbically -acerbity/M -acetaminophen/M -acetate/MS -acetic -acetone/M -acetonic -acetyl -acetylene/M -ache/DSMG -achene/MS -achievable/U -achieve/BLZGDRS -achievement/SM -achiever/M -aching/Y -achoo/M -achromatic -achy/TR -acid/SMY -acidic -acidify/GDS -acidity/M -acidosis/M -acidulous -acknowledge/DSG -acknowledged/U -acknowledgment/SM -acme/SM -acne/M -acolyte/MS -aconite/MS -acorn/MS -acoustic/S -acoustical/Y -acoustics/M -acquaint/AGSD -acquaintance/SM -acquaintanceship/M -acquainted/U -acquiesce/DSG -acquiescence/M -acquiescent/Y -acquire/ZGBDRSL -acquirement/M -acquisition/MS -acquisitive/YP -acquisitiveness/M -acquit/S -acquittal/MS -acquitted -acquitting -acre/SM -acreage/MS -acrid/PTRY -acridity/M -acridness/M -acrimonious/YP -acrimoniousness/M -acrimony/M -acrobat/MS -acrobatic/S -acrobatically -acrobatics/M -acronym/MS -acrophobia/M -acropolis/MS -across -acrostic/SM -acrylamide -acrylic/MS -act's -act/ASDGV -acting/M -actinium/M -action/ASM -actionable -activate/ICANGSD -activation/ICAM -activator/MS -active's -active/IKY -activeness/M -actives -activism/M -activist/MS -activities -activity/IM -actor/AMS -actress/MS -actual/Y -actuality/SM -actualization/M -actualize/GDS -actuarial -actuary/SM -actuate/GNDS -actuation/M -actuator/SM -acuity/M -acumen/M -acupressure/M -acupuncture/M -acupuncturist/SM -acute/PMYTRS -acuteness/M -acyclovir/M -acyl -ad/SM -adage/MS -adagio/MS -adamant/MY -adapt/BZGVDRS -adaptability/M -adaptation/MS -adapter/M -adaption/S -add/SDRBZG -addend/MS -addenda -addendum/M -adder/M -addict/GVMDS -addiction/SM -addition/SM -additional/Y -additive/SM -addle/GDS -address's -address/AGDS -addressable -addressed/U -addressee/SM -adduce/GDS -adenine/M -adenocarcinoma -adenoid/SM -adenoidal -adept/MYPS -adeptness/M -adequacy/IM -adequate/IY -adequateness/M -adhere/GDS -adherence/M -adherent/SM -adhesion/M -adhesive/PSM -adhesiveness/M -adiabatic -adieu/MS -adios -adipose -adj -adjacency/M -adjacent/Y -adjectival/Y -adjective/MS -adjoin/GDS -adjourn/DGLS -adjournment/SM -adjudge/GDS -adjudicate/GNVXDS -adjudication/M -adjudicator/SM -adjudicatory -adjunct/MS -adjuration/MS -adjure/GDS -adjust/AGDSL -adjustable -adjuster/SM -adjustment/AMS -adjutant/SM -adman/M -admen -admin/S -administer/DGS -administrate/XDSGNV -administration/M -administrative/Y -administrator/MS -admirably -admiral/MS -admiralty/M -admiration/M -admire/BZGDRS -admirer/M -admiring/Y -admissibility/IM -admissible/I -admissibly -admission/AM -admissions -admit/AS -admittance/M -admitted/Y -admitting/A -admix/GDS -admixture/SM -admonish/LDSG -admonishment/MS -admonition/MS -admonitory -ado/M -adobe/MS -adolescence/SM -adolescent/SM -adopt/AGVDS -adoptable -adopter/MS -adoption/SM -adorableness/M -adorably -adoration/M -adore/BZGDRS -adorer/M -adoring/Y -adorn/LGDS -adorned/U -adornment/MS -adrenal/MS -adrenalin's -adrenaline/M -adrenergic -adrift -adroit/PY -adroitness/M -adsorb/SDG -adsorbent/MS -adsorption/SM -adulate/DSGN -adulation/M -adulator/MS -adulatory -adult/MS -adulterant/MS -adulterate/GNDS -adulterated/U -adulteration/M -adulterer/SM -adulteress/MS -adulterous -adultery/SM -adulthood/M -adumbrate/GNDS -adumbration/M -adv -advance/LDSMG -advancement/SM -advantage/EDSMG -advantageous/EY -advent/SM -adventitious/Y -adventure/DRSMZG -adventurer/M -adventuresome -adventuress/MS -adventurism -adventurist/S -adventurous/YP -adventurousness/M -adverb/SM -adverbial/SMY -adversarial -adversary/SM -adverse/PRYT -adverseness/M -adversity/SM -advert/SMDG -advertise/LZGDRS -advertised/U -advertisement/MS -advertiser/M -advertising/M -advertorial/SM -advice/M -advisability/IM -advisable/I -advisably -advise/LDRSZGB -advised/UY -advisement/M -adviser/M -advisor/SM -advisory/SM -advocacy/M -advocate/MGDS -advt -adware -adze/SM -aegis/M -aerate/DSGN -aeration/M -aerator/SM -aerial/SMY -aerialist/MS -aerie/MS -aerobatic/S -aerobatics/M -aerobic/S -aerobically -aerobics/M -aerodrome/MS -aerodynamic/S -aerodynamically -aerodynamics/M -aerogram/S -aeronautic/S -aeronautical -aeronautics/M -aerosol/MS -aerospace/M -aery -aesthete/MS -aesthetic/S -aesthetically -aestheticism/M -aesthetics/M -afar -affability/M -affable -affably -affair/MS -affect's -affect/EGDS -affectation/SM -affected/UY -affecting/Y -affection/EM -affectionate/Y -affections -afferent -affiance/GDS -affidavit/SM -affiliate's -affiliate/EGNDS -affiliated/U -affiliation/EM -affiliations -affine -affinity/SM -affirm/AGDS -affirmation/AMS -affirmative/MYS -affix/GMDS -afflatus/M -afflict/GDS -affliction/SM -affluence/M -affluent/Y -afford/GDSB -affordability -affordably -afforest/EGSD -afforestation/M -affray/MS -affront/GMDS -afghan/MS -aficionado/MS -afield -afire -aflame -afloat -aflutter -afoot -aforementioned -aforesaid -aforethought -afoul -afraid/U -afresh -aft/RZ -afterbirth/M -afterbirths -afterburner/MS -aftercare/M -aftereffect/MS -afterglow/SM -afterimage/MS -afterlife/M -afterlives -aftermarket/MS -aftermath/M -aftermaths -afternoon/MS -aftershave/SM -aftershock/SM -aftertaste/SM -afterthought/SM -afterward/S -afterword/MS -again -against -agape/M -agar/M -agate/MS -agave/M -age/DSMGJ -ageism/M -ageist/SM -ageless/YP -agelessness/M -agency/SM -agenda/SM -agenesis -agent/AMS -ageratum/M -agglomerate/DSMGNX -agglomeration/M -agglutinate/DSXGN -agglutination/M -aggrandize/GLDS -aggrandizement/M -aggravate/GNXDS -aggravating/Y -aggravation/M -aggregate/MGNDSX -aggregation/M -aggregator/SM -aggression/M -aggressive/PY -aggressiveness/M -aggressor/SM -aggrieve/DSG -aggro -aghast -agile/Y -agility/M -aging/M -agitate/XGNDS -agitation/M -agitator/MS -agitprop/M -agleam -aglitter -aglow -agnostic/MS -agnosticism/M -ago -agog -agonist/S -agonize/GDS -agonizing/Y -agony/SM -agoraphobia/M -agoraphobic/MS -agrarian/MS -agrarianism/M -agree/EBLDS -agreeableness/EM -agreeably/E -agreeing/E -agreement/ESM -agribusiness/MS -agricultural/Y -agriculturalist/MS -agriculture/M -agriculturist/MS -agronomic -agronomist/MS -agronomy/M -aground -ague/M -ah -aha -ahchoo -ahead -ahem -ahoy -aid/SMDG -aide/SM -aided/U -aigrette/MS -ail/SDLG -aileron/SM -ailment/SM -aim/SMDG -aimless/YP -aimlessness/M -ain't -air/SMDJG -airbag/MS -airbase/SM -airbed/S -airborne -airbrush/MDSG -airbus/MS -aircraft/M -aircraftman -aircraftmen -aircrew/S -airdrome/S -airdrop/SM -airdropped -airdropping -airfare/SM -airfield/SM -airflow/M -airfoil/SM -airfreight/M -airguns -airhead/SM -airily -airiness/M -airing/M -airless/P -airlessness/M -airletters -airlift/SGMD -airline/RSMZ -airliner/M -airlock/SM -airmail/GSMD -airman/M -airmen -airplane/MS -airplay/M -airport/SM -airship/SM -airshow/S -airsick/P -airsickness/M -airspace/M -airspeed -airstrike/MS -airstrip/SM -airtight -airtime/M -airwaves/M -airway/MS -airwoman -airwomen -airworthiness/M -airworthy/P -airy/PTR -aisle/MS -aitch/MS -ajar -aka -akimbo -akin -alabaster/M -alack -alacrity/M -alarm/GMDS -alarming/Y -alarmist/SM -alas -alb/SM -albacore/SM -albatross/MS -albeit -albinism/M -albino/MS -album/MNS -albumen/M -albumin/M -albuminous -alchemist/SM -alchemy/M -alcohol/SM -alcoholic/MS -alcoholically -alcoholism/M -alcove/MS -alder/MS -alderman/M -aldermen -alderwoman/M -alderwomen -ale/SMV -aleatory -alehouse/SM -alembic/SM -alert/GMDYPS -alertness/M -alewife/M -alewives -alfalfa/M -alfresco -alga/M -algae -algal -algebra/SM -algebraic -algebraically -algorithm/SM -algorithmic -alias/GMDS -alibi/GMDS -alien/BGMDS -alienable/IU -alienate/DSGN -alienation/M -alienist/SM -alight/GDS -align/ALGDS -aligned/U -aligner/MS -alignment/AMS -alike/U -aliment/MDSG -alimentary -alimony/M -aliveness/M -aliyah/M -aliyahs -alkali/M -alkalies -alkaline -alkalinity/M -alkalize/DSG -alkaloid/SM -alkyd/MS -all/M -allay/GDS -allegation/MS -allege/GDS -alleged/Y -allegiance/MS -allegoric -allegorical/Y -allegorist/MS -allegory/SM -allegretto/MS -allegro/MS -allele/MS -alleluia/SM -allergen/SM -allergenic -allergic -allergically -allergist/SM -allergy/SM -alleviate/DSGN -alleviation/M -alley/MS -alleyway/SM -alliance/SM -alligator/MS -alliterate/DSXGNV -alliteration/M -alliterative/Y -allocate/ADSGN -allocation/AM -allocations -allot/LS -allotment/SM -allotted -allotting -allover -allow/EGDS -allowable/U -allowably -allowance/SM -alloy/GMDS -alloyed/U -allspice/M -allude/GDS -allure/MGLDS -allurement/MS -alluring/Y -allusion/SM -allusive/PY -allusiveness/M -alluvial/M -alluvium/SM -ally/GDSM -almanac/SM -almighty -almond/MS -almoner/SM -almost -alms/M -almshouse/MS -aloe/SM -aloft -aloha/MS -alone -along -alongshore -alongside -aloof/PY -aloofness/M -aloud -alp/SM -alpaca/MS -alpha/MS -alphabet/SM -alphabetic -alphabetical/Y -alphabetization/SM -alphabetize/ZGDRS -alphabetizer/M -alphanumeric -alphanumerical/Y -alpine/S -already -alright -also -alt/S -altar/MS -altarpiece/SM -alter/GDBS -alterable/U -alteration/MS -altercation/SM -altered/U -alternate/DSMYGNVX -alternation/M -alternative/MYS -alternator/SM -although -altimeter/MS -altitude/MS -alto/SM -altogether -altruism/M -altruist/SM -altruistic -altruistically -alum/SM -alumina/M -aluminum/M -alumna/M -alumnae -alumni -alumnus/M -alveolar/S -always -am/N -amalgam/SM -amalgamate/XGNDS -amalgamation/M -amanuenses -amanuensis/M -amaranth/M -amaranths -amaretto/M -amaryllis/MS -amass/GDS -amateur/SM -amateurish/YP -amateurishness/M -amateurism/M -amatory -amaze/LMGDS -amazement/M -amazing/Y -amazon/MS -amazonian -ambassador/SM -ambassadorial -ambassadorship/MS -ambassadress/MS -amber/M -ambergris/M -ambiance/MS -ambidexterity/M -ambidextrous/Y -ambient -ambiguity/SM -ambiguous/UY -ambit -ambition/MS -ambitious/YP -ambitiousness/M -ambivalence/M -ambivalent/Y -amble/MZGDRS -ambler/M -ambrosia/M -ambrosial -ambulance/MS -ambulanceman -ambulancemen -ambulancewoman -ambulancewomen -ambulant -ambulate/DSXGN -ambulation/M -ambulatory/SM -ambuscade/MGDS -ambush/GMDS -ameliorate/GNVDS -amelioration/M -amen/B -amenability/M -amenably -amend/BLGDS -amendment/SM -amenity/SM -amerce/GLDS -amercement/SM -americium/M -amethyst/SM -amiability/M -amiable -amiably -amicability/M -amicable -amicably -amid -amide/MS -amidship/S -amigo/MS -amine/S -amino -amiss -amitriptyline -amity/M -ammeter/SM -ammo/M -ammonia/M -ammonium -ammunition/M -amnesia/M -amnesiac/MS -amnesic/SM -amnesty/GDSM -amniocenteses -amniocentesis/M -amnion/MS -amniotic -amoeba/MS -amoebae -amoebic -amok -among -amontillado/SM -amoral/Y -amorality/M -amorous/YP -amorousness/M -amorphous/PY -amorphousness/M -amortization/SM -amortize/DSGB -amount/GMDS -amour/MS -amoxicillin -amp/SMY -amperage/M -ampere/MS -ampersand/MS -amphetamine/SM -amphibian/MS -amphibious/Y -amphitheater/SM -amphora/M -amphorae -ampicillin -ample/TR -amplification/M -amplifier/M -amplify/NDRSXZG -amplitude/SM -ampule/MS -amputate/GNDSX -amputation/M -amputee/MS -amt -amulet/MS -amuse/LGDS -amusement/MS -amusing/Y -amygdala -amylase/M -amyloid -an/CS -anabolism/M -anachronism/SM -anachronistic -anachronistically -anaconda/SM -anaerobe/SM -anaerobic -anaerobically -anagram/MS -anal/Y -analgesia/M -analgesic/SM -analog/MS -analogical/Y -analogize/GDS -analogous/YP -analogousness/M -analogue/SM -analogy/SM -analysand/MS -analyses/A -analysis/AM -analyst/SM -analytic/S -analytical/Y -analyzable -analyze/ADSG -analyzer/SM -anapest/SM -anapestic/MS -anarchic -anarchically -anarchism/M -anarchist/MS -anarchistic -anarchy/M -anathema/SM -anathematize/DSG -anatomic -anatomical/Y -anatomist/SM -anatomize/DSG -anatomy/SM -ancestor/SM -ancestral/Y -ancestress/MS -ancestry/SM -anchor/MDGS -anchorage/MS -anchorite/MS -anchorman/M -anchormen -anchorpeople -anchorperson/SM -anchorwoman/M -anchorwomen -anchovy/SM -ancient/SPMRYT -ancientness/M -ancillary/SM -and -andante/SM -andiron/SM -androgen/M -androgenic -androgynous -androgyny/M -android/SM -anecdotal/Y -anecdote/MS -anemia/M -anemic -anemically -anemometer/SM -anemone/SM -anent -anesthesia/M -anesthesiologist/SM -anesthesiology/M -anesthetic/SM -anesthetist/MS -anesthetization/M -anesthetize/GDS -aneurysm/SM -anew -angel/MS -angelfish/MS -angelic -angelica/M -angelical/Y -anger/GMDS -angina/M -angioplasty/SM -angiosperm/SM -angle/MZGDRS -angler/M -angleworm/MS -anglicism/S -anglicize/GDS -angling/M -anglophile/S -anglophone/S -angora/MS -angostura -angrily -angry/TR -angst/M -angstrom/MS -anguish/GMDS -angular -angularity/SM -angulation -anhydrous -aniline/M -anilingus -animadversion/MS -animadvert/GSD -animal/MS -animalcule/SM -animate/ADSGN -animated/Y -animation/AM -animations -animator/MS -anime/M -animism/M -animist/SM -animistic -animosity/SM -animus/M -anion/MS -anionic -anise/M -aniseed/M -anisette/M -ankh/M -ankhs -ankle/MS -anklebone/MS -anklet/MS -annalist/SM -annals/M -anneal/GDS -annelid/MS -annex/GMDS -annexation/MS -annihilate/DSGN -annihilation/M -annihilator/SM -anniversary/SM -annotate/DSXGNV -annotation/M -annotator/MS -announce/DRSLZG -announced/U -announcement/MS -announcer/M -annoy/GDS -annoyance/MS -annoying/Y -annual/MYS -annualized -annuitant/SM -annuity/SM -annul/LS -annular -annulled -annulling -annulment/SM -annulus -annunciation/SM -anode/MS -anodize/GDS -anodyne/MS -anoint/GDLS -anointment/M -anomalous/Y -anomaly/SM -anon/S -anonymity/M -anonymous/Y -anopheles/M -anorak/MS -anorectic/SM -anorexia/M -anorexic/MS -another -answer/BMDGS -answerable/U -answered/U -answerphone/S -ant/SMD -antacid/SM -antagonism/SM -antagonist/SM -antagonistic -antagonistically -antagonize/DSG -antarctic -ante/SM -anteater/MS -antebellum -antecedence/M -antecedent/SM -antechamber/SM -antedate/GDS -antediluvian -anteing -antelope/MS -antenatal -antenna/SM -antennae -anterior -anteroom/MS -anthem/MS -anther/MS -anthill/SM -anthologist/SM -anthologize/DSG -anthology/SM -anthracite/M -anthrax/M -anthropocentric -anthropoid/MS -anthropological/Y -anthropologist/SM -anthropology/M -anthropomorphic -anthropomorphically -anthropomorphism/M -anthropomorphize -anthropomorphous -anti/SM -antiabortion -antiabortionist/MS -antiaircraft -antibacterial/MS -antibiotic/MS -antibody/SM -antic/MS -anticancer -anticipate/GNXDS -anticipated/U -anticipation/M -anticipatory -anticked -anticking -anticlerical -anticlimactic -anticlimactically -anticlimax/MS -anticline/SM -anticlockwise -anticoagulant/MS -anticommunism/M -anticommunist/SM -anticyclone/SM -anticyclonic -antidemocratic -antidepressant/MS -antidote/MS -antifascist/MS -antiferromagnetic -antifreeze/M -antigen/SM -antigenic -antigenicity/M -antihero/M -antiheroes -antihistamine/SM -antiknock/M -antilabor -antilogarithm/SM -antimacassar/MS -antimalarial -antimatter/M -antimicrobial -antimissile -antimony/M -antineutrino/SM -antineutron/MS -antinuclear -antioxidant/MS -antiparticle/SM -antipasti -antipasto/MS -antipathetic -antipathy/SM -antipersonnel -antiperspirant/SM -antiphon/SM -antiphonal/MYS -antipodal/S -antipodean/MS -antipodes/M -antipollution -antipoverty -antiproton/MS -antiquarian/SM -antiquarianism/M -antiquary/SM -antiquate/GDS -antique/DSMG -antiquity/SM -antirrhinum/S -antiscience -antisemitic -antisemitism/M -antisepsis/M -antiseptic/SM -antiseptically -antiserum/MS -antislavery -antisocial/Y -antispasmodic/MS -antisubmarine -antitank -antitheses -antithesis/M -antithetic -antithetical/Y -antitoxin/MS -antitrust -antivenin/MS -antivenom -antiviral/MS -antivirus -antivivisectionist/MS -antiwar -antler/MDS -antonym/SM -antonymous -antrum -antsy/TR -anus/MS -anvil/MS -anxiety/SM -anxious/YP -anxiousness/M -any -anybody/SM -anyhow -anymore -anyone/M -anyplace -anything/SM -anytime -anyway/S -anywhere -anywise -aorta/MS -aortic -apace -apart -apartheid/M -apartment/MS -apathetic -apathetically -apathy/M -apatite/M -ape/DSMG -apelike -aperitif/MS -aperture/SM -apex/MS -aphasia/M -aphasic/MS -aphelia -aphelion/SM -aphid/MS -aphorism/MS -aphoristic -aphoristically -aphrodisiac/SM -apiarist/SM -apiary/SM -apical/Y -apiece -apish/Y -aplenty -aplomb/M -apocalypse/SM -apocalyptic -apocrypha/M -apocryphal/Y -apogee/MS -apolitical/Y -apologetic/U -apologetically -apologia/SM -apologist/MS -apologize/GDS -apology/SM -apoplectic -apoplexy/SM -apoptosis -apoptotic -apostasy/SM -apostate/SM -apostatize/GDS -apostle/MS -apostleship/M -apostolic -apostrophe/MS -apothecary/SM -apothegm/SM -apotheoses -apotheosis/M -app/SM -appall/GDS -appalling/Y -appaloosa/MS -apparatchik/S -apparatus/MS -apparel/MDGS -apparent/Y -apparition/SM -appeal/GMDS -appealing/UY -appear/AESDG -appearance/EAMS -appease/LZGDRS -appeasement/SM -appeaser/M -appellant/SM -appellate/XN -appellation/M -append/GDS -appendage/SM -appendectomy/SM -appendices -appendicitis/M -appendix/MS -appertain/GDS -appetite/SM -appetizer/MS -appetizing/Y -applaud/ZGDRS -applauder/M -applause/M -apple/MS -applejack/M -applesauce/M -applet/MS -appliance/SM -applicability/M -applicable/I -applicably -applicant/SM -application/AM -applicator/SM -applier/MS -applique/DSM -appliqueing -apply/ANXGDS -appoint/AELSVGD -appointee/SM -appointment's/A -appointment/ESM -apportion/AGDLS -apportionment/AM -appose/GDS -apposite/YNVP -appositeness/M -apposition/M -appositive/SM -appraisal/AMS -appraise/ADSG -appraiser/MS -appreciable/I -appreciably/I -appreciate/DSXGNV -appreciated/U -appreciation/M -appreciative/Y -appreciator/MS -appreciatory -apprehend/GDS -apprehension/MS -apprehensive/YP -apprehensiveness/M -apprentice/DSMG -apprenticeship/MS -apprise/GDS -apprize/GDS -approach/GBMDS -approachable/UI -approbation/EM -approbations -appropriate/PYGNXDS -appropriated/U -appropriateness/IM -appropriation/M -appropriator/SM -approval/EM -approvals -approve/EGDS -approved/U -approving/EY -approx -approximate/DSXYGN -approximation/M -appurtenance/SM -appurtenant -apricot/MS -apron/MS -apropos -apse/SM -apt/IYPT -apter -aptitude/SM -aptness/IM -aqua/SM -aquaculture/M -aqualung/MS -aquamarine/SM -aquanaut/MS -aquaplane/MGDS -aquarium/MS -aquatic/SM -aquatically -aquatics/M -aquatint/S -aquavit/M -aqueduct/MS -aqueous -aquifer/SM -aquiline -arabesque/MS -arability/M -arachnid/MS -arachnophobia -arbiter/SM -arbitrage/MZGDRS -arbitrager/M -arbitrageur/SM -arbitrament/SM -arbitrarily -arbitrariness/M -arbitrary/P -arbitrate/GNDS -arbitration/M -arbitrator/MS -arbor/MS -arboreal -arboretum/SM -arborvitae/SM -arbutus/MS -arc/SMDG -arcade/MS -arcane -arch/PZTGVMDRSY -archaeological/Y -archaeologist/SM -archaeology/M -archaic -archaically -archaism/MS -archaist/MS -archangel/MS -archbishop/SM -archbishopric/SM -archdeacon/SM -archdiocesan -archdiocese/MS -archduchess/MS -archduke/MS -archenemy/SM -archer/M -archery/M -archetypal -archetype/MS -archfiend/MS -archiepiscopal -archipelago/MS -architect/SM -architectonic/S -architectonics/M -architectural/Y -architecture/MS -architrave/SM -archival -archive/DSMG -archivist/MS -archness/M -archway/SM -arctic/MS -ardent/Y -ardor/MS -arduous/YP -arduousness/M -are/SMB -area/SM -areal -aren't -arena/MS -argent/M -arginine -argon/M -argosy/SM -argot/MS -arguable/IU -arguably/U -argue/ZGDRS -arguer/M -argument/MS -argumentation/M -argumentative/PY -argumentativeness/M -argyle/MS -aria/SM -arid/Y -aridity/M -aright -arise/GS -arisen -aristocracy/SM -aristocrat/SM -aristocratic -aristocratically -arithmetic/M -arithmetical/Y -arithmetician/MS -ark/SM -arm's -arm/EAGDS -armada/MS -armadillo/SM -armament/AEM -armaments -armature/MS -armband/MS -armchair/MS -armed/U -armful/MS -armhole/SM -armistice/SM -armlet/MS -armload/S -armor/ZGMDRS -armored/U -armorer/M -armorial -armory/SM -armpit/MS -armrest/SM -army/SM -aroma/MS -aromatherapist/MS -aromatherapy/M -aromatic/MS -aromatically -arose -around -arousal/M -arouse/GDS -arpeggio/MS -arr -arraign/DGSL -arraignment/SM -arrange/AESDLG -arrangement's/E -arrangement/ASM -arranger/SM -arrant -arras/MS -array/EGMDS -arrears/M -arrest/AGMDS -arrhythmia/M -arrhythmic -arrhythmical -arrival/MS -arrive/GDS -arrogance/M -arrogant/Y -arrogate/GNDS -arrogation/M -arrow/MS -arrowhead/MS -arrowroot/M -arroyo/MS -arsed -arsenal/MS -arsenic/M -arsing -arson/M -arsonist/SM -art/SM -arterial -arteriole/MS -arteriosclerosis/M -artery/SM -artful/PY -artfulness/M -arthritic/MS -arthritis/M -arthropod/MS -arthroscope/SM -arthroscopic -arthroscopy -artichoke/SM -article/MDS -articulacy/I -articular -articulate/YGNPDSX -articulateness/IM -articulation/M -artifact/SM -artifice/RSMZ -artificer/M -artificial/Y -artificiality/M -artillery/M -artilleryman/M -artillerymen -artiness/M -artisan/MS -artist/MS -artiste/MS -artistic/I -artistically -artistry/M -artless/PY -artlessness/M -artsy/TR -artwork/MS -arty/PTR -arugula -arum/SM -asap -asbestos/M -ascend/AGDS -ascendance/M -ascendancy/M -ascendant/SM -ascension/MS -ascent/MS -ascertain/GDSBL -ascertainment/M -ascetic/MS -ascetically -asceticism/M -ascot/MS -ascribe/GBDS -ascription/M -aseptic -aseptically -asexual/Y -asexuality/M -ash/MDNSG -ashamed/UY -ashcan/MS -ashlar/MS -ashore -ashram/MS -ashtray/SM -ashy/TR -aside/MS -asinine/Y -asininity/SM -ask/SDG -askance -asked/U -askew -aslant -asleep -asocial -asp/SMNX -asparagus/M -aspartame/M -aspect/MS -aspen/M -asperity/SM -aspersion/MS -asphalt/MDGS -asphodel/SM -asphyxia/M -asphyxiate/DSXGN -asphyxiation/M -aspic/MS -aspidistra/MS -aspirant/MS -aspirate/MGNDSX -aspiration/M -aspirator/SM -aspire/GDS -aspirin/MS -ass/MS -assail/GBDS -assailable/U -assailant/SM -assassin/SM -assassinate/GNXDS -assassination/M -assault/MDRGS -assay/ZGMDRS -assayer/M -assemblage/SM -assemble/AEGSD -assembler/MS -assemblies -assembly/AM -assemblyman/M -assemblymen -assemblywoman/M -assemblywomen -assent/GMDS -assert/AGVDS -assertion/AM -assertions -assertive/YP -assertiveness/M -assess/ALGDS -assessment/ASM -assessor/MS -asset/MS -asseverate/DSGN -asseveration/M -asshole/MS! -assiduity/M -assiduous/PY -assiduousness/M -assign's -assign/ALGDS -assignable -assignation/MS -assigned/U -assignee/M -assigner/MS -assignment/AMS -assignor/MS -assimilate/DSGN -assimilated/U -assimilation/M -assist/GVMDS -assistance/M -assistant/SM -assisted/U -assize/MS -assn -assoc -associate's -associate/EDSGNV -association/EM -associations -associativity -assonance/M -assonant/MS -assort/GLDS -assortative -assortment/MS -asst -assuage/GDS -assume/BGDS -assumption/SM -assumptive -assurance/ASM -assure/AGDS -assured/MYS -astatine/M -aster/EMS -asterisk/GMDS -astern -asteroid/MS -asthma/M -asthmatic/SM -asthmatically -astigmatic -astigmatism/SM -astir -astonish/DSLG -astonishing/Y -astonishment/M -astound/GDS -astounding/Y -astraddle -astrakhan/M -astral -astray -astride -astringency/M -astringent/SMY -astrolabe/SM -astrologer/SM -astrological/Y -astrologist/MS -astrology/M -astronaut/MS -astronautic/S -astronautical -astronautics/M -astronomer/SM -astronomic -astronomical/Y -astronomy/M -astrophysical -astrophysicist/MS -astrophysics/M -astute/PYTR -astuteness/M -asunder -asylum/SM -asymmetric -asymmetrical/Y -asymmetry/SM -asymptomatic -asymptotic -asymptotically -asynchronous/Y -at -atavism/M -atavist/SM -atavistic -ataxia/M -ataxic/MS -ate -atelier/SM -atheism/M -atheist/MS -atheistic -atherosclerosis/M -atherosclerotic -athirst -athlete/MS -athletic/S -athletically -athleticism -athletics/M -athwart -atilt -atishoo -atlas/MS -atmosphere/MS -atmospheric/S -atmospherically -atmospherics/M -atoll/MS -atom/SM -atomic -atomically -atomize/ZGDRS -atomizer/M -atonal/Y -atonality/M -atone/LGDS -atonement/M -atop -atria -atrial -atrioventricular -atrium/M -atrocious/PY -atrociousness/M -atrocity/SM -atrophy/DSMG -atropine/M -attach/ALGDS -attache/BM -attached/U -attachment/AM -attachments -attack/ZGMDRS -attacker/M -attain/AGDS -attainability/M -attainable/U -attainder/M -attainment/SM -attar/M -attempt's -attempt/ASDG -attend/SDRZG -attendance/SM -attendant/SM -attended/U -attendee/SM -attention/IM -attentions -attentive/IPY -attentiveness/IM -attenuate/DSGN -attenuation/M -attest/SDG -attestation/SM -attested/U -attic/SM -attire/DSMG -attitude/SM -attitudinal -attitudinize/GDS -attn -attorney/MS -attract/SGVDB -attractant/MS -attraction/MS -attractive/UY -attractiveness/M -attribute/DSMGNVBX -attributed/U -attribution/M -attributive/MYS -attrition/M -attune/DSG -atty -atwitter -atypical/Y -aubergine/S -auburn/M -auction/MDGS -auctioneer/SM -audacious/YP -audaciousness/M -audacity/M -audibility/IM -audible/MS -audibly/I -audience/MS -audio/MS -audiological -audiologist/SM -audiology/M -audiometer/SM -audiophile/SM -audiotape/SM -audiovisual/S -audiovisuals/M -audit/GMDS -audition/SMDG -auditor/MS -auditorium/SM -auditory -auger/MS -aught/MS -augment/DRZGS -augmentation/MS -augmentative -augmenter/M -augur/GMDS -augury/SM -august/PTRY -augustness/M -auk/SM -aunt/SM -auntie/SM -aura/MS -aural/Y -aureole/SM -aureus -auricle/SM -auricular -aurora/SM -auscultate/GNDSX -auscultation/M -auspice/SM -auspicious/IY -auspiciousness/M -austere/RYT -austerity/SM -austral -authentic/IU -authentically -authenticate/XGNDS -authenticated/U -authentication/M -authenticity/M -author/SMDG -authoress/MS -authorial -authoritarian/MS -authoritarianism/M -authoritative/YP -authoritativeness/M -authority/SM -authorization/MS -authorize/AGDS -authorized/U -authorship/M -autism/M -autistic -auto/MS -autobahn/SM -autobiographer/SM -autobiographic -autobiographical/Y -autobiography/SM -autoclave/MS -autocracy/SM -autocrat/SM -autocratic -autocratically -autocross -autodidact/SM -autograph/MDG -autographs -autoimmune -autoimmunity/M -automaker/SM -automate/GNDS -automatic/SM -automatically -automation/M -automatism/M -automatize/GDS -automaton/SM -automobile/DSMG -automotive -autonomic -autonomous/Y -autonomy/M -autopilot/SM -autopsy/GDSM -autosuggestion -autoworker/MS -autumn/SM -autumnal -aux -auxiliary/SM -auxin/M -av/RZ -avail/BGMDS -availability/UM -available/U -avalanche/SM -avarice/M -avaricious/Y -avast -avatar/MS -avaunt -avdp -ave -avenge/ZGDRS -avenger/M -avenue/MS -average/MYGDS -averred -averring -averse/XN -aversion/M -avert/GDS -avg -avian -aviary/SM -aviation/M -aviator/MS -aviatrices -aviatrix/MS -avid/Y -avidity/M -avionic/S -avionics/M -avitaminosis/M -avocado/SM -avocation/MS -avocational -avoid/SDGB -avoidable/U -avoidably/U -avoidance/M -avoidant -avoirdupois/M -avouch/DSG -avow/EDGS -avowal/ESM -avowed/Y -avuncular/Y -aw -await/GDS -awake/GS -awaken/AGDS -awakening/SM -award/GMDS -awardee/S -aware/UP -awareness/UM -awash -away -awe/DSMG -aweigh -awesome/YP -awesomeness/M -awestruck -awful/YP -awfuller -awfullest -awfulness/M -awhile -awkward/RYPT -awkwardness/M -awl/SM -awn/GJSM -awning/M -awoke -awoken -awry -ax/MDSG -axial/Y -axiom/SM -axiomatic -axiomatically -axis/M -axle/MS -axletree/SM -axolotl/SM -axon/MS -ayah/M -ayahs -ayatollah/M -ayatollahs -aye/SM -azalea/SM -azimuth/M -azimuths -azure/SM -b/KDT -baa/SMDG -babble/MZGDRS -babbler/M -babe/SM -babel/MS -baboon/MS -babushka/SM -baby/TGDRSM -babyhood/M -babyish -babysat -babysit/S -babysitter/MS -babysitting/M -baccalaureate/SM -baccarat/M -bacchanal/MS -bacchanalia/M -bacchanalian/MS -baccy -bachelor/SM -bachelorhood/M -bacillary -bacilli -bacillus/M -back/SJZGMDR -backache/MS -backbench/S -backbit -backbite/ZGRS -backbiter/M -backbitten -backboard/SM -backbone/MS -backbreaking -backchat -backcloth -backcloths -backcomb/DSG -backdate/GDS -backdoor -backdrop/MS -backer/M -backfield/SM -backfire/MGDS -backgammon/M -background/MRZS -backgrounder/M -backhand/MDRSZG -backhanded/Y -backhander/M -backhoe/MS -backing/M -backlash/MS -backless -backlog/MS -backlogged -backlogging -backpack/ZGMDRS -backpacker/M -backpacking/M -backpedal/SDG -backrest/SM -backroom/S -backscratching/M -backseat/SM -backside/SM -backslapper/SM -backslapping/M -backslash/MS -backslid -backslide/RSZG -backslider/M -backspace/DSMG -backspin/M -backstabber/MS -backstabbing -backstage/M -backstair/S -backstop/SM -backstopped -backstopping -backstory/S -backstreet/S -backstretch/MS -backstroke/MGDS -backtalk/M -backtrack/SDG -backup/MS -backward/PSY -backwardness/M -backwash/M -backwater/SM -backwoods/M -backwoodsman/M -backwoodsmen -backyard/SM -bacon/M -bacteria/M -bacterial -bactericidal -bactericide/SM -bacteriologic -bacteriological -bacteriologist/SM -bacteriology/M -bacterium/M -bad/MYP -badder -baddest -baddie/MS -bade -badge/MZRS -badger/GMD -badinage/M -badlands/M -badman/M -badmen -badminton/M -badmouth/GD -badmouths -badness/M -baffle/MZGDRSL -bafflement/M -baffler/M -bag/SM -bagatelle/SM -bagel/MS -bagful/MS -baggage/M -bagged -baggie/M -baggily -bagginess/M -bagging -baggy/PTRS -bagpipe/MZRS -bagpiper/M -baguette/MS -bah -baht/SM -bail/SBGMD -bailey/S -bailiff/S -bailiwick/MS -bailout/SM -bailsman/M -bailsmen -bairn/MS -bait/SGMD -baize/M -bake/DRSMZG -baked/U -baker/M -bakery/SM -bakeshop/MS -baklava/M -baksheesh/M -balaclava/MS -balalaika/MS -balance's -balance/UDSG -balboa/SM -balcony/SM -bald/STGPDRY -balderdash/M -baldfaced -baldness/M -baldric/SM -baldy/S -bale/DRSMZG -baleen/M -baleful/PY -balefulness/M -baler/M -balk/SGMD -balky/RT -ball/SGMD -ballad/SM -balladeer/MS -balladry/M -ballast/GSMD -ballcock/MS -ballerina/SM -ballet/SM -balletic -ballgame/MS -ballgirl/S -ballgown/S -ballistic/S -ballistics/M -balloon/SGMD -balloonist/MS -ballot/SMDG -ballpark/MS -ballplayer/MS -ballpoint/MS -ballroom/MS -balls/DSG -ballsy/RT -bally -ballyhoo/SMDG -balm/SM -balminess/M -balmy/RTP -baloney/M -balsa/MS -balsam/SM -balsamic -baluster/SM -balustrade/MS -bamboo/SM -bamboozle/DSG -ban/SM -banal/Y -banality/SM -banana/SM -band's -band/ESGD -bandage/DSMG -bandanna/MS -bandbox/MS -bandeau/M -bandeaux -bandit/SM -banditry/M -bandleader/S -bandmaster/SM -bandoleer/SM -bandsman/M -bandsmen -bandstand/SM -bandwagon/SM -bandwidth -bandwidths -bandy/DRSTG -bane/SM -baneful -bang/SGMDR -bangle/SM -bani -banish/GLDS -banishment/M -banister/SM -banjo/MS -banjoist/SM -bank/SZGBMDR -bankbook/SM -bankcard/SM -banker/M -banking/M -banknote/SM -bankroll/SGMD -bankrupt/SGMD -bankruptcy/SM -banned -banner/SM -banning -bannock/MS -banns/M -banquet/ZGMDRS -banqueter/M -banquette/SM -banshee/MS -bantam/SM -bantamweight/SM -banter/GSMD -bantering/Y -banyan/SM -banzai/SM -baobab/SM -bap/S -baptism/MS -baptismal -baptist/S -baptistery/SM -baptize/ZGDRS -baptized/U -baptizer/M -bar's -bar/ECUTS -barb/SZGMDR -barbacoa -barbarian/SM -barbarianism/MS -barbaric -barbarically -barbarism/SM -barbarity/SM -barbarize/DSG -barbarous/Y -barbecue/DSMG -barbel/SM -barbell/MS -barber/GMD -barberry/SM -barbershop/MS -barbie/S -barbiturate/SM -barbwire/M -barcarole/SM -bard/SM -bardic -bare/DRSPYG -bareback/D -barefaced/Y -barefoot/D -barehanded -bareheaded -barelegged -bareness/M -barf/SGMDY -barfly/SM -bargain/MDRZGS -bargainer/M -barge/MGDS -bargeman/M -bargemen -barhop/S -barhopped -barhopping -barista/MS -baritone/MS -barium/M -bark's -bark/CSGD -barkeep/ZMRS -barkeeper/M -barker/SM -barley/M -barmaid/MS -barman/M -barmen -barmy/RT -barn/SM -barnacle/MDS -barney/S -barnstorm/SDRZG -barnstormer/M -barnyard/SM -barometer/MS -barometric -barometrically -baron/MS -baronage/MS -baroness/MS -baronet/MS -baronetcy/SM -baronial -barony/SM -baroque/M -barrack/MDGS -barracuda/SM -barrage/MGDS -barre/MGJDS -barred/UEC -barrel/GSMD -barren/TPSMR -barrenness/M -barrette/SM -barricade/MGDS -barrier/MS -barring/ECU -barrio/SM -barrister/MS -barroom/MS -barrow/SM -bartender/SM -barter/ZGSMDR -barterer/M -baryon/SM -basal/Y -basalt/M -basaltic -base's -base/CDSLTG -baseball/SM -baseboard/MS -baseless -baseline/MS -basely -baseman/M -basemen -basement/CMS -baseness/M -baser -bash/GMDS -bashful/PY -bashfulness/M -bashing/M -basic/MS -basically -basil/M -basilica/MS -basilisk/MS -basin/MS -basinful/MS -basis/M -bask/SGD -basket/SM -basketball/MS -basketry/M -basketwork/M -basque/S -bass/MS -basset/SM -bassinet/MS -bassist/MS -basso/MS -bassoon/MS -bassoonist/SM -basswood/MS -bast/M -bastard/MS -bastardization/MS -bastardize/GDS -bastardy/M -baste/ZGNXDRS -baster/M -bastion/M -bat/SM -batch/MDSG -bate/KACGSD -bath/ZGMDRS -bathe/M -bather/M -bathetic -bathhouse/MS -bathing/M -bathmat/MS -bathos/M -bathrobe/SM -bathroom/SM -baths -bathtub/MS -bathwater -bathyscaphe/SM -bathysphere/MS -batik/MS -batiste/M -batman/M -batmen -baton/MS -batsman/M -batsmen -battalion/SM -batted -batten/GSMD -batter/JZGSMDR -batterer/M -battery/SM -batting/M -battle/LDRSMZG -battleaxe/MS -battledore/SM -battledress -battlefield/MS -battlefront/MS -battleground/MS -battlement/SM -battler/M -battleship/SM -batty/RT -bauble/SM -baud/SM -bauxite/M -bawd/SM -bawdily -bawdiness/M -bawdy/PRT -bawl/SGMD -bay/SMDG -bayberry/SM -bayonet/SMDG -bayou/MS -bazaar/SM -bazillion/S -bazooka/SM -bbl -bdrm -be -beach/MDSG -beachcomber/SM -beachfront -beachhead/MS -beachwear/M -beacon/SM -bead/SGMD -beading/M -beadle/SM -beady/RT -beagle/SM -beak/SZMDR -beaker/M -beam/SGMD -bean/SGMD -beanbag/MS -beanfeast/S -beanie/SM -beanpole/MS -beansprout/S -beanstalk/MS -bear/SZGBJMR -bearable/U -bearably/U -beard/MDGS -beardless -bearer/M -bearing/M -bearish/PY -bearishness/M -bearlike -bearskin/MS -beast/MS -beastliness/M -beastly/TPRM -beat/SZGBMNRJ -beatable/U -beaten/U -beater/M -beatific -beatifically -beatification/M -beatify/GXNDS -beating/M -beatitude/SM -beatnik/MS -beau/SM -beaut/MS -beauteous/Y -beautician/SM -beautification/M -beautifier/M -beautiful/Y -beautify/NDRSZG -beauty/SM -beaver/SGMD -bebop/MS -becalm/GSD -became -because -beck/SM -beckon/SGD -becloud/GDS -become/S -becoming/UY -becquerel/S -bed/SM -bedaub/GSD -bedazzle/GDSL -bedazzlement/M -bedbug/SM -bedchamber/S -bedclothes/M -bedded -bedder -bedding/M -bedeck/GSD -bedevil/LGDS -bedevilment/M -bedfellow/SM -bedhead/S -bedim/S -bedimmed -bedimming -bedizen/GDS -bedlam/SM -bedpan/SM -bedpost/SM -bedraggle/GDS -bedridden -bedrock/SM -bedroll/SM -bedroom/SM -bedside/SM -bedsit/S -bedsitter/S -bedsore/SM -bedspread/SM -bedstead/SM -bedtime/SM -bee/RSMZGJ -beebread/M -beech/MS -beechnut/MS -beef/SGMD -beefburger/SM -beefcake/MS -beefiness/M -beefsteak/MS -beefy/RPT -beehive/MS -beekeeper/MS -beekeeping/M -beeline/MS -been -beep/SZGMDR -beeper/M -beer/M -beery/TR -beeswax/M -beet/SM -beetle/MGDS -beetroot/S -beeves -befall/SGN -befell -befit/S -befitted -befitting/Y -befog/S -befogged -befogging -before -beforehand -befoul/DGS -befriend/SGD -befuddle/GLDS -befuddlement/M -beg/S -began -begat -beget/S -begetter/S -begetting -beggar/MDYGS -beggary/M -begged -begging -begin/S -beginner/SM -beginning/MS -begone -begonia/SM -begot -begotten -begrime/DSG -begrudge/DSG -begrudging/Y -beguile/DRSZGL -beguilement/M -beguiler/M -beguiling/Y -beguine/SM -begum/MS -begun -behalf/M -behalves -behave/GDS -behavior/SM -behavioral/Y -behaviorism/M -behaviorist/MS -behead/DGS -beheld -behemoth/M -behemoths -behest/MS -behind/MS -behindhand -behold/NRZGS -beholder/M -behoove/DSG -beige/M -being/M -bejewel/SDG -belabor/SDG -belated/Y -belay/GDS -belch/GMDS -beleaguer/GSD -belfry/SM -belie/DS -belief/EUM -beliefs -believable/U -believably/U -believe/EDRSZG -believer/EUMS -believing/U -belittle/LDSG -belittlement/M -bell/SGMD -belladonna/M -bellboy/SM -belle/MS -belled/A -belletrist/MS -belletristic -bellhop/SM -bellicose -bellicosity/M -belligerence/M -belligerency/M -belligerent/MYS -belling/A -bellman/M -bellmen -bellow/MDGS -bellwether/MS -belly/GDSM -bellyache/MGDS -bellybutton/SM -bellyful/MS -belong/JDGS -belonging/M -beloved/SM -below -belt/SGMD -beltway/SM -beluga/MS -belying -bemire/GDS -bemoan/DGS -bemuse/LGDS -bemused/Y -bemusement/M -bench/GMDS -benchmark/MS -bend/BSZGMR -bender/M -bendy/TR -beneath -benedictine -benediction/SM -benedictory -benefaction/SM -benefactor/MS -benefactress/MS -benefice/SM -beneficence/M -beneficent/Y -beneficial/Y -beneficiary/SM -benefit/SMDG -benevolence/SM -benevolent/Y -benighted/Y -benign/Y -benignant -benignity/M -bent/SM -bentonite -bentwood/M -benumb/DSG -benzene/M -benzine/M -benzyl -bequeath/DG -bequeaths -bequest/MS -berate/GDS -bereave/DSLG -bereavement/MS -bereft -beret/MS -berg/SM -beriberi/M -berk/S -berkelium/M -berm/SM -berry/GDSM -berrylike -berserk -berth/GMD -berths -beryl/MS -beryllium/M -beseech/ZGRS -beseecher/M -beseeching/Y -beseem/DSG -beset/S -besetting -beside/S -besiege/ZGDRS -besieger/M -besmear/DSG -besmirch/GDS -besom/MS -besot/S -besotted -besotting -besought -bespangle/DSG -bespatter/GSD -bespeak/SG -bespectacled -bespoke -bespoken -best/SGMD -bestial/Y -bestiality/M -bestiary/SM -bestir/S -bestirred -bestirring -bestow/DGS -bestowal/SM -bestrew/SDG -bestrewn -bestridden -bestride/SG -bestrode -bestseller/MS -bestselling -bet/SM -beta/SM -betake/GS -betaken -betcha -betel/M -bethink/SG -bethought -betide/GDS -betimes -betoken/GDS -betook -betray/DRZGS -betrayal/SM -betrayer/M -betroth/DG -betrothal/SM -betrothed/M -betroths -better/MDGLS -betterment/M -betting -bettor/MS -between -betwixt -bevel/GMDS -beverage/SM -bevvy/S -bevy/SM -bewail/DGS -beware/GDS -bewhiskered -bewigged -bewilder/LSGD -bewildering/Y -bewilderment/M -bewitch/GLDS -bewitching/Y -bewitchment/M -bey/SM -beyond -bezel/MS -bf -bhaji -bi/SMRZ -biannual/Y -bias/GMDS -biased/U -biathlon/SM -bib/SM -bible/MS -biblical -bibliographer/MS -bibliographic -bibliographical/Y -bibliography/SM -bibliophile/SM -bibulous -bicameral -bicameralism/M -bicarb/MS -bicarbonate/MS -bicentenary/SM -bicentennial/SM -bicep/MS -biceps/M -bicker/MDRZGS -bickerer/M -biconcave -biconvex -bicuspid/MS -bicycle/DRSMZG -bicycler/M -bicyclist/SM -bid/SMG -biddable -bidden/U -bidder/MS -bidding/M -biddy/SM -bide/S -bidet/MS -bidirectional/Y -biennial/MYS -biennium/MS -bier/M -biff/SGD -bifocal/S -bifocals/M -bifurcate/XDSGN -bifurcation/M -big/P -bigamist/SM -bigamous -bigamy/M -bigger -biggest -biggie/MS -biggish -bighead/SM -bighearted/P -bigheartedness/M -bighorn/SM -bight/MS -bigmouth/M -bigmouths -bigness/M -bigot/MDS -bigotry/SM -bigwig/MS -bijou/M -bijoux -bike/DRSMZG -biker/M -bikini/MS -bilabial/MS -bilateral/Y -bilberry/S -bile/M -bilge/MS -bilingual/SMY -bilingualism/M -bilious/P -biliousness/M -bilirubin -bilk/SZGDR -bilker/M -bill/SBJGMD -billboard/MS -billet/GMDS -billfold/SM -billhook/S -billiard/S -billiards/M -billing/M -billingsgate/M -billion/MHS -billionaire/SM -billionth/M -billionths -billow/GMDS -billowy -billy/SM -billycan/S -bimbo/MS -bimetallic/SM -bimetallism/M -bimodal -bimonthly/SM -bin/SM -binary/SM -binaural -bind's -bind/AUGS -binder/MS -bindery/SM -binding/MS -bindweed/M -binge/MDS -bingo/M -binman -binmen -binnacle/SM -binned -binning -binocular/MS -binomial/SM -bio/SM -biochemical/SMY -biochemist/MS -biochemistry/M -biodegradability/M -biodegrade/DSGB -biodiversity/M -bioethics/M -biofeedback/M -biofilm/MS -biog -biographer/SM -biographic -biographical/Y -biography/SM -biol -biologic -biological/Y -biologist/MS -biology/M -biomarker/MS -biomass/M -biomedical -bionic/S -bionically -bionics/M -biophysical -biophysicist/MS -biophysics/M -biopic/MS -biopsy/GDSM -bioreactor/S -biorhythm/MS -biosensor/S -biosphere/SM -biosynthesis -biotech -biotechnological -biotechnology/M -biotin/M -bipartisan -bipartisanship/M -bipartite -biped/MS -bipedal -biplane/MS -bipolar -bipolarity/M -biracial -birch/GMDS -bird/SZGMDR -birdbath/M -birdbaths -birdbrain/SMD -birdcage/S -birder/M -birdhouse/MS -birdie/MDS -birdieing -birdlike -birdlime/M -birdseed/M -birdsong -birdwatcher/SM -birdying -biretta/SM -birth/ZGMDR -birthday/MS -birther/M -birthmark/MS -birthplace/MS -birthrate/MS -birthright/MS -births/A -birthstone/SM -biscuit/SM -bisect/DGS -bisection/MS -bisector/SM -bisexual/MYS -bisexuality/M -bishop/MS -bishopric/SM -bismuth/M -bison/M -bisque/M -bistro/MS -bit/CSMG -bitch/GMDS -bitchily -bitchiness/M -bitchy/PRT -bitcoin/SM -bite/RSMZ -biter/M -biting/Y -bitmap/S -bitten -bitter/PMRYTS -bittern/SM -bitterness/M -bitters/M -bittersweet/MS -bitty/TR -bitumen/M -bituminous -bivalent -bivalve/SM -bivouac/MS -bivouacked -bivouacking -biweekly/SM -biyearly -biz/M -bizarre/Y -bk -bl/DG -blab/SM -blabbed -blabber/DGS -blabbermouth/M -blabbermouths -blabbing -black/PXTGMDNRYS -blackamoor/MS -blackball/SGMD -blackberry/GSM -blackbird/SM -blackboard/MS -blackcurrant/S -blacken/DG -blackface -blackguard/SM -blackhead/MS -blacking/M -blackish -blackjack/MDGS -blackleg/S -blacklist/MDSG -blackmail/MDRSZG -blackmailer/M -blackness/M -blackout/SM -blacksmith/M -blacksmiths -blacksnake/SM -blackthorn/SM -blacktop/SM -blacktopped -blacktopping -bladder/MS -blade/MDS -blag/S -blagged -blagging -blah/M -blahs/M -blame/BMGDRS -blameless/YP -blamelessness/M -blameworthiness/M -blameworthy/P -blammo -blanch/GDS -blancmange/MS -bland/PTRY -blandish/DSLG -blandishment/SM -blandness/M -blank/TGPMDRYS -blanket/GMDS -blankness/M -blare/MGDS -blarney/SMDG -blase -blaspheme/ZGDRS -blasphemer/M -blasphemous/Y -blasphemy/SM -blast/ZGMDRS -blaster/M -blastoff/MS -blat/S -blatancy/SM -blatant/Y -blather/SMDG -blaze/MZGDRS -blazer/M -blazon/MDGS -bldg -bleach/MDRSZG -bleached/U -bleacher/M -bleak/TPRY -bleakness/M -blear -blearily -bleariness/M -bleary/PRT -bleat/GMDS -bleed/ZGRS -bleeder/M -bleeding/M -bleep/ZGMDRS -bleeper/M -blemish/GMDS -blemished/U -blench/DSG -blend/ZGMDRS -blender/M -bless/GDSJ -blessed/YP -blessedness/M -blessing/M -bletch -blew -blight/ZGMDRS -blimey -blimp/MS -blimpish -blind/PZTGMDRYS -blinder/M -blindfold/SMDG -blinding/Y -blindness/M -blindside/DSG -blini/MS -blink/ZGMDRS -blinker/MDG -blintz/MS -blintze/M -blip/SM -bliss/M -blissful/YP -blissfulness/M -blister/GMDS -blistering/Y -blistery -blithe/PYTR -blitheness/M -blither/G -blithesome -blitz/GMDS -blitzkrieg/MS -blivet/S -blizzard/SM -bloat/ZGDRS -bloatware -blob/SM -blobbed -blobbing -bloc/SM -block's -block/UGDS -blockade/MZGDRS -blockader/M -blockage/MS -blockbuster/SM -blockbusting/M -blockchain/MS -blocker/MS -blockhead/SM -blockhouse/MS -blog/SM -blogged -blogger/MS -blogging -bloke/MS -blokish -blond/PTMRS -blonde/MS -blondish -blondness/M -blood/GMDS -bloodbath/M -bloodbaths -bloodcurdling -bloodhound/SM -bloodily -bloodiness/M -bloodless/YP -bloodlessness/M -bloodletting/M -bloodline/SM -bloodmobile/MS -bloodshed/M -bloodshot -bloodstain/SMD -bloodstock/M -bloodstream/SM -bloodsucker/SM -bloodsucking -bloodthirstily -bloodthirstiness/M -bloodthirsty/RPT -bloody/PTGDRS -bloom/ZGMDRS -bloomer/M -bloop/ZGMDRS -blooper/M -blossom/GMDS -blossomy -blot/SM -blotch/GMDS -blotchy/TR -blotted -blotter/MS -blotting -blotto -blouse/MGDS -blow/SZGMR -blower/M -blowfly/SM -blowgun/MS -blowhard/MS -blowhole/S -blowjob/SM -blowlamp/S -blown -blowout/SM -blowpipe/SM -blowtorch/MS -blowup/MS -blowy/TR -blowzy/RT -blubber/GSMD -blubbery -bludgeon/MDGS -blue/DRSPMTG -bluebell/MS -blueberry/SM -bluebird/MS -bluebonnet/SM -bluebottle/SM -bluefish/MS -bluegill/MS -bluegrass/M -blueish -bluejacket/SM -bluejeans/M -blueness/M -bluenose/MS -bluepoint/MS -blueprint/MDGS -bluestocking/SM -bluesy/RT -bluet/MS -bluff/ZTGPMDRYS -bluffer/M -bluffness/M -bluing/M -bluish -blunder/MDRZGS -blunderbuss/MS -blunderer/M -blunt/PTGDRYS -bluntness/M -blur/SM -blurb/MS -blurred -blurriness/M -blurring -blurry/TRP -blurt/GDS -blush/ZGMDRS -blusher/M -bluster/MDRSZG -blusterer/M -blusterous -blustery -blvd -boa/SM -boar/SM -board/ZGMDRS -boarder/M -boarding/M -boardinghouse/MS -boardroom/MS -boardwalk/MS -boast/ZGMDRS -boaster/M -boastful/PY -boastfulness/M -boat/SZGMDR -boater/M -boathouse/MS -boating/M -boatload/S -boatman/M -boatmen -boatswain/SM -boatyard/S -bob/SM -bobbed -bobbin/MS -bobbing -bobble/MGDS -bobby/SM -bobbysoxer/SM -bobcat/MS -bobolink/SM -bobsled/SM -bobsledded -bobsledder/MS -bobsledding -bobsleigh/M -bobsleighs -bobtail/SM -bobwhite/MS -boccie/M -bock/M -bod/SMDG -bodacious -bode/S -bodega/MS -bodge/GDS -bodice/MS -bodily -bodkin/MS -body/DSM -bodybuilder/SM -bodybuilding/M -bodyguard/MS -bodysuit/SM -bodywork/M -boffin/S -boffo -bog/SM -boga -bogey/GMDS -bogeyman/M -bogeymen -bogged -bogging -boggle/GDS -boggy/TR -bogie/MS -bogon -bogosity -bogus -bogyman/M -bogymen -bohemian/SM -bohemianism/M -boil/SJZGMDR -boiler/M -boilermaker/SM -boilerplate/M -boink/GDS -boisterous/YP -boisterousness/M -bola/SM -bold/PTRY -boldface/DM -boldness/M -bole/SM -bolero/MS -bolivar/MS -bolivares -boll/SM -bollard/S -bollix/GMDS -bollocking/S -bollocks -bologna/M -bolshie -bolster/GMDS -bolt's -bolt/USGD -bolthole/S -bolus/MS -bomb/SJZGMDR -bombard/GDLS -bombardier/MS -bombardment/SM -bombast/M -bombastic -bombastically -bomber/M -bombproof -bombshell/SM -bombsite/S -bonanza/MS -bonbon/MS -bonce/S -bond/SGMD -bondage/M -bondholder/MS -bonding/M -bondman/M -bondmen -bondsman/M -bondsmen -bondwoman/M -bondwomen -bone/DRSMZG -bonehead/SMD -boneless -boner/M -boneshaker/S -boneyard -bonfire/MS -bong/SGMD -bongo/MS -bonhomie/M -boniness/M -bonito/MS -bonk/SZGD -bonnet/MS -bonny/TR -bonobo/MS -bonsai/M -bonus/MS -bony/PTR -boo/SMDHG -boob/SGMD -booby/SM -boodle/MS -booger/S -boogeyman/M -boogeymen -boogie/MDS -boogieing -boogieman/M -boohoo/GMDS -book/SBJGMD -bookbinder/SM -bookbindery/SM -bookbinding/M -bookcase/MS -bookend/MS -bookie/MS -booking/M -bookish -bookkeeper/MS -bookkeeping/M -booklet/MS -bookmaker/SM -bookmaking/M -bookmark/SMDG -bookmobile/SM -bookplate/MS -bookseller/MS -bookshelf/M -bookshelves -bookshop/SM -bookstall/S -bookstore/MS -bookworm/SM -boolean -boom/SZGMDR -boombox/MS -boomerang/MDGS -boon/SM -boondocks/M -boondoggle/MZGDRS -boondoggler/M -boonies/M -boor/SM -boorish/PY -boorishness/MS -boost/ZGMDRS -booster/M -boot's -boot/ASGD -bootblack/SM -bootee/MS -booth/M -booths -bootlace/S -bootleg/MS -bootlegged -bootlegger/MS -bootlegging/M -bootless -bootstrap/MS -bootstrapped -bootstrapping -booty/SM -booze/MZGDRS -boozer/M -boozy/TR -bop/SM -bopped -bopping -borax/M -bordello/MS -border/GMDS -borderland/MS -borderline/MS -bore/DRSMZG -boredom/M -borehole/S -borer/M -boring/Y -born/IAU -borne -boron/M -borough/M -boroughs -borrow/SDRZGJ -borrower/M -borrowing/M -borscht/M -borstal/S -borzoi/SM -bosh/M -bosom's -bosom/US -bosomy -boss/DSGM -bossily -bossiness/M -bossism/M -bossy/RTP -bot/S -botanic -botanical/Y -botanist/SM -botany/M -botch/DRSZGM -botcher/M -both -bother/SMDG -botheration -bothered/U -bothersome -botnet/SM -bottle/DRSMZG -bottleneck/MS -bottler/M -bottom/SMDG -bottomless -botulinum -botulism/M -boudoir/SM -bouffant/SM -bougainvillea/MS -bough/M -boughs -bought -bouillabaisse/SM -bouillon/MS -boulder/SM -boules -boulevard/SM -bounce/DRSMZG -bouncer/M -bouncily -bounciness/M -bouncy/RTP -bound/ASMGD -boundary/SM -bounden -bounder/SM -boundless/PY -boundlessness/M -bounteous/YP -bounteousness/M -bountiful/YP -bountifulness/M -bounty/SM -bouquet/SM -bourbon/SM -bourgeois/M -bourgeoisie/M -boustrophedon -bout/MS -boutique/SM -boutonniere/MS -bouzouki/MS -bovine/SM -bovver -bow/ZGSMDR -bowdlerization/MS -bowdlerize/DSG -bowed/U -bowel/SM -bower/M -bowl/MDRZGS -bowleg/SM -bowlegged -bowler/M -bowlful/SM -bowline/SM -bowling/M -bowman/M -bowmen -bowsprit/SM -bowstring/SM -bowwow/SM -box/ZGMDNRS -boxcar/SM -boxer/M -boxing/M -boxlike -boxroom/S -boxwood/M -boxy/RT -boy/SM -boycott/SGMD -boyfriend/MS -boyhood/SM -boyish/YP -boyishness/M -boysenberry/SM -bozo/MS -bpm -bps -bra/SM -brace/MZGDRS -bracelet/MS -bracer/M -bracero/MS -bracken/M -bracket/GMDS -brackish/P -brackishness/M -bract/MS -brad/SM -bradawl/S -bradycardia -brae/SM -brag/SM -braggadocio/SM -braggart/SM -bragged -bragger/MS -bragging -braid/GMDS -braiding/M -braille/M -brain/GMDS -brainchild/M -brainchildren/M -braininess/M -brainless/Y -brainpower -brainstorm/SMDG -brainstorming/M -brainteaser/SM -brainwash/DSG -brainwashing/M -brainwave/S -brainy/PTR -braise/GDS -brake/MGDS -brakeman/M -brakemen -bramble/MS -brambly -bran/M -branch/GMDS -branchlike -brand/ZGMDRS -branded/U -brander/M -brandish/DSG -brandy/GDSM -brash/PTRY -brashness/M -brass/MS -brasserie/MS -brassiere/MS -brassily -brassiness/M -brassy/PTR -brat/SM -bratty/RT -bratwurst/SM -bravado/M -brave/GPMYDTRS -braveness/M -bravery/M -bravo/SM -bravura/SM -brawl/SDRZGM -brawler/M -brawn/M -brawniness/M -brawny/RTP -bray/DGSM -braze/DRSZG -brazen/SDYGP -brazenness/M -brazer/M -brazier/SM -breach/GMDS -bread/GMDHS -breadbasket/SM -breadboard/SM -breadbox/MS -breadcrumb/MS -breadfruit/SM -breadline/MS -breadth/M -breadths -breadwinner/SM -break/BMZGRS -breakable/MS -breakage/MS -breakaway/MS -breakdown/MS -breaker/M -breakfast/MDGS -breakfront/MS -breakneck -breakout/MS -breakpoints -breakthrough/M -breakthroughs -breakup/SM -breakwater/SM -bream/MS -breast/SMDG -breastbone/MS -breastfed -breastfeed/GS -breastplate/SM -breaststroke/SM -breastwork/MS -breath/MDRSZGB -breathalyze/ZGDRS -breathe -breather/M -breathing/M -breathless/PY -breathlessness/M -breaths -breathtaking/Y -breathy/RT -bred/I -breech/MS -breed/SRZGM -breeder/M -breeding/IM -breeze/DSMG -breezeway/SM -breezily -breeziness/M -breezy/RTP -brethren -breve/SM -brevet/SM -brevetted -brevetting -breviary/SM -brevity/M -brew/MDRZGS -brewer/M -brewery/SM -brewpub/SM -bribe/DRSMZG -briber/M -bribery/M -brick/SMDG -brickbat/SM -brickie/S -bricklayer/MS -bricklaying/M -brickwork/M -brickyard/S -bridal/SM -bride/SM -bridegroom/SM -bridesmaid/MS -bridge/DSMG -bridgeable/U -bridgehead/SM -bridgework/M -bridle/DSMG -bridled/U -bridleway/S -brie/MZR -brief's -brief/CSDTGJ -briefcase/SM -briefer -briefing/CM -briefly -briefness/M -brier/M -brig/MS -brigade/SM -brigadier/MS -brigand/SM -brigandage/M -brigantine/MS -bright/SPNRYXT -brighten/DRZG -brightener/M -brightness/M -brights/M -brill -brilliance/M -brilliancy/M -brilliant/MYS -brilliantine/M -brim/MS -brimful -brimless -brimmed -brimming -brimstone/M -brindle/DM -brine/M -bring/SRZG -bringer/M -brininess/M -brink/SM -brinkmanship/M -briny/RTP -brioche/SM -briquette/MS -brisk/SDRYTGP -brisket/SM -briskness/M -bristle/DSMG -bristly/TR -britches/M -brittle/PRMT -brittleness/M -bro/SMH -broach/MDSG -broad/SMNRYXTP -broadband/M -broadcast/AMGS -broadcaster/MS -broadcasting/M -broadcloth/M -broaden/DG -broadloom/M -broadminded -broadness/M -broadsheet/SM -broadside/MGDS -broadsword/SM -brocade/DSMG -broccoli/M -brochette/SM -brochure/MS -brogan/SM -brogue/SM -broil/SMDRZG -broiler/M -broke -broken/YP -brokenhearted/Y -brokenness/M -broker/SMDG -brokerage/MS -brolly/S -bromide/SM -bromidic -bromine/M -bronc/SM -bronchi -bronchial -bronchitic -bronchitis/M -bronchus/M -bronco/SM -broncobuster/SM -brontosaur/MS -brontosaurus/MS -bronze/DSMG -brooch/MS -brood/SMDRZG -brooder/M -broodily -brooding/MY -broodmare/MS -broody/RMPT -brook/SMDG -brooklet/SM -broom/SM -broomstick/MS -broth/MRZ -brothel/MS -brother/MY -brotherhood/MS -brotherliness/M -broths -brougham/SM -brought -brouhaha/SM -brow/MS -browbeat/SNG -brown/SMDRPTG -brownfield -brownie/MS -brownish -brownness/M -brownout/SM -brownstone/MS -browse/DRSMZG -browser/M -brr -bruin/SM -bruise/DRSMZG -bruiser/M -bruising/M -bruit/SDG -brunch/MDSG -brunet/SM -brunette/MS -brunt/M -brush/MDSG -brushoff/SM -brushstroke/S -brushwood/M -brushwork/M -brusque/RPYT -brusqueness/M -brutal/Y -brutality/SM -brutalization/M -brutalize/GDS -brute/SM -brutish/PY -brutishness/M -bu -bub/SM -bubble/DSMG -bubblegum/M -bubbly/RMT -bubo/M -buboes -buccaneer/SGMD -buck/MDGS -buckaroo/SM -buckboard/MS -bucket/SGMD -bucketful/MS -buckeye/MS -buckle's -buckle/UDSG -buckler/MS -buckram/M -bucksaw/MS -buckshot/M -buckskin/MS -buckteeth -bucktooth/MD -buckwheat/M -buckyball/SM -bucolic/MS -bucolically -bud/SM -budded -budding/S -buddy/SM -budge/DSG -budgerigar/MS -budget/SGMD -budgetary -budgie/SM -buff/AMDGS -buffalo/MDG -buffaloes -buffer/SMDG -buffet/SMDGJ -buffoon/SM -buffoonery/M -buffoonish -bug's -bug/CS -bugaboo/SM -bugbear/SM -bugged/C -bugger/SMDG -buggery -bugging/C -buggy/RSMT -bugle/DRSMZG -bugler/M -build/SMRZGJ -builder/M -building/M -buildup/SM -built/AI -builtin -bulb/MS -bulbous -bulge/DSMG -bulgy/RT -bulimarexia/M -bulimia/M -bulimic/SM -bulk/MDGS -bulkhead/MS -bulkiness/M -bulky/RTP -bull/MDGS -bulldog/SM -bulldogged -bulldogging -bulldoze/ZGDRS -bulldozer/M -bullet/SMD -bulletin/MDGS -bulletproof/SDG -bullfight/SMRZG -bullfighter/M -bullfighting/M -bullfinch/MS -bullfrog/MS -bullhead/MDS -bullheaded/PY -bullheadedness/M -bullhorn/MS -bullion/M -bullish/YP -bullishness/M -bullock/SM -bullpen/SM -bullring/MS -bullseye -bullshit/MS! -bullshitted/! -bullshitter/SM! -bullshitting/! -bullwhip/S -bully/DSMG -bulrush/MS -bulwark/MS -bum/SM -bumbag/S -bumble/DRSZG -bumblebee/SM -bumbler/M -bumf -bummed -bummer/SM -bummest -bumming -bump/MDRZGS -bumper/M -bumph -bumpiness/M -bumpkin/MS -bumptious/PY -bumptiousness/M -bumpy/PRT -bun/SM -bunch/MDSG -bunchy/RT -bunco/SMDG -bundle/DSMG -bung/MDGS -bungalow/MS -bungee/SM -bunghole/MS -bungle/DRSMZG -bungler/M -bunion/SM -bunk's -bunk/CDGS -bunker/SM -bunkhouse/SM -bunkum/M -bunny/SM -bunt/MDGSJ -bunting/M -buoy/MDGS -buoyancy/M -buoyant/Y -bur/SMY -burble/DSMG -burbs/M -burden's -burden/USGD -burdensome -burdock/M -bureau/SM -bureaucracy/SM -bureaucrat/MS -bureaucratic -bureaucratically -bureaucratization/M -bureaucratize/GDS -burg/MRZS -burgeon/DSG -burger/M -burgh/MRZ -burgher/M -burghs -burglar/MS -burglarize/GDS -burglarproof -burglary/SM -burgle/DSG -burgomaster/SM -burgundy/SM -burial/ASM -burka/SM -burl/MDS -burlap/M -burlesque/MGDS -burliness/M -burly/RPT -burn/MDRZGSB -burnable/SM -burner/M -burnish/ZGMDRS -burnisher/M -burnoose/MS -burnout/MS -burnt -burp/MDGS -burr/MDGS -burrito/MS -burro/SM -burrow/SMDRZG -burrower/M -bursa/M -bursae -bursar/SM -bursary/SM -bursitis/M -burst/SMG -bury/ADSG -bus/AMS -busboy/SM -busby/SM -bused -busgirl/MS -bush/MDSGJ -bushel/SGMD -bushiness/M -bushing/M -bushman/M -bushmaster/SM -bushmen -bushwhack/DRSZG -bushwhacker/M -bushy/RPT -busily -business/MS -businesslike -businessman/M -businessmen -businessperson/SM -businesswoman/M -businesswomen -busing/M -busk/DRZGS -buskin/SM -busload/S -buss/MDSG -bust/MDRZGS -buster/M -bustle/DSMG -busty/RZT -busy/DRSTGP -busybody/SM -busyness/M -busywork/M -but/ACS -butane/M -butch/MRSZ -butcher/MDG -butchery/SM -butler/SM -butt/MDRZGS -butte/SM -butted/A -butter/MDG -butterball/MS -buttercream -buttercup/SM -butterfat/M -butterfingered -butterfingers/M -butterfly/GDSM -buttermilk/M -butternut/SM -butterscotch/M -buttery/TRSM -butting/A -buttock/SM -button's -button/USDG -buttonhole/DSMG -buttonwood/MS -buttress/MDSG -butty/S -buxom -buy/ZGSMR -buyback/SM -buyer/M -buyout/SM -buzz/MDRSZG -buzzard/MS -buzzer/M -buzzkill/SM -buzzword/SM -bx -bxs -by/M -bye/SM -bygone/SM -bylaw/SM -byline/SM -bypass/GMDS -bypath/M -bypaths -byplay/M -byproduct/MS -byre/S -byroad/SM -bystander/MS -byte/MS -byway/SM -byword/SM -byzantine -c/IES -ca -cab/SMRZ -cabal/MS -cabala's -caballero/MS -cabana/SM -cabaret/SM -cabbage/MS -cabbed -cabbing -cabby/SM -cabdriver/SM -cabin/MS -cabinet/SM -cabinetmaker/MS -cabinetmaking/M -cabinetry/M -cabinetwork/M -cable/MGDS -cablecast/GMS -cablegram/MS -cabochon/SM -caboodle/M -caboose/SM -cabriolet/SM -cabstand/SM -cacao/MS -cache/MGDS -cachepot/SM -cachet/MS -cackle/MZGDRS -cackler/M -cacophonous -cacophony/SM -cacti -cactus/M -cad/SM -cadaver/SM -cadaverous -caddie/MDS -caddish/YP -caddishness/M -caddying -cadence/DSM -cadenza/SM -cadet/MS -cadge/ZGDRS -cadger/M -cadmium/M -cadre/MS -caducei -caduceus/M -caesura/SM -cafe/SM -cafeteria/MS -cafetiere/S -caff/CS -caffeinated -caffeine/M -caftan/MS -cage/DSMG -cagey -cagier -cagiest -cagily -caginess/M -cagoule/S -cahoot/MS -caiman/MS -cairn/MS -caisson/SM -caitiff/SM -cajole/ZGLDRS -cajolement/M -cajoler/M -cajolery/M -cake/DSMG -cakewalk/SM -cal -calabash/MS -calaboose/SM -calamari/SM -calamine/M -calamitous/Y -calamity/SM -calcareous -calciferous -calcification/M -calcify/GNDS -calcimine/DSMG -calcine/DSG -calcite/M -calcium/M -calculable/I -calculate/AGNVDSX -calculated/Y -calculating/Y -calculation/AM -calculator/SM -calculi -calculus/M -caldera/SM -calendar/MDGS -calf/M -calfskin/M -caliber/SM -calibrate/GNDSX -calibration/M -calibrator/SM -calico/M -calicoes -californium/M -caliper/SGMD -caliph/M -caliphate/MS -caliphs -calisthenic/S -calisthenics/M -calk/SGMD -call/ASGMD -calla/MS -callable -callback/MS -called/U -caller/MS -calligrapher/SM -calligraphic -calligraphist/MS -calligraphy/M -calling/SM -calliope/MS -callosity/SM -callous/PGDSY -callousness/M -callow/RPT -callowness/M -callus/MDSG -calm/PSTGMDRY -calmness/M -caloric -calorie/MS -calorific -calumet/MS -calumniate/GNDS -calumniation/M -calumniator/MS -calumnious -calumny/SM -calve/GDS -calypso/MS -calyx/MS -cam/SM -camaraderie/M -camber/MDSG -cambial -cambium/SM -cambric/M -camcorder/SM -came -camel/MS -camelhair -camellia/MS -cameo/MS -camera/MS -cameraman/M -cameramen -camerapeople -cameraperson -camerawoman/M -camerawomen -camerawork -camiknickers -camisole/SM -camouflage/MZGDRS -camouflager/M -camp's -camp/CSGD -campaign/SMDRZG -campaigner/M -campanile/SM -campanologist/MS -campanology/M -camper/MS -campfire/SM -campground/SM -camphor/M -camping/M -campsite/SM -campus/MS -campy/TR -camshaft/SM -can't -can/SMDRZG -canal/MS -canalization/M -canalize/GDS -canape/MS -canard/MS -canary/SM -canasta/M -cancan/MS -cancel/DRSZG -canceler/M -cancellation/SM -cancelous -cancer/MS -cancerous -candelabra/SM -candelabrum/M -candid/YP -candida -candidacy/SM -candidate/MS -candidature/SM -candidness/M -candle/MZGDRS -candlelight/M -candlelit -candlepower/M -candler/M -candlestick/MS -candlewick/SM -candor/M -candy/GDSM -candyfloss -cane/SM -canebrake/MS -caner/M -canine/MS -canister/SM -canker/GMDS -cankerous -cannabis/MS -canned -cannelloni/M -cannery/SM -cannibal/SM -cannibalism/M -cannibalistic -cannibalization/M -cannibalize/GDS -cannily/U -canniness/M -canning -cannon/GMDS -cannonade/MGDS -cannonball/SM -cannot -canny/UTR -canoe/MDS -canoeing -canoeist/SM -canola/M -canon/MS -canonical/Y -canonization/SM -canonize/DSG -canoodle/DSG -canopy/GDSM -canst -cant's -cant/CZRDGS -cantabile -cantaloupe/SM -cantankerous/PY -cantankerousness/M -cantata/MS -canteen/MS -canter/CM -cantered -cantering -canticle/MS -cantilever/MDGS -canto/MS -canton/MLS -cantonal -cantonment/MS -cantor/MS -canvas/MGDS -canvasback/SM -canvass/MDRSZG -canvasser/M -canyon/MGS -cap/SMDRBZ -capabilities -capability/IM -capable/I -capably/I -capacious/PY -capaciousness/M -capacitance/M -capacities -capacitor/SM -capacity/IM -caparison/MDGS -cape/SM -caper/GMD -capeskin/M -capillarity/M -capillary/SM -capital/MSY -capitalism/M -capitalist/SM -capitalistic -capitalistically -capitalization/M -capitalize/ADSG -capitation/CSM -capitol/SM -capitulate/ADSXGN -capitulation/AM -caplet/MS -capo/SM -capon/MS -capped/UA -capping/UA -cappuccino/SM -caprice/SM -capricious/PY -capriciousness/M -capsicum/SM -capsize/DSG -capstan/SM -capstone/MS -capsular -capsule/DSMG -capsulize/DSG -capt -captain/SMDG -captaincy/SM -caption/SMDG -captious/YP -captiousness/M -captivate/DSGN -captivation/M -captivator/SM -captive/SM -captivity/SM -captor/MS -capture/ADSMG -car/SMDRZG -carafe/MS -caramel/SM -caramelize/DSG -carapace/SM -carat/MS -caravan/SM -caravansary/SM -caravel/SM -caraway/SM -carbide/SM -carbine/SM -carbohydrate/SM -carbolic -carbon/MS -carbonaceous -carbonate/MGNDS -carbonation/M -carboniferous -carbonize/GDS -carborundum/M -carboy/MS -carbs -carbuncle/SM -carbuncular -carburetor/SM -carcass/MS -carcinogen/SM -carcinogenic/MS -carcinogenicity/M -carcinoma/MS -card/ESGMD -cardamom/SM -cardamon/S -cardboard/M -carder/MS -cardholder/S -cardiac -cardie/S -cardigan/SM -cardinal/SMY -cardio -cardiogram/SM -cardiograph/M -cardiographs -cardiologist/MS -cardiology/M -cardiomyopathy -cardiopulmonary -cardiovascular -cardsharp/MRZS -cardsharper/M -care/SM -careen/DGS -career/MDGS -careerism -careerist/SM -carefree -careful/YP -carefuller -carefullest -carefulness/M -caregiver/SM -careless/PY -carelessness/M -carer/M -caress/MDSG -caret/MS -caretaker/MS -careworn -carfare/M -cargo/M -cargoes -carhop/MS -caribou/SM -caricature/MGDS -caricaturist/SM -caries/M -carillon/SM -caring/M -carious -carjack/JSDRZG -carjacker/M -carjacking/M -carload/SM -carmaker/S -carmine/SM -carnage/M -carnal/Y -carnality/M -carnation/IMS -carnelian/MS -carnival/MS -carnivora -carnivore/SM -carnivorous/PY -carnivorousness/M -carny/SM -carob/MS -carol/ZGMDRS -caroler/M -carom/GMDS -carotene/M -carotid/SM -carousal/SM -carouse/DRSMZG -carousel/SM -carouser/M -carp/SZGMDR -carpal/MS -carpel/MS -carpenter/MDGS -carpentry/M -carper/M -carpet/MDGS -carpetbag/MS -carpetbagged -carpetbagger/MS -carpetbagging -carpeting/M -carpi -carpool/SMDG -carport/SM -carpus/M -carrel/MS -carriage/SM -carriageway/S -carrier/M -carrion/M -carrot/MS -carroty -carry/ZGDRSM -carryall/SM -carrycot/S -carryout -carryover/MS -carsick/P -carsickness/M -cart/SZGMDR -cartage/M -cartel/MS -carter/M -carthorse/SM -cartilage/SM -cartilaginous -cartload/SM -cartographer/SM -cartographic -cartography/M -carton/MS -cartoon/SMDG -cartoonist/MS -cartridge/MS -cartwheel/GMDS -carve/JZGDRS -carver/M -carvery/S -carving/M -caryatid/MS -casaba/MS -cascade/DSMG -cascara/SM -case/LDSJMG -casebook/S -cased/U -caseharden/DGS -casein/M -caseload/MS -casement/MS -casework/ZMR -caseworker/M -cash/GMDS -cashback/M -cashbook/MS -cashew/MS -cashier/GSMD -cashless -cashmere/M -casing/M -casino/MS -cask/SM -casket/MS -cassava/SM -casserole/DSMG -cassette/MS -cassia/MS -cassock/SM -cassowary/SM -cast/ASGM -castanet/MS -castaway/MS -caste/JMZRS -castellated -caster/M -castigate/DSGN -castigation/M -castigator/SM -casting/AM -castle/MGDS -castoff/SM -castor/MS -castrate/GNXDS -castration/M -casual/PMYS -casualness/M -casualty/SM -casuist/SM -casuistic -casuistry/M -cat/SM -cataclysm/MS -cataclysmal -cataclysmic -catacomb/SM -catafalque/MS -catalepsy/M -cataleptic/MS -catalog/ZGSMDR -cataloger/M -catalpa/SM -catalyses -catalysis/M -catalyst/MS -catalytic/M -catalyze/GDS -catamaran/SM -catapult/GMDS -cataract/MS -catarrh/M -catastrophe/MS -catastrophic -catastrophically -catatonia/M -catatonic/SM -catbird/SM -catboat/SM -catcall/GSMD -catch/ZGJLMRS -catchall/MS -catcher/M -catchment/MS -catchpenny -catchphrase/SM -catchword/MS -catchy/RT -catechism/SM -catechist/SM -catechize/DSG -categorical/Y -categorization/MS -categorize/GDS -category/SM -cater/ZGJDRS -catercorner -caterer/M -caterpillar/MS -caterwaul/SMDG -catfish/MS -catgut/M -catharses -catharsis/M -cathartic/SM -cathedral/SM -catheter/SM -catheterize/DSG -cathode/SM -cathodic -catholic -catholicity/M -cation/MS -catkin/MS -catlike -catnap/MS -catnapped -catnapping -catnip/M -catsuit/S -cattail/SM -catted -cattery/S -cattily -cattiness/M -catting -cattle/M -cattleman/M -cattlemen -catty/TPR -catwalk/SM -caucus/MDSG -caudal/Y -caught/U -cauldron/MS -cauliflower/SM -caulk/ZGMDRS -caulker/M -causal/Y -causality/SM -causation/M -causative -cause/MZGDRS -causeless -causer/M -causerie/SM -causeway/SM -caustic/SM -caustically -causticity/M -cauterization/M -cauterize/GDS -caution/SMDG -cautionary -cautious/IY -cautiousness/M -cavalcade/MS -cavalier/SMY -cavalry/SM -cavalryman/M -cavalrymen -cave/DRSMZG -caveat/MS -caveman/M -cavemen -cavern/MS -cavernous/Y -caviar/M -cavil/ZGJMDRS -caviler/M -caving/M -cavitation -cavity/FSM -cavort/DGS -caw/SMDG -cay/CSM -cayenne/M -cayuse/MS -cc -cease/CMGDS -ceasefire/MS -ceaseless/YP -ceaselessness/M -ceca -cecal -cecum/M -cedar/MS -cede/FAGSD -ceder/MS -cedilla/SM -ceilidh -ceilidhs -ceiling/MS -celandine/M -celeb/S -celebrant/SM -celebrate/DSGNX -celebration/M -celebrator/SM -celebratory -celebrity/SM -celeriac -celerity/M -celery/M -celesta/MS -celestial/Y -celibacy/M -celibate/MS -cell/SMD -cellar/MS -cellist/SM -cellmate/SM -cello/MS -cellophane/M -cellphone/MS -cellular/SM -cellulite/M -cellulitis -celluloid/M -cellulose/M -cement/MDRZGS -cementer/M -cementum/M -cemetery/SM -cenobite/MS -cenobitic -cenotaph/M -cenotaphs -censer/MS -censor/MDGS -censored/U -censorial -censorious/PY -censoriousness/M -censorship/M -censure/BDRSMZG -censurer/M -census/MDSG -cent/SZMR -centaur/SM -centavo/SM -centenarian/MS -centenary/SM -centennial/MYS -center/MDG -centerboard/SM -centerfold/MS -centerpiece/MS -centigrade -centigram/SM -centiliter/MS -centime/SM -centimeter/MS -centipede/SM -central/SMY -centralism -centralist -centrality/M -centralization/CM -centralize/CGDS -centralizer/MS -centrifugal/Y -centrifuge/DSMG -centripetal/Y -centrism/M -centrist/MS -centurion/SM -century/SM -cephalic -ceramic/SM -ceramicist/SM -ceramics/M -ceramist/MS -cereal/MS -cerebellar -cerebellum/SM -cerebra -cerebral -cerebrate/GNDS -cerebration/M -cerebrovascular -cerebrum/MS -cerement/MS -ceremonial/SMY -ceremonious/UY -ceremoniousness/M -ceremony/SM -cerise/M -cerium/M -cermet/M -cert/S -certain/UY -certainty/USM -certifiable -certifiably -certificate/MGNXDS -certification/M -certify/DSG -certitude/IM -certitudes -cerulean/M -cervical -cervices -cervix/M -cesarean/MS -cesium/M -cessation/MS -cession/KAFSM -cesspit/S -cesspool/MS -cetacean/MS -ceteris -cf -cg -ch/IFVT -chad/S -chafe/GDS -chaff/GMDS -chaffinch/MS -chagrin/GSMD -chain's -chain/UGDS -chainsaw/MDGS -chair/GMDS -chairlift/MS -chairman/M -chairmanship/SM -chairmen -chairperson/SM -chairwoman/M -chairwomen -chaise/MS -chalcedony/M -chalet/MS -chalice/SM -chalk/GMDS -chalkboard/SM -chalkiness/M -chalky/PRT -challenge/DRSMZG -challenged/U -challenger/M -challis/M -chamber/SMD -chamberlain/MS -chambermaid/MS -chambray/M -chameleon/SM -chamois/M -chamomile/MS -champ/ZGMDS -champagne/MS -champion/GMDS -championship/MS -chance/MGDS -chancel/SM -chancellery/SM -chancellor/MS -chancellorship/M -chancery/SM -chanciness/M -chancre/SM -chancy/PRT -chandelier/SM -chandler/MS -change/MZGDRS -changeability/M -changeable/P -changeableness/M -changeably -changed/U -changeless/Y -changeling/SM -changeover/SM -changer/M -changing/U -channel/GSMD -channelization/M -channelize/DSG -chanson/SM -chant/ZGMDRS -chanter/M -chanteuse/MS -chantey/SM -chanticleer/MS -chaos/M -chaotic -chaotically -chap/SM -chaparral/SM -chapati/S -chapatti/S -chapbook/MS -chapeau/SM -chapel/MS -chaperon/MDGS -chaperonage/M -chaperoned/U -chaplain/MS -chaplaincy/SM -chaplet/SM -chapped -chapping -chappy/S -chapter/SM -char/SM -charabanc/MS -character/MS -characterful -characteristic/SM -characteristically/U -characterization/MS -characterize/DSG -characterless -charade/SM -charbroil/GDS -charcoal/MS -chard/M -chardonnay/SM -charge/AESDGM -chargeable/A -charged/U -charger/SM -charily -chariness/M -chariot/SM -charioteer/MS -charisma/M -charismatic/MS -charitable/P -charitableness/M -charitably/U -charity/SM -charlady/S -charlatan/SM -charlatanism/M -charlatanry/M -charlie/S -charm/ZGMDRS -charmer/M -charming/Y -charmless -charred -charring -chart/GMDS -charted/U -charter's -charter/ASGD -charterer/MS -chartreuse/M -charwoman/M -charwomen -chary/TRP -chase/MZGDRS -chaser/M -chasm/MS -chassis/M -chaste/PYTR -chasten/DGS -chasteness/M -chastise/DRSZGL -chastisement/SM -chastiser/M -chastity/M -chasuble/SM -chat/SM -chateau/SM -chateaux -chatelaine/SM -chatline/S -chatroom/M -chatted -chattel/MS -chatter/MDRZGS -chatterbox/MS -chatterer/M -chattily -chattiness/M -chatting -chatty/TPR -chauffeur/GMDS -chauvinism/M -chauvinist/SM -chauvinistic -chauvinistically -cheap/PXTNRY -cheapen/DG -cheapness/M -cheapo -cheapskate/MS -cheat/ZGMDRS -cheater/M -check/AGMDS -checkbook/SM -checkbox -checked/U -checker/MDGS -checkerboard/SM -checkers/M -checklist/MS -checkmate/MGDS -checkoff/SM -checkout/SM -checkpoint/SM -checkroom/MS -checksum -checkup/MS -cheddar/M -cheek/GMDS -cheekbone/SM -cheekily -cheekiness/M -cheeky/TPR -cheep/GMDS -cheer/ZGMDRS -cheerer/M -cheerful/YP -cheerfuller -cheerfullest -cheerfulness/M -cheerily -cheeriness/M -cheerio/MS -cheerleader/SM -cheerless/PY -cheerlessness/M -cheery/TPR -cheese/MGDS -cheeseboard/S -cheeseburger/SM -cheesecake/SM -cheesecloth/M -cheeseparing/M -cheesiness/M -cheesy/TPR -cheetah/M -cheetahs -chef/SM -chem -chemical/SMY -chemise/MS -chemist/MS -chemistry/M -chemo/M -chemotherapeutic -chemotherapy/M -chemurgy/M -chenille/M -cherish/DSG -cheroot/MS -cherry/SM -chert/M -cherub/MS -cherubic -cherubim -chervil/M -chess/M -chessboard/MS -chessman/M -chessmen -chest/MDS -chesterfield/SM -chestful/SM -chestnut/SM -chesty/TR -chevalier/SM -cheviot/M -chevron/MS -chew/SZGMDR -chewer/M -chewiness/M -chewy/PTR -chg -chge -chi/SM -chiaroscuro/M -chic/PTMR -chicane/MS -chicanery/SM -chichi/MS -chick/XMNS -chickadee/SM -chicken/MDG -chickenfeed/M -chickenhearted -chickenpox/M -chickenshit/S! -chickpea/SM -chickweed/M -chicle/M -chicness/M -chicory/SM -chide/GDS -chiding/Y -chief/TMRYS -chiefdom/M -chieftain/MS -chieftainship/SM -chiffon/M -chiffonier/MS -chigger/MS -chignon/MS -chihuahua/SM -chilblain/SM -child/M -childbearing/M -childbirth/M -childbirths -childcare/M -childhood/SM -childish/YP -childishness/M -childless/P -childlessness/M -childlike -childminder/S -childminding -childproof/GSD -children/M -chili/M -chilies -chill/JPZTGMDRS -chiller/M -chilliness/M -chilling/Y -chillness/M -chilly/TPR -chime/MZGDRS -chimer/M -chimera/MS -chimeric -chimerical -chimney/MS -chimp/MS -chimpanzee/SM -chin/SM -china/M -chinaware/M -chinchilla/MS -chine/MS -chink/GMDS -chinless -chinned -chinning -chino/MS -chinstrap/MS -chintz/M -chintzy/RT -chinwag/S -chip/SM -chipboard -chipmunk/SM -chipolata/S -chipped -chipper/MS -chippie -chipping/S -chippy/S -chirography/M -chiropodist/MS -chiropody/M -chiropractic/SM -chiropractor/SM -chirp/GMDS -chirpily -chirpy/PTR -chirrup/GMDS -chisel/ZGMDRS -chiseler/M -chit/SM -chitchat/SM -chitchatted -chitchatting -chitin/M -chitinous -chitosan -chitterlings/M -chivalrous/PY -chivalrousness/M -chivalry/M -chive/MS -chivy/GDS -chlamydia/MS -chlamydiae -chloral/M -chlordane/M -chloride/MS -chlorinate/GNDS -chlorination/M -chlorine/M -chlorofluorocarbon/SM -chloroform/SGMD -chlorophyll/M -chloroplast/MS -chm -choc/S -chock/GMDS -chockablock -chocoholic/SM -chocolate/MS -chocolaty -choice/MTRS -choir/MS -choirboy/MS -choirmaster/SM -choke/MZGDRS -chokecherry/SM -choker/M -cholecystectomy -cholecystitis -choler/M -cholera/M -choleric -cholesterol/M -chomp/ZGMDRS -choose/ZGRS -chooser/M -choosiness/M -choosy/TPR -chop/SM -chophouse/SM -chopped -chopper/MDGS -choppily -choppiness/M -chopping -choppy/TPR -chopstick/SM -choral/MYS -chorale/MS -chord/MS -chordal -chordate/SM -chore/MS -chorea/M -choreograph/DRZG -choreographer/M -choreographic -choreographically -choreographs -choreography/M -chorister/SM -choroid/MS -chortle/MZGDRS -chortler/M -chorus/GMDS -chose -chosen -chow/SGMD -chowder/MS -chrism/M -christen/ASGD -christening/MS -christian/U -christology -chromatic -chromatically -chromatin/M -chromatography -chrome/MGDS -chromium/M -chromosomal -chromosome/MS -chronic -chronically -chronicle/DRSMZG -chronicler/M -chronograph/M -chronographs -chronological/Y -chronologist/MS -chronology/SM -chronometer/SM -chrysalis/MS -chrysanthemum/MS -chub/SM -chubbiness/M -chubby/TPR -chuck/GMDS -chuckhole/SM -chuckle/MGDS -chuffed -chug/SM -chugged -chugging -chukka/MS -chum/SM -chummed -chummily -chumminess/M -chumming -chummy/PTR -chump/MS -chunder/GDS -chunk/GMDS -chunkiness/M -chunky/PTR -chunter/DGS -church/MS -churchgoer/SM -churchgoing/M -churchman/M -churchmen -churchwarden/MS -churchwoman -churchwomen -churchyard/SM -churl/MS -churlish/PY -churlishness/M -churn/ZGMDRS -churner/M -chute/MS -chutney/MS -chutzpah/M -chyme/M -chyron/MS -ciabatta/SM -ciao/S -cicada/MS -cicatrices -cicatrix/M -cicerone/SM -ciceroni -cider's -cider/S -cigar/MS -cigarette/MS -cigarillo/MS -cilantro/M -cilia -cilium/M -cinch/GMDS -cinchona/SM -cincture/SM -cinder/GMDS -cine -cinema/MS -cinematic -cinematographer/MS -cinematographic -cinematography/M -cinnabar/M -cinnamon/M -cipher's -cipher/CGDS -cir -circa -circadian -circle/MGDS -circlet/MS -circuit/MDGS -circuital -circuitous/YP -circuitousness/M -circuitry/M -circuity/M -circular/SMY -circularity/M -circularize/DSG -circulate/ADSG -circulation/SM -circulatory -circumcise/XDSGN -circumcised/U -circumcision/M -circumference/MS -circumferential -circumflex/MS -circumlocution/MS -circumlocutory -circumnavigate/XGNDS -circumnavigation/M -circumpolar -circumscribe/GDS -circumscription/MS -circumspect/Y -circumspection/M -circumstance/MGDS -circumstantial/Y -circumvent/DSG -circumvention/M -circus/MS -cirque/MS -cirrhosis/M -cirrhotic/SM -cirri -cirrus/M -cis -cisgender -cistern/MS -cit -citadel/MS -citation/AMS -cite's -cite/IAGSD -citified -citizen/MS -citizenry/M -citizenship/M -citric -citron/MS -citronella/M -citrus/MS -city/SM -citywide -civet/MS -civic/S -civically -civics/M -civil/UY -civilian/MS -civility/ISM -civilization/MS -civilize/GDS -civilized/U -civvies/M -ck -cl -clack/GMDS -clad/U -cladding/M -clade -claim's -claim/CKEAGDS -claimable/A -claimant/MS -claimed/U -claimer/ECSM -clairvoyance/M -clairvoyant/MS -clam/SM -clambake/MS -clamber/ZGMDRS -clamberer/M -clammed -clammily -clamminess/M -clamming -clammy/PTR -clamor/GMDS -clamorous -clamp/GMDS -clampdown/MS -clan/SM -clandestine/Y -clang/ZGMDRS -clangor/M -clangorous/Y -clank/GMDS -clannish/P -clannishness/M -clansman/M -clansmen -clanswoman -clanswomen -clap/SM -clapboard/MDGS -clapped -clapper/MS -clapperboard/S -clapping/M -claptrap/M -claque/MS -claret/MS -clarification/M -clarify/XDSNG -clarinet/SM -clarinetist/SM -clarion/MDGS -clarity/M -clash/GMDS -clasp's -clasp/UGDS -class/GMDS -classic/MS -classical/MY -classicism/M -classicist/MS -classifiable -classification/CAM -classifications -classified's -classified/U -classifieds -classifier/MS -classify/ACSDGN -classiness/M -classism -classless/P -classmate/MS -classroom/MS -classwork/M -classy/TRP -clatter/GMDS -clausal -clause/MS -claustrophobia/M -claustrophobic -clavichord/SM -clavicle/MS -clavier/MS -claw's -claw/CSGD -clay/M -clayey -clayier -clayiest -clean/BJPZTGDRYS -cleaner/M -cleaning/M -cleanliness/UM -cleanly/UTPR -cleanness/UM -cleanse/ZGDRS -cleanser/M -cleanup/MS -clear/JPTGMDRYS -clearance/SM -clearheaded -clearing/M -clearinghouse/SM -clearness/M -clearway/S -cleat/MS -cleavage/MS -cleave/ZGDRS -cleaver/M -clef/SM -cleft/MS -clematis/MS -clemency/IM -clement/Y -clementine/S -clench/GMDS -clerestory/SM -clergy/SM -clergyman/M -clergymen -clergywoman/M -clergywomen -cleric/MS -clerical/Y -clericalism/M -clerk/GMDS -clerkship/M -clever/PTRY -cleverness/M -clevis/MS -clew/SGMD -cliche/MDS -click/BZGMDRS -clickbait -clicker/M -client/MS -clientele/MS -cliff/MS -cliffhanger/SM -cliffhanging -clifftop/S -clii -climacteric/M -climactic -climate/SM -climatic -climatically -climatologist/SM -climatology/M -climax/MDSG -climb/SMDRZGB -climber/M -climbing/M -clime/SM -clinch/MDRSZG -clincher/M -cling/SMRZG -clinger/M -clingfilm -clingy/RT -clinic/SM -clinical/Y -clinician/SM -clink/SMDRZG -clinker/M -cliometric/S -cliometrician/MS -cliometrics/M -clip/SM -clipboard/MS -clipped -clipper/SM -clipping/SM -clique/SM -cliquey -cliquish/YP -cliquishness/M -clit/SM -clitoral -clitorides -clitoris/MS -clix -cloaca/M -cloacae -cloak's -cloak/USDG -cloakroom/MS -clobber/SMDG -cloche/SM -clock/SMDG -clockwise -clockwork/SM -clod/MS -cloddish -clodhopper/MS -clog's -clog/US -clogged/U -clogging/U -cloisonne/M -cloister/SMDG -cloistral -clomp/SDG -clonal -clone/DSMG -clonidine -clonk/SMDG -clop/MS -clopped -clopping -close/DRSMYTGJP -closefisted -closemouthed -closeness/M -closeout/MS -closet/SMDG -closeup/SM -closing/M -closure/ESM -clot/MS -cloth/M -clothe/UDSG -clotheshorse/MS -clothesline/SM -clothespin/SM -clothier/MS -clothing/M -cloths -clotted -clotting -cloture/SM -cloud/SMDG -cloudburst/SM -clouded/U -cloudiness/M -cloudless -cloudy/RPT -clout/SMDG -clove/RSMZ -cloven -clover/M -cloverleaf/SM -cloverleaves -clown/SMDG -clownish/YP -clownishness/M -cloy/DGS -cloying/Y -club/MS -clubbable -clubbed -clubber/S -clubbing -clubfeet -clubfoot/MD -clubhouse/SM -clubland -cluck/SMDG -clue/MGDS -clueless -clump/SMDG -clumpy/TR -clumsily -clumsiness/M -clumsy/TRP -clung -clunk/SMDRZG -clunker/M -clunky/TR -cluster/MDSG -clutch/GMDS -clutter's -clutter/UDSG -clvi -clvii -clxi -clxii -clxiv -clxix -clxvi -clxvii -cm -cnidarian/MS -co/ESD -coach/MDSG -coachload/S -coachman/M -coachmen -coachwork -coadjutor/MS -coagulant/MS -coagulate/GNDS -coagulation/M -coagulator/MS -coal/MDGS -coalesce/GDS -coalescence/M -coalescent -coalface/MS -coalfield/S -coalition/MS -coalitionist/MS -coalmine/S -coarse/RYTP -coarsen/SDG -coarseness/M -coast/SMDRZG -coastal -coaster/M -coastguard/S -coastline/MS -coat/MDGJS -coating/M -coatroom/S -coattail/SM -coauthor/MDGS -coax/DRSZG -coaxer/M -coaxial -coaxing/Y -cob/SM -cobalt/M -cobber/S -cobble/DRSMZG -cobbler/M -cobblestone/SM -cobnut/S -cobra/SM -cobweb/SM -cobwebbed -cobwebby/RT -coca/M -cocaine/M -cocci/S -coccus/M -coccyges -coccyx/M -cochineal/M -cochlea/SM -cochleae -cochlear -cock/MDGS -cockade/SM -cockamamie -cockatiel/MS -cockatoo/SM -cockatrice/SM -cockchafer/S -cockcrow/SM -cockerel/SM -cockeyed -cockfight/MGS -cockfighting/M -cockily -cockiness/M -cockle/SM -cockleshell/SM -cockney/SM -cockpit/SM -cockroach/MS -cockscomb/SM -cocksucker/MS! -cocksure -cocktail/MS -cocky/RTP -coco/MS -cocoa/SM -coconut/SM -cocoon/SMDG -cod/SM -coda/MS -codded -codding -coddle/DSG -code's -code/CZGDRS -codeine/M -codependency/M -codependent/SM -coder/CM -codex/M -codfish/MS -codger/SM -codices -codicil/SM -codification/M -codifier/M -codify/XDRSNZG -codon/S -codpiece/MS -codswallop -coed/MS -coeducation/M -coeducational -coefficient/MS -coelenterate/MS -coenzyme -coequal/MYS -coerce/DRSZGNV -coercer/M -coercion/M -coeval/SMY -coexist/DSG -coexistence/M -coexistent -coextensive -coffee/SM -coffeecake/SM -coffeehouse/MS -coffeemaker/SM -coffeepot/MS -coffer/SM -cofferdam/MS -coffin/SMDG -cog/SM -cogency/M -cogent/Y -cogitate/DSXGNV -cogitation/M -cogitator/MS -cognac/SM -cognate/MS -cognition/AM -cognitional -cognitive/Y -cognizable -cognizance/AM -cognizant -cognomen/SM -cognoscente/M -cognoscenti -cogwheel/SM -cohabit/SGD -cohabitant/MS -cohabitation/M -coheir/SM -cohere/DSG -coherence/IM -coherency/M -coherent/IY -cohesion/M -cohesive/YP -cohesiveness/M -coho/MS -cohort/SM -coif/MS -coiffed -coiffing -coiffure/DSMG -coil's/A -coil/UADGS -coin/MDRZGS -coinage/SM -coincide/DSG -coincidence/MS -coincident -coincidental/Y -coiner/M -coinsurance/M -coir -coital -coitus/M -coke/MGDS -col/S -cola/MS -colander/SM -cold/MRYTPS -coldblooded -coldness/M -coleslaw/M -coleus/MS -coley/S -colic/M -colicky -coliseum/MS -colitis/M -coll -collaborate/DSXGNV -collaboration/M -collaborationist -collaborative/Y -collaborator/MS -collage/SM -collagen -collapse/MGDS -collapsible -collar/SMDG -collarbone/SM -collard/SM -collarless -collate/DSXGN -collateral/MY -collateralize -collation/M -collator/MS -colleague/MS -collect's -collect/ASGVD -collected/U -collectedly -collectible/SM -collection/AMS -collective/MYS -collectivism/M -collectivist/SM -collectivization/M -collectivize/DSG -collector/MS -colleen/SM -college/SM -collegiality/M -collegian/MS -collegiate -collide/DRSZG -collie/RSMZ -collier/M -colliery/SM -collision/SM -collocate/MGNDSX -collocation/M -colloid/SM -colloidal -colloq -colloquial/Y -colloquialism/SM -colloquies -colloquium/MS -colloquy/M -collude/DSG -collusion/M -collusive -cologne/SM -colon/SM -colonel/SM -colonelcy/M -colones -colonial/SMY -colonialism/M -colonialist/MS -colonist/SM -colonization/ACM -colonize/CAGSD -colonizer/MS -colonnade/MDS -colonoscopy/SM -colony/SM -colophon/SM -color's -color/AEGDS -colorant/SM -coloration/EM -coloratura/MS -colorblind/P -colorblindness/M -colored's -colored/U -coloreds -colorfast/P -colorfastness/M -colorful/PY -colorfulness/M -coloring's -colorist/S -colorization/M -colorize/DSG -colorless/PY -colorlessness/M -colorway/S -colossal/Y -colossi -colossus/M -colostomy/SM -colostrum/M -colt/MS -coltish -columbine/SM -column/SMD -columnar -columnist/SM -com/JL -coma/MS -comaker/SM -comatose -comb/MDRZGJS -combat/SMDGV -combatant/SM -combativeness/M -combed/U -comber/M -combination/SM -combine's -combine/ADSG -combined/U -combiner/MS -combings/M -combo/SM -combust/SGVD -combustibility/M -combustible/MS -combustion/M -come/IMZGRS -comeback/MS -comedian/MS -comedic -comedienne/MS -comedown/MS -comedy/SM -comeliness/M -comely/RPT -comer's -comestible/SM -comet/SM -comeuppance/SM -comfit's -comfit/ES -comfort/ESMDG -comfortable/P -comfortableness/M -comfortably/U -comforter/MS -comforting/Y -comfortless -comfy/RT -comic/SM -comical/Y -comicality/M -coming/M -comity/M -comm -comma/SM -command/SMDRLZG -commandant/MS -commandeer/GDS -commander/M -commandment/MS -commando/SM -commemorate/XGNVDS -commemoration/M -commemorator/MS -commence/ADSLG -commencement/AM -commencements -commend/ASDBG -commendably -commendation/AMS -commendatory -commensurable -commensurate/IY -comment/GSMD -commentary/SM -commentate/DSG -commentator/SM -commerce/M -commercial/SMY -commercialism/M -commercialization/M -commercialize/GDS -commie/SM -commingle/DSG -commiserate/GNVDSX -commiseration/M -commissar/SM -commissariat/SM -commissary/SM -commission's -commission/ACSGD -commissionaire/S -commissioner/SM -commit/AS -commitment/MS -committal/SM -committed/AU -committee/SM -committeeman/M -committeemen -committeewoman/M -committeewomen -committer/S -committing/A -commode's -commode/EIS -commodification -commodious/Y -commodity/SM -commodore/SM -common's -common/UPRYT -commonality/S -commonalty/M -commoner/MS -commonness/UM -commonplace/MS -commons -commonsense -commonweal/MH -commonwealth/M -commonwealths -commotion/SM -communal/Y -commune/XDSMGN -communicability/M -communicable/I -communicably -communicant/MS -communicate/GNVDSX -communication/M -communicative/U -communicator/SM -communion/M -communique/SM -communism/M -communist/SM -communistic -community/SM -commutation/MS -commutative -commutativity -commutator/SM -commute/BDRSMZG -commuter/M -comorbidity -comp/MDYGS -compact/TGSMDRYP -compaction -compactness/M -compactor/SM -companion/SBM -companionably -companionship/M -companionway/MS -company/SM -comparability/M -comparable/I -comparably/I -comparative/MYS -compare/BDSG -comparison/MS -compartment/SM -compartmental -compartmentalization/M -compartmentalize/DSG -compass/GMDS -compassion/M -compassionate/Y -compatibility/IM -compatible/IMS -compatibly/I -compatriot/MS -compeer/SM -compel/S -compelled -compelling/Y -compendious -compendium/SM -compensate/DSXGN -compensated/U -compensation/M -compensatory -compere/DSG -compete/DSG -competence/IM -competences -competencies -competency/IM -competent/IY -competition/SM -competitive/PY -competitiveness/M -competitor/SM -compilation/SM -compile/DRSZG -compiler/M -complacence/M -complacency/M -complacent/Y -complain/DRZGS -complainant/MS -complainer/M -complaint/SM -complaisance/M -complaisant/Y -complected -complement/SGMD -complementary -complete/PYTGNXDRS -completed/U -completeness/IM -completion/M -complex/MSY -complexion/MDS -complexional -complexity/SM -compliance/M -compliant/Y -complicate/GDS -complicated/Y -complication/M -complicit -complicity/M -compliment/MDGS -complimentary/U -comply/NDSXG -compo/S -component/SM -comport/LSGD -comportment/M -compose/AECGSD -composedly -composer/MS -composite/MYGNXDS -composition/CM -compositional -compositor/SM -compost/SGMD -composure/EM -compote/SM -compound/GMDBS -compounded/U -comprehend/SDG -comprehensibility/IM -comprehensible/I -comprehensibly/I -comprehension/IM -comprehensions -comprehensive/PMYS -comprehensiveness/M -compress's -compress/CGVDS -compressed/U -compressible -compression/CM -compressor/SM -comprise/GDS -compromise/MGDS -comptroller/MS -compulsion/MS -compulsive/YP -compulsiveness/M -compulsorily -compulsory/SM -compunction/SM -computation/SM -computational/Y -compute/ADSG -computer/MS -computerate -computerization/M -computerize/GDS -computing/M -comrade/SMY -comradeship/M -con/GSM -concatenate/XDSGN -concatenation/M -concave/YP -concaveness/M -conceal/SDRZGBL -concealed/U -concealer/M -concealment/M -conceit/SMD -conceited/PY -conceitedness/M -conceivable/I -conceivably/I -conceive/DSGB -concentrate/DSMGNX -concentration/M -concentric -concentrically -concept/SM -conception/SM -conceptional -conceptual/Y -conceptualization/MS -conceptualize/DSG -concern/UMD -concerned/UY -concerning -concerns -concert's -concert/ESDG -concerted/Y -concertgoer/S -concertina/SGMD -concertize/DSG -concertmaster/MS -concerto/SM -concessionaire/MS -concessional -concessionary -conch/M -conchie/S -conchs -concierge/MS -conciliate/DSGN -conciliation/AM -conciliator/SM -conciliatory -concise/RPYTN -conciseness/M -concision/M -conclave/SM -conclude/DSG -conclusion/MS -conclusive/IYP -conclusiveness/IM -concoct/SDG -concoction/MS -concomitant/MYS -concord/M -concordance/SM -concordant -concordat/SM -concourse/SM -concrete/DSPMYGNX -concreteness/M -concretion/M -concubinage/M -concubine/MS -concupiscence/M -concupiscent -concur/S -concurred -concurrence/SM -concurrency -concurring -concuss/V -concussion/SM -condemn/SDRZG -condemnation/MS -condemnatory -condemner/M -condensate/MNXS -condensation/M -condense/DRSZG -condenser/M -condescending/Y -condescension/M -condign -condiment/MS -condition's -condition/AGSD -conditional/SMY -conditionality -conditioned/U -conditioner/SM -conditioning/M -condo/SM -condolence/SM -condom/SM -condominium/MS -condone/DSG -condor/SM -conduce/DSGV -conduct/MDGV -conductance/M -conductibility/M -conductible -conduction/M -conductivity/M -conductor/MS -conductress/MS -conduit/SM -cone/M -coneys -confab/SM -confabbed -confabbing -confabulate/XDSGN -confabulation/M -confection/SZMR -confectioner/M -confectionery/SM -confederacy/SM -confederate/M -confer/S -conferee/SM -conference/MGS -conferrable -conferral/M -conferred -conferrer/MS -conferring -confessed/Y -confession/SM -confessional/SM -confessor/MS -confetti/M -confidant/MS -confidante/SM -confide/DRSZG -confidence/SM -confident/Y -confidential/Y -confidentiality/M -confider/M -confiding/Y -configuration/S -configure/B -confined/U -confinement/MS -confirm/ASDG -confirmation/ASM -confirmatory -confirmed/U -confiscate/DSGNX -confiscation/M -confiscator/SM -confiscatory -conflagration/MS -conflate/XDSGN -conflation/M -conflict/SGMD -confluence/MS -confluent -conform/ZB -conformable/U -conformal -conformance/M -conformism/M -conformist/SM -conformity/M -confrere/MS -confrontation/SM -confrontational -confuse/RZ -confused/Y -confusing/Y -confutation/M -confute/DSG -conga/SMDG -congeal/SLDG -congealment/M -conger/SM -congeries/M -congest/SDGV -congestion/M -conglomerate/DSXMGN -conglomeration/M -congrats/M -congratulate/XGNDS -congratulation/M -congratulatory -congregant/MS -congregate/GNDSX -congregation/M -congregational -congregationalism/M -congregationalist/MS -congress/MS -congressional -congressman/M -congressmen -congresspeople -congressperson/MS -congresswoman/M -congresswomen -congruence/M -congruent/Y -congruity/ISM -congruous -conic/SM -conical/Y -conifer/SM -coniferous -conjectural -conjecture/MGDS -conjoint -conjugal/Y -conjugate/DSXGN -conjugation/M -conjunct/VMS -conjunctiva/SM -conjunctive/SM -conjunctivitis/M -conjuration/MS -conjure/DRSZG -conjurer/M -conk/MDRZ -conman -connect/AEDVGS -connectable -connected/U -connection/EMS -connective/MS -connectivity/M -connector/MS -conned -conning -conniption/MS -connivance/M -connive/DRSZG -conniver/M -connoisseur/SM -connotative -connubial -conquer/ASDG -conquerable/U -conquered/U -conqueror/MS -conquest/AM -conquistador/SM -cons/DSG -consanguineous -consanguinity/M -conscienceless -conscientious/PY -conscientiousness/M -conscious/UYP -consciousness/UM -consciousnesses -conscription/M -consecrate/ADSGN -consecrated/U -consecration/AM -consecrations -consecutive/Y -consensual -consensus/MS -consent/SMDG -consequence/SM -consequent/Y -consequential/IY -conservancy/SM -conservation/M -conservationism/M -conservationist/SM -conservatism/M -conservative/MYS -conservatoire/S -conservator/SM -conservatory/SM -consider/AGSD -considerable/I -considerably -considerate/IPYN -considerateness/IM -consideration/AIM -considerations -considered/U -consign/ASDG -consignee/MS -consignment/MS -consist/SDG -consistence/MS -consistency/ISM -consistent/IY -consistory/SM -consolable/I -consolation/MS -consolatory -consolidate/XDSGN -consolidated/U -consolidation/M -consolidator/MS -consoling/Y -consomme/M -consonance/SM -consonant/SMY -consortia -consortium/M -conspectus/MS -conspicuous/IPY -conspicuousness/IM -conspiracy/SM -conspirator/MS -conspiratorial/Y -conspire/GD -constable/SM -constabulary/SM -constancy/IM -constant/MYS -constellation/SM -consternation/M -constipate/GNDS -constipation/M -constituency/SM -constituent/SM -constitute/ADSGNV -constitution/AM -constitutional/MYS -constitutionalism -constitutionality/UM -constitutions -constrained/U -constraint/SM -constrict/GVSD -constriction/SM -constrictor/SM -construable -construct's -construct/CADVGS -construction/CAMS -constructional -constructionist's -constructionist/CS -constructive/YP -constructiveness/M -constructor/MS -construe/GDS -consul/KSM -consular/K -consulate/SM -consulship/M -consult/GSD -consultancy/SM -consultant/MS -consultation/MS -consultative -consumable/SM -consume/BDRSZG -consumed/U -consumer/M -consumerism/M -consumerist/MS -consummate/YGNXDS -consummated/U -consumption/M -consumptive/SM -cont -contact/ASDG -contactable -contactless -contagion/MS -contagious/PY -contagiousness/M -contain/SBLDRZG -container/M -containerization/M -containerize/DSG -containment/M -contaminant/SM -contaminate/ACDSG -contaminated/U -contamination/CM -contaminator/SM -contd -contemn/SDG -contemplate/DSGNV -contemplation/M -contemplative/SMY -contemporaneity/M -contemporaneous/Y -contempt/M -contemptible -contemptibly -contemptuous/YP -contemptuousness/M -contender/MS -content/ESLMDG -contented/EY -contentedness/M -contention/SM -contentious/YP -contentiousness/M -contently -contentment/EM -conterminous/Y -contestable/I -contestant/MS -contested/U -contextualization -contextualize/DSG -contiguity/M -contiguous/Y -continence/IM -continent/SM -continental/SM -contingency/SM -contingent/SMY -continua -continual/Y -continuance/EMS -continuation/EMS -continue/EGDS -continuity/ESM -continuous/EY -continuum/M -contort/GD -contortion/MS -contortionist/SM -contra -contraband/M -contrabassoon/S -contraception/M -contraceptive/SM -contract/MDG -contractible -contractile -contractility -contraction/S -contractual/Y -contradict/SDG -contradiction/SM -contradictory -contradistinction/MS -contraflow/S -contrail/MS -contraindicate/GNXDS -contraindication/M -contralto/SM -contraption/SM -contrapuntal/Y -contrarian/SM -contrarianism -contrariety/M -contrarily -contrariness/M -contrariwise -contrary/PSM -contrast/MDGS -contravene/GDS -contravention/SM -contretemps/M -contribute/XGND -contribution/M -contributor/MS -contributory -contrition/M -contrivance/MS -contrive/ZGDRS -contriver/M -control's -control/CS -controllable/U -controlled/UC -controller/MS -controlling/C -controversial/Y -controversy/SM -controvert/DSG -controvertible/I -contumacious/Y -contumacy/M -contumelious -contumely/SM -contuse/XDSGN -contusion/M -conundrum/SM -conurbation/MS -convalesce/DSG -convalescence/MS -convalescent/SM -convection/M -convectional -convective -convector/S -convene/ADSG -convener/MS -convenience/IMS -convenient/IY -convent/SM -conventicle/MS -convention/SM -conventional/UY -conventionality/UM -conventionalize/GDS -conventioneer/S -convergence/MS -convergent -conversant -conversation/MS -conversational/Y -conversationalist/SM -converse/Y -convert's -convert/AGSD -converted/U -converter/SM -convertibility/M -convertible/SM -convex/Y -convexity/M -convey/SBDG -conveyance/MGS -conveyor/MS -convict/GSMD -conviction/MS -convince/GDS -convinced/U -convincing/UY -convivial/Y -conviviality/M -convoke/DSG -convoluted -convolution/MS -convoy/SMDG -convulse/GNVXDS -convulsion/M -convulsive/Y -cony/M -coo/GSMD -cook's -cook/ADGS -cookbook/MS -cooked/U -cooker/SM -cookery/SM -cookhouse/S -cookie/SM -cooking/M -cookout/SM -cookware/SM -cool/MDRYZTGPS -coolant/SM -cooler/M -coolie/SM -coolness/M -coon/MS! -coonskin/MS -coop/MDRZGS -cooper/MDG -cooperage/M -cooperate/DSGNV -cooperation/M -cooperative/PMYS -cooperativeness/M -cooperator/SM -coordinate/DSMYGN -coordinated/U -coordination/M -coordinator/MS -coot/MS -cootie/SM -cop/GJSMD -copacetic -copay/M -cope/MS -copier/SM -copilot/SM -coping/M -copious/PY -copiousness/M -copped -copper/SM -copperhead/SM -copperplate/M -coppery -copping -copra/M -copse/SM -copter/SM -copula/SM -copulate/GNVDS -copulation/M -copulative/SM -copy's -copy/ADSG -copybook/SM -copycat/MS -copycatted -copycatting -copyist/MS -copyleft -copyright/GSMD -copywriter/MS -coquetry/SM -coquette/DSMG -coquettish/Y -cor -coracle/SM -coral/SM -corbel/SM -cord/EASGDM -cordage/M -cordial/SMY -cordiality/M -cordillera/MS -cordite/M -cordless -cordon/SMDG -cordovan/M -corduroy/MS -corduroys/M -core/MZGDRS -coreligionist/S -corer/M -corespondent/MS -corgi/SM -coriander/M -cork's -cork/UDGS -corkage -corker/SM -corkscrew/SMDG -corm/MS -cormorant/SM -corn/MDRZGS -cornball/MS -cornbread/M -corncob/MS -corncrake/S -cornea/SM -corneal -corner/GMD -cornerstone/SM -cornet/SM -cornfield/S -cornflakes/M -cornflour -cornflower/SM -cornice/MS -cornily -corniness/M -cornmeal/M -cornrow/MDGS -cornstalk/SM -cornstarch/M -cornucopia/MS -corny/PRT -corolla/MS -corollary/SM -corona/SM -coronal/MS -coronary/SM -coronation/SM -coronavirus/MS -coroner/MS -coronet/MS -corp -corpora -corporal/SM -corporate/XYN -corporation/IM -corporatism -corporeal/Y -corporeality/M -corps/MS -corpse/M -corpsman/M -corpsmen -corpulence/M -corpulent -corpus/M -corpuscle/MS -corpuscular -corr -corral/SM -corralled -corralling -correct/DRYTGVSBP -corrected/U -correction/SM -correctional -corrective/SM -correctness/IM -corrector -correlate/XDSMGNV -correlated/U -correlation/M -correlational -correlative/MS -correspond/SDG -correspondence/SM -correspondent/SM -corresponding/Y -corridor/SM -corrie/S -corroborate/GNVDSX -corroborated/U -corroboration/M -corroborator/SM -corroboratory -corrode/GDS -corrosion/M -corrosive/SMY -corrugate/GNXDS -corrugation/M -corrupt/DRYPSTG -corruptibility/IM -corruptible/I -corruption/MS -corruptness/M -corsage/MS -corsair/MS -corset/SGMD -cortege/MS -cortex/M -cortical -cortices -cortisol -cortisone/M -corundum/M -coruscate/GNDS -coruscation/M -corvette/SM -cos/M -cosh/DSG -cosign/ZGSDR -cosignatory/SM -cosigner/M -cosine/SM -cosmetic/SM -cosmetically -cosmetician/MS -cosmetologist/MS -cosmetology/M -cosmic -cosmically -cosmogonist/SM -cosmogony/SM -cosmological -cosmologist/SM -cosmology/SM -cosmonaut/SM -cosmopolitan/MS -cosmopolitanism/M -cosmos/MS -cosplay -cosponsor/GSMD -cosset/SGD -cossetted -cossetting -cost/MDYGSJ -costar/SM -costarred -costarring -costliness/M -costly/PTR -costume/MZGDRS -costumer/M -costumier/S -cot/SM -cotangent/MS -cote/MS -coterie/MS -coterminous -cotillion/SM -cottage/MZGRS -cottager/M -cottar/SM -cotter/SM -cotton/SGMD -cottonmouth/M -cottonmouths -cottonseed/MS -cottontail/MS -cottonwood/SM -cottony -cotyledon/MS -couch/MDSG -couchette/S -cougar/SM -cough/MDG -coughs -could -could've -couldn't -coulee/SM -coulis -coulomb/MS -council/MS -councilman/M -councilmen -councilor/MS -councilperson/SM -councilwoman/M -councilwomen -counsel/JMDGS -counselor/MS -count/EASMDG -countable/U -countably -countdown/MS -counted/U -countenance's -countenance/EGDS -counter/EMS -counteract/SGVD -counteraction/MS -counterargument/S -counterattack/GMDS -counterbalance/MGDS -counterblast/S -counterclaim/GSMD -counterclockwise -counterculture/SM -countered -counterespionage/M -counterexample/S -counterfactual -counterfeit/ZGMDRS -counterfeiter/M -counterfoil/MS -countering -counterinsurgency/SM -counterintelligence/M -counterman/M -countermand/GMDS -countermeasure/SM -countermelody/S -countermen -countermove/S -counteroffensive/SM -counteroffer/SM -counterpane/SM -counterpart/SM -counterpetition -counterpoint/MDGS -counterpoise/MGDS -counterproductive -counterrevolution/SM -counterrevolutionary/SM -countersign/GSMD -countersignature/MS -countersink/GSM -counterspy/SM -counterstroke/SM -countersunk -countertenor/MS -countervail/GSD -counterweight/MS -countess/MS -countless -countrified -country/SM -countryman/M -countrymen -countryside/MS -countrywide -countrywoman/M -countrywomen -county/SM -countywide -coup's -coup/AS -coupe/SM -couple's -couple/UCGSD -couplet/MS -coupling/SM -coupon/SM -courage/M -courageous/YP -courageousness/M -courgette/S -courier/MDSG -course/EDGMS -coursebook/S -courser/MS -coursework -court/SMDYG -courteous/EY -courteousness/M -courtesan/SM -courtesy/ESM -courthouse/MS -courtier/SM -courtliness/M -courtly/PRT -courtroom/MS -courtship/MS -courtyard/MS -couscous/M -cousin/SM -couture/M -couturier/MS -covalent -covariance -covariant -cove/MS -coven/SM -covenant/MDSG -cover's -cover/AEUGDS -coverage/M -coverall/MS -covering's -coverings -coverlet/MS -covert/SPMY -covertness/M -covet/SDG -covetous/YP -covetousness/M -covey/SM -cow/ZGSMDR -coward/SMY -cowardice/M -cowardliness/M -cowbell/MS -cowbird/MS -cowboy/SM -cowcatcher/MS -cower/DG -cowgirl/MS -cowhand/MS -cowherd/MS -cowhide/MS -cowl/MGSJ -cowlick/MS -cowling/M -cowman/M -cowmen -coworker/MS -cowpat/S -cowpoke/MS -cowpox/M -cowpuncher/SM -cowrie/SM -cowshed/S -cowslip/SM -cox/GDS -coxcomb/MS -coxswain/MS -coy/TPRY -coyness/M -coyote/SM -coypu/SM -cozen/SDG -cozenage/M -cozily -coziness/M -cozy/RSMTP -cpd -cpl -cps -crab/MS -crabbed -crabber/SM -crabbily -crabbiness/M -crabbing -crabby/PRT -crabgrass/M -crablike -crabwise -crack/SMDRYZGJ -crackdown/MS -cracker/M -crackerjack/MS -crackhead/MS -crackle/DSJMG -crackling/M -crackpot/MS -crackup/SM -cradle/DSMG -craft/SMDG -craftily -craftiness/M -craftsman/M -craftsmanship/M -craftsmen -craftspeople -craftswoman/M -craftswomen -crafty/RTP -crag/MS -cragginess/M -craggy/RPT -cram/S -crammed -crammer/S -cramming -cramp/SMDG -cramping/M -crampon/SM -cranberry/SM -crane/DSMG -cranial -cranium/SM -crank/SMDG -crankcase/SM -crankily -crankiness/M -crankshaft/MS -cranky/PRT -cranny/DSM -crap/MS -crape/SM -crapped -crapper/S -crappie/RSMT -crapping -crappy -craps/M -crapshooter/MS -crash/MDSG -crass/RYTP -crassness/M -crate/DRSMZG -crater/MDG -cravat/SM -crave/DSGJ -craven/SMYP -cravenness/M -craving/M -craw/MS -crawdad/SM -crawl/SMDRZG -crawler/M -crawlspace/SM -crawly/TRSM -cray/S -crayfish/MS -crayola/S -crayon/GSMD -craze/DSMG -crazily -craziness/M -crazy/PRSMT -creak/SMDG -creakily -creakiness/M -creaky/RPT -cream/SMDRZG -creamer/M -creamery/SM -creamily -creaminess/M -creamy/RPT -crease/ICGMSD -create/KADSGNV -creation's/K -creation/ASM -creationism/SM -creationist/SM -creative/SMYP -creativeness/M -creativity/M -creator/MS -creature/SM -creche/SM -cred -credence/M -credential/SGMD -credenza/SM -credibility/IM -credible/I -credibly/I -credit/EGSBMD -creditably/E -creditor/SM -creditworthy/P -credo/SM -credulity/IM -credulous/IY -credulousness/M -creed/SM -creek/SM -creel/SM -creep/SMRZG -creeper/M -creepily -creepiness/M -creepy/TPR -cremains/M -cremate/GNDSX -cremation/M -crematoria -crematorium/MS -crematory/SM -creme/SM -crenelate/XGNDS -crenelation/M -creole/SM -creosote/MGDS -crepe/SM -crept -crepuscular -crescendo/CSM -crescent/MS -cress/M -crest/SMDG -crestfallen -crestless -cretaceous -cretin/SM -cretinism/M -cretinous -cretonne/M -crevasse/SM -crevice/MS -crew/MDGS -crewel/M -crewelwork/M -crewman/M -crewmen -crib/MS -cribbage/M -cribbed -cribber/MS -cribbing -crick/SMDG -cricket/MRSZG -cricketer/M -crier/M -crikey -crime/SM -criminal/MYS -criminality/M -criminalize/CGDS -criminologist/MS -criminology/M -crimp/SMDG -crimson/SMDG -cringe/DSMG -crinkle/DSMG -crinkly/RT -crinoline/SM -cripes -cripple/DRSMZG -crippler/M -crippleware -crippling/Y -crises -crisis/M -crisp/SMDRYTGP -crispbread/S -crispiness/M -crispness/M -crispy/PRT -crisscross/GMDS -criteria -criterion/M -critic/SM -critical/UY -criticality -criticism/MS -criticize/ZGDRS -criticizer/M -critique/MGDS -critter/SM -croak/SMDG -croaky/RT -crochet/SMDRZG -crocheter/M -crocheting/M -crock/SMD -crockery/M -crocodile/SM -crocus/MS -croft/SRZG -croissant/MS -crone/SM -crony/SM -cronyism/M -crook/SMDG -crooked/PTRY -crookedness/M -crookneck/SM -croon/SMDRZG -crooner/M -crop/MS -cropland/SM -cropped -cropper/MS -cropping -croquet/M -croquette/SM -crosier/MS -cross's -cross/AUGTSD -crossbar/SM -crossbeam/MS -crossbones/M -crossbow/SM -crossbowman/M -crossbowmen -crossbred -crossbreed/SGM -crosscheck/SMDG -crosscurrent/MS -crosscut/SM -crosscutting -crosser -crossfire/MS -crosshatch/GDS -crossing/SM -crossly -crossness/M -crossover/MS -crosspatch/MS -crosspiece/SM -crossroad/MS -crossroads/M -crosstown -crosswalk/MS -crosswind/MS -crosswise -crossword/MS -crotch/MS -crotchet/SM -crotchety -crouch/GMDS -croup/M -croupier/M -croupy/ZTR -crouton/MS -crow/MDGS -crowbar/MS -crowd/SMDG -crowded/U -crowdfund/SDG -crowfeet -crowfoot/SM -crown/SMDG -crowned/U -crucial/Y -crucible/SM -crucifix/MS -crucifixion/SM -cruciform/SM -crucify/DSG -crud/M -cruddy/TR -crude/RMYTP -crudeness/M -crudites/M -crudity/SM -cruel/RYPT -cruelness/M -cruelty/SM -cruet/SM -cruft/SD -crufty -cruise/DRSMZG -cruiser/M -cruller/MS -crumb/SMDYG -crumble/MGDS -crumbliness/M -crumbly/TPR -crumby/TR -crumminess/M -crummy/PTR -crumpet/MS -crumple/MGDS -crunch/GMDRS -crunchiness/M -crunchy/TRP -crupper/MS -crusade/MZGDRS -crusader/M -cruse/SM -crush/MDRSZG -crusher/M -crushing/Y -crust/SMDG -crustacean/SM -crustal -crustily -crustiness/M -crusty/TRP -crutch/MS -crux/MS -cry/ZGJDRSM -crybaby/SM -cryogenic/S -cryogenics/M -cryonics -cryosurgery/M -crypt/SM -cryptanalysis -cryptic -cryptically -cryptocurrency/SM -cryptogram/SM -cryptographer/SM -cryptography/M -crystal/SM -crystalline -crystallization/M -crystallize/ADSG -crystallographic -crystallography -ct -ctn -ctr -cu -cub/ZGSMDR -cubbyhole/MS -cube/MS -cuber/M -cubic -cubical -cubicle/MS -cubism/M -cubist/SM -cubit/SM -cuboid/S -cuckold/MDSG -cuckoldry/M -cuckoo/SM -cucumber/SM -cud/SM -cuddle/DSMG -cuddly/TR -cudgel/SGMDJ -cue/DSMG -cuff/MDGS -cuisine/SM -culinary -cull/MDGS -culminate/XDSGN -culmination/M -culotte/SM -culpability/M -culpable/I -culpably -culprit/SM -cult/MS -cultism/M -cultist/MS -cultivable -cultivar/SM -cultivate/BDSGN -cultivated/U -cultivation/M -cultivator/MS -cultural/Y -culture/MGDS -cultured/U -culvert/MS -cum/SM -cumber/SDG -cumbersome/P -cumbersomeness/M -cumbrous -cumin/M -cummerbund/MS -cumming -cumulative/Y -cumuli -cumulonimbi -cumulonimbus/M -cumulus/M -cuneiform/M -cunnilingus/M -cunning/MRYT -cunt/MS! -cup/SM -cupboard/SM -cupcake/MS -cupful/SM -cupid/SM -cupidity/M -cupola/SMD -cuppa/S -cupped -cupping -cupric -cur/SMY -curability/M -curacao -curacy/SM -curare/M -curate/DSMGV -curative/MS -curator/KMS -curatorial -curb/MDGS -curbing/M -curbside -curbstone/SM -curd/MS -curdle/DSG -cure's -cure/KZGBDRS -cured/U -curer/KM -curettage/M -curfew/SM -curia/M -curiae -curie/SM -curio/SM -curiosity/SM -curious/YP -curiousness/M -curium/M -curl's -curl/UDGS -curler/SM -curlew/SM -curlicue/DSMG -curliness/M -curling/M -curly/RPT -curmudgeon/MYS -currant/MS -currency/SM -current's -current/FAY -currents -curricula -curricular -curriculum/M -curry/DSMG -currycomb/SGMD -curse/DSMGV -cursed/Y -cursive's -cursive/EAY -cursor/SM -cursorily -cursoriness/M -cursory/P -curt/RYTP -curtail/GDSL -curtailment/SM -curtain/GMDS -curtness/M -curtsy/GDSM -curvaceous/P -curvaceousness/M -curvature/SM -curve/DSMG -curvy/RT -cushion/MDSG -cushy/RT -cusp/MS -cuspid/SM -cuspidor/SM -cuss's -cuss/FEGSD -cussed/PY -custard/MS -custodial -custodian/MS -custodianship/M -custody/M -custom/SZMR -customarily -customary/U -customer/M -customhouse/SM -customization/M -customize/DSG -cut/TSMR -cutaneous -cutaway/MS -cutback/MS -cute/YP -cuteness/M -cutesy/TR -cutey/S -cuticle/MS -cutie/SM -cutlass/MS -cutler/SM -cutlery/M -cutlet/SM -cutoff/SM -cutout/SM -cutter/SM -cutthroat/SM -cutting/MYS -cuttlefish/MS -cutup/SM -cutworm/MS -cw -cwt -cyan/M -cyanide/M -cyanobacteria -cyberbully/SM -cybercafe/S -cybernetic/S -cybernetics/M -cyberpunk/SM -cybersex -cyberspace/MS -cyborg/SM -cyclamen/MS -cycle/ADSMG -cyclic -cyclical/Y -cyclist/MS -cyclometer/MS -cyclone/MS -cyclonic -cyclopedia/MS -cyclopes -cyclops/M -cyclotron/MS -cygnet/MS -cylinder/MS -cylindrical -cymbal/MS -cymbalist/MS -cynic/SM -cynical/Y -cynicism/M -cynosure/MS -cypress/MS -cyst/MS -cystic -cystitis -cytokines -cytologist/SM -cytology/M -cytoplasm/M -cytoplasmic -cytosine/M -czar/MS -czarina/SM -czarism -czarist/SM -d'Arezzo/M -d'Estaing/M -d/NXGJ -dB -dab/SM -dabbed -dabber/MS -dabbing -dabble/ZGDRS -dabbler/M -dace/SM -dacha/MS -dachshund/MS -dactyl/MS -dactylic/MS -dad/SM -dadaism/M -dadaist/MS -daddy/SM -dado/M -dadoes -daemon/MS -daemonic -daffiness/M -daffodil/SM -daffy/PTR -daft/PTRY -daftness/M -dag/S -dagger/MS -dago/S -dagoes -daguerreotype/DSMG -dahlia/MS -dailiness/M -daily/PSM -daintily -daintiness/M -dainty/RSMTP -daiquiri/MS -dairy/GSM -dairying/M -dairymaid/MS -dairyman/M -dairymen -dairywoman/M -dairywomen -dais/MS -daisy/SM -dale/SM -dalliance/MS -dallier/M -dally/ZGDRS -dalmatian/MS -dam/SM -damage/MGDS -damageable -damaged/U -damages/M -damask/MDGS -dame/SM -dammed -damming -dammit -damn/SBGMD -damnably -damnation/M -damned/T -damp/SPXZTGMDNRY -dampen/ZGDR -dampener/M -damper/M -dampness/M -damsel/MS -damselfly/SM -damson/MS -dance/MZGDRS -dancer/M -dancing/M -dandelion/SM -dander/M -dandify/GDS -dandle/GDS -dandruff/M -dandy/TRSM -dang/SZGDR -danger/M -dangerous/Y -dangle/ZGDRS -dangler/M -danish/MS -dank/PTRY -dankness/M -danseuse/MS -dapper/TR -dapple/MGDS -dare/DRSMZG -daredevil/MS -daredevilry/M -darer/M -daresay -daring/MY -dark/PXTMNRY -darken/ZGDR -darkener/M -darkie/S -darkness/M -darkroom/MS -darling/MS -darn/SZGMDR -darned/TR -darner/M -dart/SZGMDR -dartboard/MS -darter/M -dash/ZGMDRS -dashboard/SM -dasher/M -dashiki/MS -dashing/Y -dastard/MYS -dastardliness/M -data -database/SM -dataset/MS -datatype -date/DRSMZGV -datebook/S -dated/U -dateless -dateline/MGDS -dater/M -dateset -dative/MS -datum/M -daub/SZGMDR -dauber/M -daughter/SMY -daunt/GDS -daunting/Y -dauntless/YP -dauntlessness/M -dauphin/MS -davenport/MS -davit/MS -dawdle/ZGDRS -dawdler/M -dawn/SGMD -day/SM -daybed/MS -daybreak/M -daycare/M -daydream/MDRZGS -daydreamer/M -daylight/MS -daylights/M -daylong -daytime/M -daze/DSMG -dazed/Y -dazzle/MZGDRS -dazzler/M -dazzling/Y -db -dbl -dc -dd/SDG -dded/K -dding/K -deacon/MS -deaconess/MS -dead/XTMNRY -deadbeat/MS -deadbolt/SM -deaden/GD -deadhead/SDG -deadline/SM -deadliness/M -deadlock/GSMD -deadly/TPR -deadpan/MS -deadpanned -deadpanning -deadwood/M -deaf/PXTNR -deafen/GD -deafening/Y -deafness/M -deal/SJZGMR -dealer/M -dealership/SM -dealing/M -dealt -dean/M -deanery/SM -deanship/M -dear/SPTMRYH -dearest/S -dearness/M -dearth/M -dearths -deary/SM -death/MY -deathbed/SM -deathblow/MS -deathless/Y -deathlike -deaths -deathtrap/MS -deathwatch/MS -deaves -deb/SM -debacle/MS -debarkation/M -debarment/M -debate/BMZR -debater/M -debating/M -debauch/MDSG -debauchee/MS -debauchery/SM -debenture/MS -debilitate/DSGN -debilitation/M -debility/SM -debit/D -debonair/PY -debonairness/M -debouch/GDS -debridement -debris/M -debt/SM -debtor/MS -debugger/S -debut/GMD -debutante/SM -decade/MS -decadence/M -decadency/M -decadent/MYS -decaf/MS -decaffeinate/DSG -decagon/MS -decal/MS -decampment/M -decapitate/XGNDS -decapitator/MS -decathlete/S -decathlon/SM -decay/GD -deceased/M -decedent/MS -deceit/MS -deceitful/YP -deceitfulness/M -deceive/UGDS -deceiver/MS -deceiving/Y -decelerate/GNDS -deceleration/M -decelerator/SM -decency/ISM -decennial/SM -decent/IY -deception/MS -deceptive/YP -deceptiveness/M -decibel/MS -decidable/U -decide/BZGDRS -decided/Y -deciduous -deciliter/MS -decimal/SM -decimalization -decimate/DSGN -decimation/M -decimeter/MS -decipherable/UI -decision/IM -decisions -decisive/IPY -decisiveness/IM -deck/SGMD -deckchair/S -deckhand/SM -deckle/S -declamation/MS -declamatory -declaration/MS -declarative -declaratory -declare/DRSZGB -declared/U -declarer/M -declension/SM -declination/M -decline/DRSMZG -decliner/M -declivity/SM -decoherence -decolletage/SM -decollete -decongestant/MS -deconstructionism -decor/MS -decorate/AGNVDS -decorating/M -decoration/AM -decorations -decorative/Y -decorator/MS -decorous/IY -decorousness/M -decorum/M -decoupage/DSMG -decoy/GMDS -decreasing/Y -decree/MDS -decreeing -decrement/GDS -decrepit -decrepitude/M -decriminalization/M -decry/GDS -decryption -dedicate/AGDS -dedication/SM -dedicator/SM -dedicatory -deduce/GDS -deducible -deduct/GVD -deductible/SM -deduction/SM -deductive/Y -deed/GD -deejay/MS -deem/ASGD -deep/SPXTMNRY -deepen/GD -deepfake/SM -deepness/M -deer/M -deerskin/M -deerstalker/S -def/Z -defacement/M -defacer/SM -defalcate/DSXGN -defalcation/M -defamation/M -defamatory -defame/ZGDRS -defamer/M -defaulter/SM -defeat/MDRZGS -defeated/U -defeater/M -defeatism/M -defeatist/MS -defecate/GNDS -defecation/M -defect/MDGVS -defection/MS -defective/MPYS -defectiveness/M -defector/MS -defendant/SM -defended/U -defenestration/S -defense/DSMGV -defenseless/YP -defenselessness/M -defensible/I -defensibly/I -defensive/MYP -defensiveness/M -deference/M -deferential/Y -deferral/MS -deferred -deferring -deffer -deffest -defiant/Y -defibrillation -defibrillator/S -deficiency/SM -deficient -deficit/SM -defilement/M -definable/IU -define/AGDS -defined/U -definer/MS -definite/IYVP -definiteness/IM -definition/AM -definitions -definitive/Y -deflate/GNDS -deflation/M -deflationary -deflect/DGVS -deflection/MS -deflector/SM -defogger/SM -defoliant/SM -defoliate/DSGN -defoliation/M -defoliator/MS -deformity/SM -defraud/DRZGS -defrauder/M -defrayal/M -defrock/DG -defroster/MS -deft/PTRY -deftness/M -defunct -defy/GDS -deg -degeneracy/M -degenerate/MV -degrade/B -degree/MS -dehydrator/SM -dehydrogenase -deicer/MS -deification/M -deify/NGDS -deign/GDS -deist/MS -deistic -deity/SM -deject/GDS -dejected/Y -dejection/M -delay/ZDR -delectable -delectably -delectation/M -delegate/GD -delete/XGNDS -deleterious -deletion/M -delft/M -delftware/M -deli/SM -deliberate/XYVP -deliberateness/M -delicacy/ISM -delicate/IY -delicateness/M -delicatessen/SM -delicious/PY -deliciousness/M -delighted/Y -delightful/Y -deliminator -delineate/GNXDS -delineation/M -delinquency/SM -delinquent/SMY -deliquesce/DSG -deliquescent -delirious/YP -deliriousness/M -delirium/SM -deliver/ADGS -deliverable/S -deliverance/M -delivered/U -deliverer/SM -dell/SM -delphinium/MS -delta/MS -delude/GDS -deluge/MGDS -delusion/MS -delusional -delusive/Y -deluxe -delve/ZGDRS -delver/M -demagogic -demagogically -demagogue/SM -demagoguery/M -demagogy/M -demand/GMDS -demanding/U -demarcate/DSGNX -demarcation/M -demean/GDS -demeanor/M -demented/Y -dementia/M -demesne/MS -demigod/MS -demigoddess/MS -demijohn/SM -demimondaine/SM -demimonde/M -demise/MGDS -demitasse/MS -demo/GMD -democracy/SM -democrat/MS -democratic/U -democratically -democratization/M -democratize/GDS -demode -demographer/SM -demographic/SM -demographically -demographics/M -demography/M -demolish/DSG -demolition/MS -demon/MS -demonetization/M -demoniac -demoniacal/Y -demonic -demonically -demonize/GDS -demonology/SM -demonstrability -demonstrable/I -demonstrably -demonstrate/XGNVDS -demonstration/M -demonstrative/MYSP -demonstrativeness/M -demonstrator/MS -demote/GD -demotic -demount -demulcent/SM -demur/TMRS -demure/PY -demureness/M -demurral/SM -demurred -demurrer/SM -demurring -den/M -denationalization -denaturation -denature/DG -dendrite/SM -dengue/M -deniability -deniable/U -denial/MS -denier/M -denigrate/DSGN -denigration/M -denim/MS -denitrification -denizen/MS -denominational -denotative -denouement/MS -denounce/LDSG -denouncement/SM -dense/PYTR -denseness/M -density/SM -dent/ISGMD -dental/Y -dentifrice/SM -dentin/M -dentist/MS -dentistry/M -dentition/M -denture/IMS -denuclearize/GDS -denudation/M -denude/GDS -denunciation/SM -deny/ZGDRS -deodorant/SM -deodorization/M -deodorize/DRSZG -deodorizer/M -departed/M -department/MS -departmental/Y -departmentalization/M -departmentalize/GDS -departure/SM -dependability/M -dependable/U -dependably -dependence/IM -dependency/SM -dependent/IMYS -depict/GDS -depiction/MS -depilatory/SM -deplete/GNDS -depletion/M -deplorably -deplore/BGDS -deploy/ALGDS -deployment/AM -deployments -deponent/MS -deportation/MS -deportee/MS -deportment/M -deposit/AGMDS -depositor/MS -depository/SM -deprave/GDS -depravity/SM -deprecate/GNDS -deprecating/Y -deprecation/M -deprecatory -depreciate/DSGN -depreciation/M -depredation/SM -depressant/SM -depressing/Y -depression/SM -depressive/SM -depressor/MS -depressurization -deprive/GDS -deprogramming -depth/M -depths -deputation/MS -depute/DSG -deputize/DSG -deputy/SM -derailleur/SM -derailment/SM -derangement/M -derby/SM -derelict/MS -dereliction/M -deride/GDS -derision/M -derisive/PY -derisiveness/M -derisory -derivation/MS -derivative/MS -derive/B -dermal -dermatitis/M -dermatological -dermatologist/SM -dermatology/M -dermis/M -derogate/DSGN -derogation/M -derogatorily -derogatory -derrick/SM -derriere/SM -derringer/SM -derv -dervish/MS -desalinate/GNDS -desalination/M -desalinization/M -desalinize/GDS -descant/M -descend/FGDS -descendant/MS -descender -describable/I -describe/BZGDR -describer/M -description/SM -descriptive/PY -descriptiveness/M -descriptor/S -descry/GDS -desecrate/DSGN -desecration/M -deselection -desert/SDRZGM -deserter/M -desertification -desertion/SM -deserved/UY -deserving/U -desiccant/SM -desiccate/DSGN -desiccation/M -desiccator/SM -desiderata -desideratum/M -design/ASDG -designate/DSGNX -designation/M -desirability/UM -desirableness/M -desirably/U -desire/B -desired/U -desirous -desist/SDG -desk/SM -deskill/G -desktop/SM -desolate/PDSYGN -desolateness/M -desolation/M -despair/SMDG -despairing/Y -desperado/M -desperadoes -desperate/YNP -desperateness/M -desperation/M -despicable -despicably -despise/DSG -despite -despoilment/M -despondence/M -despondency/M -despondent/Y -despotic -despotically -despotism/M -dessert/SM -dessertspoon/S -dessertspoonful/S -destination/SM -destine/DSG -destiny/SM -destitute/N -destitution/M -destroy/SZGDR -destroyer/M -destruct/GVMDS -destructibility/IM -destructible/I -destruction/M -destructive/PY -destructiveness/M -desuetude/M -desultorily -desultory -detach/BLGDS -detachment/MS -detain/LGDS -detainee/MS -detainment/M -detect/SDGVB -detectable/U -detected/U -detection/M -detective/SM -detector/SM -detente/SMNX -detention/M -deter/SL -detergent/SM -deteriorate/DSGN -deterioration/M -determent/M -determinable/I -determinant/SM -determinate -determine/AGDS -determined/U -determinedly -determiner/SM -determinism/M -deterministic -deterministically -deterred/U -deterrence/M -deterrent/MS -deterring -detestably -detestation/M -dethrone/DSLG -dethronement/M -detonate/GNDSX -detonation/M -detonator/SM -detox/MDSG -detoxification/M -detoxify/DSGN -detract/GD -detriment/SM -detrimental/Y -detritus/M -deuce/SM -deuterium/M -devastate/GNDS -devastating/Y -devastation/M -devastator/MS -develop/ASGDL -developed/U -developer/SM -development/ASM -developmental/Y -deviance/M -deviancy/M -deviant/SM -deviate/DSMGNX -deviating/U -deviation/M -devil/SMDGL -devilish/YP -devilishness/M -devilment/M -devilry/SM -deviltry/SM -devious/YP -deviousness/M -devoid -devolution/M -devolve/DSG -devoted/Y -devotee/SM -devotion/MS -devotional/SM -devour/SDG -devout/PRYT -devoutness/M -dew/M -dewberry/SM -dewclaw/SM -dewdrop/SM -dewiness/M -dewlap/SM -dewy/RTP -dexterity/M -dexterous/YP -dexterousness/M -dextrose/M -dharma -dhoti/SM -dhow/MS -diabetes/M -diabetic/SM -diabolic -diabolical/Y -diacritic/MS -diacritical -diadem/SM -diaereses -diaeresis/M -diagnose/DSG -diagnosis/M -diagnostic/S -diagnostically -diagnostician/SM -diagnostics/M -diagonal/SMY -diagram/SM -diagrammatic -diagrammatically -diagrammed -diagramming -dial/AMDGS -dialect/SM -dialectal -dialectic/SM -dialectical -dialectics/M -dialing/S -dialog -dialogue/SM -dialyses -dialysis/M -dialyzes -diam -diamagnetic -diamagnetism -diamante -diameter/SM -diametric -diametrical/Y -diamond/SM -diamondback/MS -diapason/SM -diaper/SMDG -diaphanous -diaphragm/SM -diaphragmatic -diarist/SM -diarrhea/M -diary/SM -diaspora/SM -diastase/M -diastole/M -diastolic -diathermy/M -diatom/SM -diatomic -diatonic -diatribe/SM -diazepam -dibble/DSMG -dibs/M -dice/GDS -dices/I -dicey -dichotomous -dichotomy/SM -dicier -diciest -dick/MRXZS -dicker/DG -dickey/SM -dickhead/S -dickybird/S -dicotyledon/MS -dicotyledonous -dict -dicta -dictate/DSMGNX -dictation/M -dictator/SM -dictatorial/Y -dictatorship/SM -diction/M -dictionary/SM -dictum/M -did/AU -didactic -didactically -diddle/DRSZG -diddler/M -diddly -diddlysquat -diddums -didgeridoo/S -didn't -dido/M -didoes -didst -die/DSM -dielectric/MS -diereses -dieresis/M -diesel/SMDG -diet/MDRZGS -dietary/SM -dieter/M -dietetic/S -dietetics/M -dietitian/MS -diff/DRZGS -differ/DG -difference/IM -differences -different/IY -differentiable -differential/SM -differentiate/DSGN -differentiated/U -differentiation/M -difficult/Y -difficulty/SM -diffidence/M -diffident/Y -diffract/GSD -diffraction/M -diffuse/DSYGNVP -diffuseness/M -diffusion/M -diffusivity -dig/SM -digerati/M -digest/SMDGV -digested/U -digestibility/M -digestible/I -digestion/IM -digestions -digestive/S -digger/SM -digging/S -diggings/M -digicam/S -digit/SM -digital/Y -digitalis/M -digitization -digitize/GDS -dignified/U -dignify/DSG -dignitary/SM -dignity/ISM -digraph/M -digraphs -digress/GVDS -digression/MS -dike/MGDS -diktat/S -dilapidated -dilapidation/M -dilatation/M -dilate/DSGN -dilation/M -dilator/SM -dilatory -dildo/S -dilemma/MS -dilettante/SM -dilettantish -dilettantism/M -diligence/M -diligent/Y -dill/MS -dilly/SM -dillydally/DSG -diluent -dilute/DSGNX -diluted/U -dilution/M -dim/PSRY -dime/MS -dimension/SM -dimensional -dimensionless -diminish/GDS -diminished/U -diminuendo/SM -diminution/SM -diminutive/SM -dimity/M -dimmed/U -dimmer/SM -dimmest -dimming -dimness/M -dimple/DSMG -dimply -dimwit/SM -dimwitted -din/ZGSMDR -dinar/SM -dine/S -diner/M -dinette/MS -ding/MDG -dingbat/MS -dinghy/SM -dingily -dinginess/M -dingle/SM -dingo/M -dingoes -dingus/MS -dingy/RPT -dink/R -dinky/RSMT -dinned -dinner/SMDG -dinnertime/M -dinnerware/M -dinning -dinosaur/SM -dint/M -diocesan/MS -diocese/MS -diode/SM -diorama/SM -dioxide/SM -dioxin/SM -dip/SM -diphtheria/M -diphthong/SM -diploid/SM -diploma/SM -diplomacy/M -diplomat/MS -diplomata -diplomatic/U -diplomatically -diplomatist/MS -diplopia -dipole/SM -dipped -dipper/SM -dipping -dippy/RT -dipso/S -dipsomania/M -dipsomaniac/MS -dipstick/SM -dipterous -diptych/M -diptychs -dire/YTR -direct/ASDGVT -directer -direction/IM -directional -directionless -directions -directive/SM -directly -directness/IM -director/MS -directorate/SM -directorial -directorship/SM -directory/SM -direful -dirge/SM -dirigible/MS -dirk/MS -dirndl/SM -dirt/M -dirtball/S -dirtily -dirtiness/M -dirty/DRSTGP -dis/M -disable/DSGL -disablement/M -disambiguate/N -disappointing/Y -disarming/Y -disassembly -disastrous/Y -disbandment/M -disbarment/M -disbelieving/Y -disbursal/M -disburse/DSGL -disbursement/MS -disc/M -discern/LSDG -discernible/I -discernibly -discerning/Y -discernment/M -discharged/U -disciple/SM -discipleship/M -disciplinarian/SM -disciplinary -discipline/DSMG -disciplined/U -disclose/DSG -disclosed/U -disco/MG -discography/SM -discoloration/S -discombobulate/DSGN -discombobulation/M -discomfit/DG -discomfiture/M -discommode/DG -disconcerting/Y -disconnected/PY -disconnectedness/M -disconsolate/Y -discordance/M -discordant/Y -discotheque/SM -discourage/LGDS -discouragement/SM -discouraging/Y -discover/ASDG -discovered/U -discoverer/MS -discovery/ASM -discreet/PRYT -discreetness/M -discrepancy/SM -discrepant -discrete/PYN -discreteness/M -discretion/IM -discretionary -discriminant -discriminate/GNDS -discriminating/U -discrimination/M -discriminator/MS -discriminatory -discursiveness/M -discus/MS -discussant/SM -discussion/SM -disdain/SMDG -disdainful/Y -disembowel/SDLG -disembowelment/M -disfigurement/SM -disfranchisement/M -disgorgement/M -disgruntle/LGDS -disgruntlement/M -disguise/GD -disguised/U -disgusted/Y -disgusting/Y -dish/MDSG -dishabille/M -disharmonious -dishcloth/M -dishcloths -disheartening/Y -dishevel/DGLS -dishevelment/M -dishpan/SM -dishrag/SM -dishtowel/MS -dishware/M -dishwasher/MS -dishwater/M -dishy -disillusion/GLD -disillusionment/M -disinfectant/MS -disinfection/M -disinterested/PY -disinterestedness/M -disjointed/YP -disjointedness/M -disjunctive -disjuncture -disk/MS -diskette/MS -dislodge/GDS -dismal/Y -dismantlement/M -dismay/SMDG -dismayed/U -dismember/LGD -dismemberment/M -dismissive/Y -disorder/Y -disorganization/M -disparage/DSGL -disparagement/M -disparaging/Y -disparate/Y -dispatcher/MS -dispel/S -dispelled -dispelling -dispensary/SM -dispensation/MS -dispense/BZGDRS -dispenser/M -dispersal/M -disperse/GNDS -dispersion/M -dispirit/GDS -displeasure/M -disposable/SM -disposal/SM -disposed/I -disposition/ISM -dispossession/M -disproof/SM -disproportional -disprove/B -disputable/I -disputably/I -disputant/MS -disputation/SM -disputatious/Y -dispute/DRSMZGB -disputed/U -disputer/M -disquiet/GSMD -disquisition/MS -disregardful -disrepair/M -disrepute/MB -disrupt/GVSD -disruption/SM -disruptive/Y -dissect/SDG -dissed -dissemblance/M -dissemble/ZGDRS -dissembler/M -disseminate/GNDS -dissemination/M -dissension/SM -dissent/SMDRZG -dissenter/M -dissertation/SM -disses -dissidence/M -dissident/MS -dissimilar -dissimilitude/S -dissing -dissipate/GNDS -dissipation/M -dissociate/GNVDS -dissociation/M -dissoluble/I -dissolute/YNP -dissoluteness/M -dissolve/AGDS -dissolved/U -dissonance/SM -dissonant -dissuade/GDS -dissuasive -dist -distaff/SM -distal/Y -distance/DSMG -distant/Y -distaste/SM -distemper/M -distention/SM -distillate/SMNX -distillation/M -distillery/SM -distinct/IYTVP -distincter -distinction/SM -distinctive/YP -distinctiveness/M -distinctness/IM -distinguish/GDSB -distinguishable/I -distinguished/U -distort/GDR -distortion/MS -distract/DG -distracted/Y -distraction/S -distrait -distraught -distress/DG -distressful -distressing/Y -distribute/AGNVDS -distributed/U -distribution/AM -distributional -distributions -distributive/Y -distributor's -distributor/AS -distributorship/S -district's -district/AS -disturb/ZGSDR -disturbance/SM -disturbed/U -disturber/M -disturbing/Y -disunion/M -disyllabic -ditch/MDSG -dither/SMDRZG -ditherer/M -ditransitive -ditsy -ditto/SMDG -ditty/SM -ditz/MS -diuretic/MS -diurnal/Y -div -diva/MS -divalent -divan/SM -dive/MZTGDRS -diver/M -diverge/DSG -divergence/MS -divergent -diverse/XYNP -diverseness/M -diversification/M -diversify/GNDS -diversion/M -diversionary -diversity/SM -divert/SDG -diverticulitis/M -divest/SLDG -divestiture/MS -divestment/M -divide/DRSMZGB -divided/U -dividend/MS -divider/M -divination/M -divine/DRSMYZTG -diviner/M -diving/M -divinity/SM -divisibility/IM -divisible/I -division/MS -divisional -divisive/PY -divisiveness/M -divisor/SM -divorce/DSLMG -divorcee/MS -divorcement/MS -divot/SM -divulge/GDS -divvy/DSMG -dixieland/M -dizzily -dizziness/M -dizzy/DRSPTG -djellaba/MS -do/SJMRHZG -doable -dob/S -dobbed -dobbin/SM -dobbing -doberman/MS -dobro -doc/SM -docent/SM -docile/Y -docility/M -dock/MDRZGS -docket/SMDG -dockland/S -dockside -dockworker/MS -dockyard/MS -doctor/SMDG -doctoral -doctorate/MS -doctrinaire/MS -doctrinal -doctrine/MS -docudrama/SM -document/GMDS -documentary/SM -documentation/SM -documented/U -dodder/SMDG -doddery -doddle -dodge/DRSMZG -dodgem/S -dodger/M -dodgy/RT -dodo/MS -doe/SM -doer/M -does/AU -doeskin/MS -doesn't -doff/DGS -dog/SM -dogcart/SM -dogcatcher/SM -doge/MS -dogeared -dogfight/SM -dogfish/MS -dogged/PY -doggedness/M -doggerel/M -dogging -doggone/TGRS -doggy/RSMT -doghouse/SM -dogie/SM -dogleg/SM -doglegged -doglegging -doglike -dogma/SM -dogmatic -dogmatically -dogmatism/M -dogmatist/SM -dognapper -dogsbody/S -dogsled/S -dogtrot/MS -dogtrotted -dogtrotting -dogwood/MS -doily/SM -doing/USM -doldrums/M -dole's -dole/FGDS -doleful/YP -dolefulness/M -doll/MDGS -dollar/SM -dollhouse/SM -dollop/SGMD -dolly/SM -dolmen/SM -dolomite/M -dolor/M -dolorous/Y -dolphin/MS -dolt/MS -doltish/YP -doltishness/M -domain/SM -dome/MGDS -domestic/SM -domestically -domesticate/DSGN -domesticated/U -domestication/M -domesticity/M -domicile/DSMG -domiciliary -dominance/M -dominant/SMY -dominate/DSGN -domination/M -dominatrices -dominatrix/M -domineer/SGD -domineering/Y -dominion/SM -domino/M -dominoes -don't -don/SM -dona/MS -donate/DSXGN -donation/M -done/FAU -dong/MDGS -dongle/SM -donkey/SM -donned -donning -donnish -donnybrook/MS -donor/SM -donuts -doodad/SM -doodah -doodahs -doodle/DRSMZG -doodlebug/SM -doodler/M -doohickey/SM -doolally -doom/MDGS -doomsayer/MS -doomsday/M -doomster/S -door's -door/IS -doorbell/MS -doorjamb/S -doorkeeper/MS -doorknob/MS -doorknocker/S -doorman/M -doormat/SM -doormen -doorplate/SM -doorpost/S -doorstep/MS -doorstepped -doorstepping -doorstop/MS -doorway/SM -dooryard/MS -dopa/M -dopamine -dope/MZGDRS -doper/M -dopey -dopier -dopiest -dopiness/M -doping/M -doppelganger/S -dork/MS -dorky/RT -dorm/MRZS -dormancy/M -dormant -dormer/M -dormice -dormitory/SM -dormouse/M -dorsal/Y -dory/SM -dosage/SM -dose/MGDS -dosh -dosimeter/SM -doss/DRSZG -dosshouse/S -dossier/MS -dost -dot/ZGSMDR -dotage/M -dotard/SM -dotcom/SM -dote/S -doter/M -doting/Y -dotted -dotting -dotty/RT -double's -double/ADSG -doubleheader/MS -doublespeak/M -doublet/MS -doubloon/SM -doubly -doubt/SMDRZG -doubter/M -doubtful/PY -doubtfulness/M -doubting/Y -doubtless/Y -douche/DSMG -dough/M -doughnut/SM -doughty/RT -doughy/TR -dour/RYTP -dourness/M -douse/DSG -dove/MS -dovecot/S -dovecote/SM -dovetail/MDSG -dovish -dowager/MS -dowdily -dowdiness/M -dowdy/RSPT -dowel/SMDG -dower/SMDG -down/MDRZGS -downbeat/SM -downcast -downdraft/MS -downer/M -downfall/SMN -downfield -downgrade/DSMG -downhearted/PY -downheartedness/M -downhill/MS -download/MDBSG -downmarket -downplay/DSG -downpour/MS -downrange -downright -downriver -downscale -downshift/SGD -downside/MS -downsize/GDS -downsizing/M -downspout/MS -downstage -downstairs/M -downstate/M -downstream -downswing/MS -downtempo -downtime/M -downtown/M -downtrend/MS -downtrodden -downturn/MS -downward/S -downwind -downy/RT -dowry/SM -dowse/DRSZG -dowser/M -doxology/SM -doyen/SM -doyenne/MS -doz/XGDNS -doze/M -dozen/MH -dozily -dozy/RTP -dpi -dpt -drab/MYSP -drabber -drabbest -drabness/M -drachma/MS -draconian -draft's -draft/ASDG -draftee/SM -drafter/SM -draftily -draftiness/M -drafting/M -draftsman/M -draftsmanship/M -draftsmen -draftswoman/M -draftswomen -drafty/RTP -drag/MS -dragged -dragging -draggy/TR -dragnet/SM -dragon/SM -dragonfly/SM -dragoon/SMDG -dragster/S -drain/SMDRZG -drainage/M -drainboard/SM -drainer/M -drainpipe/MS -drake/SM -dram/MS -drama/SM -dramatic/S -dramatically -dramatics/M -dramatist/SM -dramatization/SM -dramatize/DSG -drank -drape/DRSMZG -draper/M -drapery/SM -drastic -drastically -drat -dratted -draughtboard/S -draw/MRZGSJ -drawback/MS -drawbridge/MS -drawer/M -drawing/M -drawl/SMDG -drawn/A -drawstring/MS -dray/MS -dread/SMDG -dreadful/PY -dreadfulness/M -dreadlocks/M -dreadnought/MS -dream/SMDRZG -dreamboat/MS -dreamed/U -dreamer/M -dreamily -dreaminess/M -dreamland/M -dreamless -dreamlike -dreamworld/SM -dreamy/RPT -drear -drearily -dreariness/M -dreary/RPT -dredge/DRSMZG -dredger/M -dregs/M -drench/GDS -dress/AUGSDM -dressage/M -dresser/MS -dressiness/M -dressing/SM -dressmaker/SM -dressmaking/M -dressy/TPR -drew/A -dribble/MZGDRS -dribbler/M -driblet/MS -drier/M -drift/SMDRZG -drifter/M -driftnet/S -driftwood/M -drill/SMDRZG -driller/M -drillmaster/SM -drink/SMRBJZG -drinkable/U -drinker/M -drip/MS -dripped -dripping/SM -drippy/TR -drive/RSMZGJ -drivel/SZGMDR -driveler/M -driven -driver/M -driveshaft/SM -driveway/MS -drizzle/MGDS -drizzly -drogue/SM -droid/S -droll/RPT -drollery/SM -drollness/M -drolly -dromedary/SM -drone/DSMG -drool/SMDG -droop/GSMD -droopiness/M -droopy/TPR -drop/MS -dropkick/MS -droplet/SM -dropout/SM -dropped -dropper/SM -dropping/S -droppings/M -dropsical -dropsy/M -dross/M -drought/SM -drove/RSMZ -drover/M -drown/GSJD -drowning/M -drowse/MGDS -drowsily -drowsiness/M -drowsy/RTP -drub/S -drubbed -drubber/SM -drubbing/MS -drudge/MGDS -drudgery/M -drug/MS -drugged -druggie/SM -drugging -druggist/SM -druggy -drugstore/MS -druid/SM -druidism/M -drum/MS -drumbeat/SM -drumlin/SM -drummed -drummer/SM -drumming -drumstick/SM -drunk/STMNR -drunkard/MS -drunken/PY -drunkenness/M -drupe/SM -druthers/M -dry/ZTGDRSMY -dryad/SM -dryer/SM -dryness/M -drys -drywall/M -dual -dualism/M -duality/M -dub/SM -dubbed -dubber/SM -dubbin/M -dubbing -dubiety/M -dubious/YP -dubiousness/M -ducal -ducat/SM -duchess/MS -duchy/SM -duck/MDGS -duckbill/SM -duckboards -duckling/SM -duckpins/M -duckweed/M -ducky/TRSM -duct's/K -duct/CKIFS -ductile -ductility/M -ducting -ductless -dud/GSMD -dude/MS -dudgeon/M -due/SM -duel/MDRJZGS -dueler/M -duelist/SM -duenna/MS -duet/MS -duff/MDRZGS -duffer/M -dug -dugout/MS -duh -duke/MS -dukedom/SM -dulcet -dulcimer/MS -dull/DRPTGS -dullard/SM -dullness/M -dully -duly/U -dumb/RYPT -dumbbell/SM -dumbfound/SDG -dumbness/M -dumbo/S -dumbstruck -dumbwaiter/SM -dumdum/MS -dummy/SM -dump/MDRZGS -dumpiness/M -dumpling/SM -dumpsite/S -dumpster/SM -dumpy/PTR -dun/SM -dunce/SM -dunderhead/MS -dune/MS -dung/MDGS -dungaree/MS -dungeon/SM -dunghill/MS -dunk/MDGS -dunned -dunner -dunnest -dunning -dunno -duo/SM -duodecimal -duodena -duodenal -duodenum/M -duopoly/S -dupe/MZGDRS -duper/M -duple -duplex/MS -duplicate's -duplicate/AGNDS -duplication/AM -duplicator/MS -duplicitous -duplicity/M -durability/M -durable -durably -durance/M -duration/M -duress/M -during -durst -durum/M -dusk/M -duskiness/M -dusky/RTP -dust/MDRZGS -dustbin/SM -dustcart/S -duster/M -dustiness/M -dustless -dustman -dustmen -dustpan/SM -dustsheet/S -dusty/RTP -dutch -duteous/Y -dutiable -dutiful/YP -dutifulness/M -duty/SM -duvet/SM -dwarf/SGMD -dwarfish -dwarfism/M -dweeb/SM -dwell/SJZGR -dweller/M -dwelling/M -dwelt/I -dwindle/DSG -dyadic -dybbuk/SM -dybbukim -dye/DRSMZG -dyeing/A -dyer/M -dyestuff/M -dying/M -dyke/MS -dynamic/MS -dynamical/Y -dynamics/M -dynamism/M -dynamite/MZGDRS -dynamiter/M -dynamo/SM -dynastic -dynasty/SM -dysentery/M -dysfunction/MS -dysfunctional -dyslectic/SM -dyslexia/M -dyslexic/SM -dyspepsia/M -dyspeptic/MS -dysphagia -dysphoria -dysphoric -dysprosium/M -dystonia -dystopi -dystopia -dystopian -dz -e'en -e'er -e/FDST -eBay/M -eMusic/M -ea -each -eager/PTRY -eagerness/M -eagle/MS -eaglet/MS -ear/SMDY -earache/SM -earbud/SM -eardrum/SM -earful/SM -earl/MS -earldom/SM -earliness/M -earlobe/SM -early/RTP -earmark/SMDG -earmuff/SM -earn/DRZTGJS -earned/U -earner/M -earnest/SMYP -earnestness/M -earnings/M -earphone/MS -earpiece/S -earplug/SM -earring/SM -earshot/M -earsplitting -earth's -earth/UDYG -earthbound -earthen -earthenware/M -earthiness/M -earthling/MS -earthly/RT -earthquake/SM -earths/U -earthshaking -earthward/S -earthwork/MS -earthworm/MS -earthy/RTP -earwax/M -earwig/SM -ease/EDSM -easel/SM -easement/SM -easily/U -easiness/UM -easing -east/M -eastbound -easterly/SM -eastern/ZR -easterner/M -easternmost -eastward/S -easy/URTP -easygoing -eat/ZGBSNR -eatable/SM -eaten/U -eater/M -eatery/SM -eave/MS -eavesdrop/S -eavesdropped -eavesdropper/SM -eavesdropping -ebb/SMDG -ebony/SM -ebullience/M -ebullient/Y -ebullition/M -eccentric/SM -eccentrically -eccentricity/SM -eccl -ecclesial -ecclesiastic/SM -ecclesiastical/Y -echelon/SM -echidna -echinoderm/SM -echo's -echo/ADG -echoes/A -echoic -echolocation/M -echos -eclair/SM -eclat/M -eclectic/SM -eclectically -eclecticism/M -eclipse/DSMG -ecliptic/M -eclogue/SM -ecocide/M -ecol -ecologic -ecological/Y -ecologist/MS -ecology/M -econ -econometric/S -economic/S -economical/UY -economics/M -economist/SM -economize/DRSZG -economizer/M -economy/SM -ecosystem/MS -ecotourism/M -ecotourist/MS -ecru/M -ecstasy/SM -ecstatic -ecstatically -ecu/S -ecumenical/Y -ecumenicism/M -ecumenism/M -eczema/M -ed/ACSM -edamame -eddy/DSMG -edelweiss/M -edema/SM -edge/MZGJDRS -edger/M -edgewise -edgily -edginess/M -edging/M -edgy/RTP -edibility/M -edible/SMP -edibleness/M -edict/SM -edification/M -edifice/SM -edifier/M -edify/DRSZGN -edifying/U -edit's -edit/ADGS -editable -edited/U -edition/MS -editor/SM -editorial/SMY -editorialize/DSG -editorship/M -educ -educability/M -educable/I -educate/ADSGNV -educated/U -education/AM -educational/Y -educationalist/S -educationist/S -educations -educator/MS -educe/DSGB -edutainment/M -eek -eel/SM -eerie/RT -eerily -eeriness/M -eff/GSD -efface/DSLG -effacement/M -effect/SMDGV -effective/IPY -effectiveness/IM -effectual/IY -effectuate/DSG -effeminacy/M -effeminate/Y -effendi/SM -efferent -effervesce/GDS -effervescence/M -effervescent/Y -effete/YP -effeteness/M -efficacious/Y -efficacy/IM -efficiency/ISM -efficient/IY -effigy/SM -efflorescence/M -efflorescent -effluence/M -effluent/MS -effluvia -effluvium/M -efflux -effort/SM -effortful -effortless/YP -effortlessness/M -effrontery/M -effulgence/M -effulgent -effuse/DSGNVX -effusion/M -effusive/YP -effusiveness/M -egad -egalitarian/SM -egalitarianism/M -egg/GSMD -eggbeater/MS -eggcup/SM -egghead/SM -eggnog/M -eggplant/MS -eggshell/SM -eglantine/SM -ego/SM -egocentric/MS -egocentrically -egocentricity/M -egoism/M -egoist/SM -egoistic -egoistical/Y -egomania/M -egomaniac/MS -egotism/M -egotist/SM -egotistic -egotistical/Y -egregious/PY -egregiousness/M -egress/MS -egret/SM -eh -eider/SM -eiderdown/MS -eigenvalue/S -eigenvector/S -eight/SM -eighteen/MHS -eighteenth/M -eighteenths -eighth/M -eighths -eightieth/M -eightieths -eighty/SMH -einsteinium/M -eisteddfod/S -either -ejaculate/GNXDS -ejaculation/M -ejaculatory -eject/SDG -ejection/MS -ejector/SM -eke/DSG -elaborate/YGNDSPX -elaborateness/M -elaboration/M -elan/M -eland/SM -elapse/DSG -elastic/MS -elastically -elasticated -elasticity/M -elasticize/DSG -elate/DSGN -elated/Y -elation/M -elbow/SMDG -elbowroom/M -elder/SMY -elderberry/SM -eldercare/M -eldest -eldritch -elect's -elect/ASDGV -electable -election/AMS -electioneer/DGS -elective/MS -elector/MS -electoral/Y -electorate/MS -electric/S -electrical/Y -electrician/MS -electricity/M -electrification/M -electrifier/M -electrify/ZGNDRS -electrocardiogram/MS -electrocardiograph/M -electrocardiographs -electrocardiography/M -electrocute/DSXGN -electrocution/M -electrode/SM -electrodynamics -electroencephalogram/MS -electroencephalograph/M -electroencephalographic -electroencephalographs -electroencephalography/M -electrologist/SM -electrolysis/M -electrolyte/MS -electrolytic -electromagnet/MS -electromagnetic -electromagnetically -electromagnetism/M -electromotive -electron/MS -electronic/S -electronica/M -electronically -electronics/M -electroplate/DSG -electroscope/SM -electroscopic -electroshock/M -electrostatic/S -electrostatics/M -electrotype/MS -electroweak -eleemosynary -elegance/IM -elegant/IY -elegiac/MS -elegiacal -elegy/SM -elem -element/MS -elemental/Y -elementary -elephant/SM -elephantiasis/M -elephantine -elev -elevate/XDSGN -elevation/M -elevator/MS -eleven/SMH -elevens/S -eleventh/M -elevenths -elf/M -elfin -elfish -elicit/SDG -elicitation/M -elide/DSG -eligibility/IM -eligible -eliminate/XDSGN -elimination/M -eliminator/S -elision/MS -elite/SM -elitism/M -elitist/MS -elixir/SM -elk/SM -ell/SM -ellipse/MS -ellipsis/M -ellipsoid/SM -ellipsoidal -elliptic -elliptical/Y -elm/SM -elocution/M -elocutionary -elocutionist/SM -elodea/SM -elongate/DSGNX -elongation/M -elope/DSGL -elopement/MS -eloquence/M -eloquent/Y -else -elsewhere -elucidate/DSGNX -elucidation/M -elude/DSG -elusive/YP -elusiveness/M -elver/SM -elves -elvish -em's -em/S -emaciate/GNDS -emaciation/M -email/SMDG -emanate/XDSGN -emanation/M -emancipate/DSGN -emancipation/M -emancipator/MS -emasculate/GNDS -emasculation/M -embalm/SZGDR -embalmer/M -embank/SLGD -embankment/SM -embargo/MDG -embargoes -embark/AEGDS -embarkation/EM -embarkations -embarrass/GLDS -embarrassed/U -embarrassing/Y -embarrassment/SM -embassy/SM -embattled -embed/S -embedded -embedding -embellish/LGDS -embellishment/SM -ember/SM -embezzle/ZGLDRS -embezzlement/M -embezzler/M -embitter/GLDS -embitterment/M -emblazon/GDLS -emblazonment/M -emblem/SM -emblematic -emblematically -embodiment/EM -embody/AEGSD -embolden/DGS -embolism/MS -embolization -emboss/DRSZG -embosser/M -embouchure/M -embower/SGD -embrace/DSMG -embraceable -embrasure/MS -embrocation/MS -embroider/SDRZG -embroiderer/M -embroidery/SM -embroil/DGLS -embroilment/M -embryo/SM -embryological -embryologist/MS -embryology/M -embryonic -emcee/DSM -emceeing -emend/SDG -emendation/MS -emerald/MS -emerge/ADSG -emergence/AM -emergency/SM -emergent -emerita -emeritus -emery/M -emetic/SM -emf/S -emigrant/SM -emigrate/DSXGN -emigration/M -emigre/SM -eminence/MS -eminent/Y -emir/MS -emirate/MS -emissary/SM -emission/SM -emit/S -emitted -emitter/MS -emitting -emo/SM -emoji/SM -emollient/MS -emolument/MS -emote/XDSGNV -emoticon/SM -emotion/M -emotional/UY -emotionalism/M -emotionalize/GDS -emotionless -emotive/Y -empathetic -empathically -empathize/DSG -empathy/M -emperor/MS -emphases -emphasis/M -emphasize/AGDS -emphatic/U -emphatically -emphysema/M -empire/SM -empiric -empirical/Y -empiricism/M -empiricist/SM -emplacement/SM -employ's -employ/ADGLS -employable/U -employee/SM -employer/SM -employment/UAM -employments -emporium/SM -empower/SDGL -empowerment/M -empress/MS -emptily -emptiness/M -empty/TGPDRSM -empyrean/M -emu/SM -emulate/DSGNVX -emulation/M -emulator/SM -emulsification/M -emulsifier/M -emulsify/NDRSZG -emulsion/MS -en/SM -enable/DRSZG -enabler/M -enact/ASLDG -enactment/ASM -enamel/JSZGMDR -enameler/M -enamelware/M -enamor/SGD -enc -encamp/LSGD -encampment/MS -encapsulate/XGNDS -encapsulation/M -encase/LDSG -encasement/M -encephalitic -encephalitis/M -enchain/DGS -enchant/ELDGS -enchanter/MS -enchanting/Y -enchantment/EM -enchantments -enchantress/MS -enchilada/SM -encipher/SGD -encircle/DSGL -encirclement/M -encl -enclave/MS -enclose/GDS -enclosed/U -enclosure/SM -encode/DRSZG -encoder/M -encomium/MS -encompass/GDS -encore/DSMG -encounter/GSMD -encourage/DSLG -encouragement/SM -encouraging/Y -encroach/GLDS -encroachment/SM -encrust/DGS -encrustation/SM -encrypt/DGS -encryption -encumber/EGSD -encumbered/U -encumbrance/MS -ency -encyclical/SM -encyclopedia/MS -encyclopedic -encyst/LSGD -encystment/M -end/GVSJMD -endanger/SGDL -endangerment/M -endear/SGLD -endearing/Y -endearment/SM -endeavor/GSMD -endemic/MS -endemically -endgame/S -ending/M -endive/SM -endless/PY -endlessness/M -endmost -endocarditis -endocrine/MS -endocrinologist/MS -endocrinology/M -endogenous/Y -endometrial -endometriosis -endometrium -endorphin/MS -endorse/LZGDRS -endorsement/MS -endorser/M -endoscope/MS -endoscopic -endoscopy/M -endothelial -endothermic -endotracheal -endow/SDLG -endowment/MS -endpoint/SM -endue/DSG -endurable/U -endurance/M -endure/DSBG -endways -enema/SM -enemy/SM -energetic -energetically -energize/ZGDRS -energizer/M -energy/SM -enervate/GNDS -enervation/M -enfeeble/GDSL -enfeeblement/M -enfilade/DSMG -enfold/SGD -enforce/LZGDRS -enforceable/U -enforced/U -enforcement/M -enforcer/M -enfranchise/EGDSL -enfranchisement/EM -engage/EADSG -engagement/EMS -engagingly -engender/SGD -engine/SM -engineer/MDGS -engineering/M -engorge/LGDS -engorgement/M -engram/SM -engrave/ZGJDRS -engraver/M -engraving/M -engross/GLDS -engrossment/M -engulf/SLGD -engulfment/M -enhance/LZGDRS -enhancement/SM -enigma/SM -enigmatic -enigmatically -enjambment/SM -enjoin/SGD -enjoy/GBLSD -enjoyably -enjoyment/SM -enlarge/LZGDRS -enlargeable -enlargement/MS -enlarger/M -enlighten/SGLD -enlightened/U -enlightenment/M -enlist/ADGSL -enlistee/SM -enlistment/AM -enlistments -enliven/SLDG -enlivenment/M -enmesh/DSGL -enmeshment/M -enmity/SM -ennoble/DSGL -ennoblement/M -ennui/M -enormity/SM -enormous/PY -enormousness/M -enough/M -enplane/DSG -enqueue/DS -enquirer/S -enquiringly -enrage/GDS -enrapture/DSG -enrich/DSLG -enrichment/M -enroll/DLSG -enrollment/MS -ensconce/DSG -ensemble/SM -enshrine/GLDS -enshrinement/M -enshroud/DGS -ensign/MS -ensilage/M -enslave/DSGL -enslavement/M -ensnare/DSLG -ensnarement/M -ensue/DSG -ensure/ZGDRS -ensurer/M -entail/DSGL -entailment/M -entangle/EDSLG -entanglement/EM -entanglements -entente/SM -enter/ASGD -enteral -enteric -enteritis/M -enterprise/MGS -enterprising/Y -entertain/ZGDRSL -entertainer/M -entertaining/MY -entertainment/MS -enthrall/GDSL -enthrallment/M -enthrone/GDSL -enthronement/SM -enthuse/DSG -enthusiasm/MS -enthusiast/MS -enthusiastic/U -enthusiastically -entice/GDSL -enticement/MS -enticing/Y -entire/Y -entirety/M -entitle/DSGL -entitlement/SM -entity/SM -entomb/DSGL -entombment/M -entomological -entomologist/MS -entomology/M -entourage/SM -entr'acte -entrails/M -entrained -entrance/LDSMG -entrancement/M -entrancing/Y -entrant/SM -entrap/LS -entrapment/M -entrapped -entrapping -entreat/GSD -entreating/Y -entreaty/SM -entree/MS -entrench/DSGL -entrenchment/MS -entrepreneur/SM -entrepreneurial -entrepreneurship -entropy/M -entrust/SGD -entry/ASM -entryphone/S -entryway/MS -entwine/DSG -enumerable -enumerate/DSGNX -enumeration/M -enumerator/SM -enunciate/DSGN -enunciation/M -enuresis/M -envelop/SLDRZG -envelope/SM -enveloper/M -envelopment/M -envenom/SDG -enviable/U -enviably -envious/PY -enviousness/M -environment/MS -environmental/Y -environmentalism/M -environmentalist/SM -environs/M -envisage/GDS -envision/DGS -envoy/SM -envy/DSMG -envying/Y -enzymatic -enzyme/SM -eolian -eon/SM -eosinophil/S -eosinophilic -epaulet/SM -epee/MS -ephedrine/M -ephemera/M -ephemeral/Y -epic/MS -epicenter/MS -epicure/SM -epicurean/MS -epidemic/SM -epidemically -epidemiological -epidemiologist/SM -epidemiology/M -epidermal -epidermic -epidermis/MS -epidural/S -epiglottis/MS -epigram/SM -epigrammatic -epigraph/M -epigraphs -epigraphy/M -epilepsy/M -epileptic/SM -epilogue/MS -epinephrine/M -epiphany/SM -episcopacy/M -episcopal -episcopate/M -episode/SM -episodic -episodically -epistemic -epistemological -epistemology -epistle/SM -epistolary -epitaph/M -epitaphs -epithelial -epithelium/M -epithet/SM -epitome/SM -epitomize/GDS -epoch/M -epochal -epochs -eponymous -epoxy/DSMG -epsilon/SM -equability/M -equable -equably -equal/SMDYG -equality/IM -equalization/M -equalize/ZGDRS -equalizer/M -equanimity/M -equate/DSGNBX -equation/M -equator/SM -equatorial -equerry/SM -equestrian/SM -equestrianism/M -equestrienne/SM -equidistant/Y -equilateral/SM -equilibrium/EM -equine/SM -equinoctial -equinox/MS -equip/AS -equipage/MS -equipment/M -equipoise/M -equipped/UA -equipping/A -equitable/I -equitably/I -equitation/M -equity/ISM -equiv -equivalence/MS -equivalency/SM -equivalent/MYS -equivocal/UY -equivocalness/M -equivocate/GNXDS -equivocation/M -equivocator/SM -er/C -era/SM -eradicable/I -eradicate/DSGN -eradication/M -eradicator/MS -erase/DRSBZG -eraser/M -erasure/SM -erbium/M -ere -erect/PSGDY -erectile -erection/SM -erectness/M -erector/MS -erelong -eremite/MS -erg/SM -ergo -ergonomic/S -ergonomically -ergonomics/M -ergosterol/M -ergot/M -ermine/SM -erode/DSG -erodible -erogenous -erosion/M -erosive -erotic/S -erotica/M -erotically -eroticism/M -err/GSD -errand/SM -errant/I -errata/SM -erratic -erratically -erratum/M -erroneous/Y -error/SM -ersatz/MS -erst -erstwhile -eruct/SDG -eructation/SM -erudite/YN -erudition/M -erupt/SDGV -eruption/MS -erysipelas/M -erythrocyte/SM -erythromycin -escalate/CDSGN -escalation/CM -escalations -escalator/MS -escallop/SGMD -escalope/S -escapade/MS -escape/LMGDS -escapee/MS -escapement/SM -escapism/M -escapist/MS -escapologist/S -escapology -escargot/MS -escarole/MS -escarpment/MS -eschatological -eschatology -eschew/SDG -escort/SMDG -escritoire/MS -escrow/SM -escudo/SM -escutcheon/SM -esophageal -esophagi -esophagus/M -esoteric -esoterically -esp -espadrille/MS -espalier/MDSG -especial/Y -espionage/M -esplanade/MS -espousal/M -espouse/GDS -espresso/MS -esprit/M -espy/DSG -esquire/SM -essay/SMDRZG -essayer/M -essayist/SM -essence/SM -essential/IMS -essentially -establish/AESDGL -establishment/AEM -establishments -estate/SM -esteem/ESMDG -ester/SM -estimable/I -estimate/MGNDSX -estimation/M -estimator/SM -estoppel -estradiol -estrange/LDSG -estrangement/MS -estrogen/MS -estrous -estrus/MS -estuary/SM -eta/SM -etc -etch/DRSZGJ -etcher/M -etching/M -eternal/YP -eternalness/M -eternity/SM -ethane/M -ethanol/M -ether/M -ethereal/Y -ethic/SM -ethical/UY -ethics/M -ethmoid -ethnic/SM -ethnically -ethnicity/M -ethnocentric -ethnocentrism/M -ethnographer/S -ethnographic -ethnographically -ethnography -ethnological/Y -ethnologist/SM -ethnology/M -ethological -ethologist/MS -ethology/M -ethos/M -ethyl/M -ethylene/M -etiolated -etiologic -etiological -etiology/SM -etiquette/M -etude/SM -etymological/Y -etymologist/SM -etymology/SM -eucalypti -eucalyptus/MS -euchre/DSMG -euclidean -eugenic/S -eugenically -eugenicist/MS -eugenics/M -eukaryote/SM -eukaryotic -eulogist/MS -eulogistic -eulogize/ZGDRS -eulogizer/M -eulogy/SM -eunuch/M -eunuchs -euphemism/SM -euphemistic -euphemistically -euphonious/Y -euphony/M -euphoria/M -euphoric -euphorically -eureka -euro/MS -europium/M -eutectic -euthanasia/M -euthanize/DSG -euthenics/M -eutrophication -evacuate/XDSGN -evacuation/M -evacuee/MS -evade/DRSZG -evader/M -evaluate/AGNVDSX -evaluation/AM -evaluator/S -evanescence/M -evanescent -evangelic -evangelical/SMY -evangelicalism/M -evangelism/M -evangelist/MS -evangelistic -evangelize/GDS -evaporate/GNDS -evaporation/M -evaporator/SM -evasion/SM -evasive/YP -evasiveness/M -eve/ASM -even/MDRYTGSJP -evenhanded/Y -evening/M -evenness/UM -evensong/M -event/SM -eventful/UY -eventfulness/M -eventide/M -eventual/Y -eventuality/SM -eventuate/GDS -ever -everglade/SM -evergreen/SM -everlasting/MYS -evermore -every -everybody/M -everyday -everyone/M -everyplace -everything/M -everywhere -evict/SDG -eviction/MS -evidence/MGDS -evident/Y -evil/MRYTSP -evildoer/SM -evildoing/M -eviller -evillest -evilness/M -evince/DSG -eviscerate/DSGN -evisceration/M -evocation/MS -evocative/Y -evoke/DSG -evolution/M -evolutionary -evolutionist/SM -evolve/DSG -ewe/RSMZ -ewer/M -ex/MS -exabyte/MS -exacerbate/GNDS -exacerbation/M -exact/SPDRYTG -exacting/Y -exaction/M -exactitude/M -exactness/IM -exaggerate/XDSGN -exaggerated/Y -exaggeration/M -exaggerator/MS -exajoule/S -exalt/SDG -exaltation/M -exam/MS -examination/AMS -examine/AGDS -examiner/MS -example/MGDS -exampled/U -exasperate/DSGN -exasperated/Y -exasperating/Y -exasperation/M -excavate/GNDSX -excavation/M -excavator/SM -exceed/GSD -exceeding/Y -excel/S -excelled -excellence/M -excellency/SM -excellent/Y -excelling -excelsior/M -except/GSD -exception/BSM -exceptionable/U -exceptional/UY -exceptionalism -excerpt/MDGS -excess/VMS -excessive/Y -exchange/DSMG -exchangeable -exchequer/SM -excise/XDSMGN -excision/M -excitability/M -excitably -excitation/M -excite/BDRSLZG -excited/Y -excitement/SM -exciter/M -exciting/Y -exciton -excl -exclaim/DGS -exclamation/SM -exclamatory -exclude/GDS -exclusion/MS -exclusionary -exclusive/PMYS -exclusiveness/M -exclusivity/M -excommunicate/GNDSX -excommunication/M -excoriate/DSGNX -excoriation/M -excrement/M -excremental -excrescence/MS -excrescent -excreta/M -excrete/XGNDS -excretion/M -excretory -excruciating/Y -exculpate/DSGN -exculpation/M -exculpatory -excursion/MS -excursionist/MS -excursive/YP -excursiveness/M -excusable/I -excusably/I -excuse/DSBMG -excused/U -exec/MS -execrable -execrably -execrate/DSGN -execration/M -execute/BXGNVDS -execution/ZMR -executioner/M -executive/SM -executor/MS -executrices -executrix/M -exegeses -exegesis/M -exegetic -exegetical -exemplar/SM -exemplary -exemplification/M -exemplify/GDSXN -exempt/SGD -exemption/SM -exercise/DRSMZG -exerciser/M -exert/SDG -exertion/MS -exeunt -exfoliate/GNDS -exhalation/MS -exhale/DSG -exhaust/GVMDS -exhaustible/I -exhaustion/M -exhaustive/YP -exhaustiveness/M -exhibit/GMDS -exhibition/MS -exhibitionism/M -exhibitionist/MS -exhibitor/SM -exhilarate/DSGN -exhilaration/M -exhort/SDG -exhortation/MS -exhumation/MS -exhume/DSG -exigence/MS -exigency/SM -exigent -exiguity/M -exiguous -exile/DSMG -exilic -exist/SDG -existence/MS -existent -existential/Y -existentialism/M -existentialist/MS -exit/MDGS -exobiology/M -exodus/MS -exogenous -exon/MS -exonerate/GNDS -exoneration/M -exoplanet/MS -exorbitance/M -exorbitant/Y -exorcise/DSG -exorcism/SM -exorcist/SM -exoskeleton/SM -exosphere/SM -exothermic -exotic/SM -exotica -exotically -exoticism/M -exp -expand/BGSD -expanse/XMNVS -expansible -expansion/M -expansionary -expansionism/M -expansionist/MS -expansive/YP -expansiveness/M -expat/S -expatiate/GNDS -expatiation/M -expatriate/DSMGN -expatriation/M -expect/GSD -expectancy/M -expectant/Y -expectation/SM -expectorant/SM -expectorate/DSGN -expectoration/M -expedience/IM -expediences -expediencies -expediency/IM -expedient/SMY -expedite/DRSZGNX -expediter/M -expedition/M -expeditionary -expeditious/PY -expeditiousness/M -expel/S -expelled -expelling -expend/GSBD -expendable/SM -expenditure/SM -expense/MS -expensive/IYP -expensiveness/IM -experience/IMD -experiences -experiencing -experiential -experiment/MDRSZG -experimental/Y -experimentation/M -experimenter/M -expert/SPMY -expertise/M -expertness/M -expiate/GNDS -expiation/M -expiatory -expiration/M -expire/DSG -expired/U -expiry/M -explain/ADGS -explainable -explained/U -explanation/MS -explanatory -expletive/MS -explicable/I -explicate/XGNDS -explication/M -explicit/PY -explicitness/M -explode/GDS -exploit/ZGBMDRS -exploitation/M -exploitative -exploited/U -exploiter/M -exploration/MS -exploratory -explore/ZGDRS -explored/U -explorer/M -explosion/SM -explosive/SPMY -explosiveness/M -expo/MS -exponent/MS -exponential/Y -exponentiation -export/BSZGMDR -exportation/M -exporter/M -expose/DSMG -exposed/U -exposition/SM -expositor/SM -expository -expostulate/GNXDS -expostulation/M -exposure/MS -expound/ZGDRS -expounder/M -express/GVMDSY -expressed/U -expressible/I -expression/SM -expressionism/M -expressionist/SM -expressionistic -expressionless/Y -expressive/PY -expressiveness/M -expressway/SM -expropriate/GNXDS -expropriation/M -expropriator/SM -expulsion/MS -expunge/GDS -expurgate/DSGNX -expurgated/U -expurgation/M -exquisite/YP -exquisiteness/M -ext -extant -extemporaneous/PY -extemporaneousness/M -extempore -extemporization/M -extemporize/GDS -extend/SZGDRB -extender/M -extensibility -extensible -extension/SM -extensional -extensive/YP -extensiveness/M -extent/SM -extenuate/DSGN -extenuation/M -exterior/MS -exterminate/DSXGN -extermination/M -exterminator/MS -external/MYS -externalization/SM -externalize/DSG -extinct/GDS -extinction/MS -extinguish/ZGBDRS -extinguishable/I -extinguisher/M -extirpate/GNDS -extirpation/M -extol/S -extolled -extolling -extort/SGD -extortion/MRZ -extortionate/Y -extortioner/M -extortionist/MS -extra/SM -extracellular -extract/MDGVS -extraction/SM -extractor/MS -extracurricular -extradite/GNBXDS -extradition/M -extrajudicial -extralegal -extramarital -extramural -extraneous/Y -extraordinaire -extraordinarily -extraordinary -extrapolate/XGNDS -extrapolation/M -extrasensory -extraterrestrial/MS -extraterritorial -extraterritoriality/M -extravagance/MS -extravagant/Y -extravaganza/MS -extravehicular -extreme/PMYTRS -extremeness/M -extremism/M -extremist/MS -extremity/SM -extricable/I -extricate/GNDS -extrication/M -extrinsic -extrinsically -extroversion/M -extrovert/SMD -extrude/GDS -extrusion/SM -extrusive -exuberance/M -exuberant/Y -exudation/M -exude/DSG -exult/SDG -exultant/Y -exultation/M -exurb/SM -exurban -exurbanite/SM -exurbia/M -eye/DSM -eyeball/GMDS -eyebrow/SM -eyedropper/SM -eyeful/SM -eyeglass/MS -eyeing -eyelash/MS -eyeless -eyelet/SM -eyelid/SM -eyeliner/MS -eyeopener/MS -eyeopening -eyepiece/MS -eyesight/M -eyesore/MS -eyestrain/M -eyeteeth -eyetooth/M -eyewash/M -eyewitness/MS -f/CIAVTR -fMRI -fa/M -fab -fable/DSM -fabric/SM -fabricate/DSGNX -fabrication/M -fabricator/SM -fabulous/Y -facade/SM -face's -face/ACSDG -facecloth/M -facecloths -faceless -facepalm/SDG -facet/SMDG -facetious/YP -facetiousness/M -facial/SMY -facile/Y -facilitate/GNDS -facilitation/M -facilitator/MS -facility/SM -facing/SM -facsimile/DSM -facsimileing -fact/MS -faction/SM -factional -factionalism/M -factious -factitious -factoid/SM -factor's -factor/ASDG -factorial/MS -factorization -factorize/GDS -factory/SM -factotum/SM -factual/Y -faculty/SM -fad/GSMD -faddish/P -faddist/MS -faddy/P -fade/MS -fading/U -faerie/SM -faff/DGS -fag/SM -fagged -fagging -faggot/SM -fagot/SMG -faience/M -fail/DGJS -failing/M -faille/M -failure/SM -fain/RT -faint/SMDRYTGP -fainthearted -faintness/M -fair/MRYTGJPS -fairground/MS -fairing/M -fairness/UM -fairway/SM -fairy/SM -fairyland/SM -faith/M -faithful's -faithful/UPY -faithfulness/UM -faithfuls -faithless/PY -faithlessness/M -faiths -fajita/SM -fajitas/M -fake/MZGDRS -faker/M -fakir/SM -falcon/SMRZ -falconer/M -falconry/M -fall/MNGS -fallacious/Y -fallacy/SM -fallback -fallibility/IM -fallible/P -fallibleness/M -fallibly/I -falloff/SM -fallout/M -fallow/SMDG -false/PRYT -falsehood/SM -falseness/M -falsetto/SM -falsie/SM -falsifiable -falsification/M -falsifier/M -falsify/DRSZGNX -falsity/SM -falter/GSJMD -faltering/Y -fame's -fame/D -familial -familiar/MYS -familiarity/UM -familiarization/M -familiarize/GDS -family/SM -famine/SM -famish/DSG -famous/IY -fan/SM -fanatic/SM -fanatical/Y -fanaticism/M -fanboy/SM -fanciable -fancier/M -fanciful/YP -fancifulness/M -fancily -fanciness/M -fancy/DRSMZTGP -fancywork/M -fandango/MS -fandom -fanfare/SM -fang/MDS -fanlight/SM -fanned -fanning -fanny/SM -fantail/MS -fantasia/SM -fantasist/S -fantasize/GDS -fantastic -fantastical/Y -fantasy/DSMG -fanzine/MS -far -farad/SM -faradize/DG -faraway -farce/SM -farcical/Y -fare/MGDS -farewell/SM -farina/M -farinaceous -farm/MDRZGSJ -farmer/M -farmhand/SM -farmhouse/SM -farming/M -farmland/MS -farmstead/MS -farmyard/MS -faro/M -farrago/M -farragoes -farrier/MS -farrow/SMDG -farseeing -farsighted/P -farsightedness/M -fart/MDGS -farther -farthermost -farthest -farthing/SM -fascia/SM -fascicle/SM -fascinate/GNDSX -fascinating/Y -fascination/M -fascism/M -fascist/MS -fascistic -fashion/ZGBMDRS -fashionable/U -fashionably/U -fashioner/M -fashionista/MS -fast/MDRTGSP -fastback/SM -fastball/SM -fasten/UAGDS -fastener/SM -fastening/MS -fastidious/PY -fastidiousness/M -fastness/MS -fat/GSPMD -fatal/Y -fatalism/M -fatalist/SM -fatalistic -fatalistically -fatality/SM -fatback/M -fate/MS -fateful/YP -fatefulness/M -fathead/MDS -father/SGMDY -fatherhood/M -fatherland/MS -fatherless -fathom/SMDGB -fathomable/U -fathomless -fatigue/MDSG -fatigues/M -fatness/M -fatso/S -fatten/SDG -fatter -fattest -fattiness/M -fatty/RSMTP -fatuity/M -fatuous/YP -fatuousness/M -fatwa/SM -faucet/SM -fault/CSMDG -faultfinder/SM -faultfinding/M -faultily -faultiness/M -faultless/PY -faultlessness/M -faulty/PRT -faun/MS -fauna/SM -fauvism/M -fauvist/SM -faux -fave/S -favor/ESMDG -favorable/U -favorably/U -favorite/SM -favoritism/M -fawn/MDRZGS -fawner/M -fax/GMDS -fay/TSMR -faze/GDS -fazed/U -fealty/M -fear/MDGS -fearful/YP -fearfulness/M -fearless/PY -fearlessness/M -fearsome -feasibility/M -feasible/IU -feasibly -feast/SMDRZG -feaster/M -feat/MS -feather/SGMD -featherbedding/M -featherbrained -featherless -featherweight/MS -feathery/TR -feature/DSMG -featureless -febrile -fecal -feces/M -feckless/PY -fecund -fecundate/GNDS -fecundation/M -fecundity/M -fed/SM -federal/SMY -federalism/M -federalist/MS -federalization/M -federalize/GDS -federate/FXDSGN -federation/FM -fedora/SM -fee/SM -feeble/RTP -feebleness/M -feebly -feed/MRZGSJ -feedback/M -feedbag/SM -feeder/M -feeding/M -feedlot/SM -feel/MRZGSJ -feeler/M -feelgood -feeling/MY -feet -feign/SDG -feigned/U -feint/SMDG -feisty/TR -feldspar/M -felicitate/GNXDS -felicitation/M -felicitous/Y -felicity/ISM -feline/SM -fell/MDRZTGS -fella/S -fellatio/M -fellow/SM -fellowman/M -fellowmen -fellowship/MS -felon/SM -felonious -felony/SM -felt/MDGS -fem -female/PSM -femaleness/M -feminine/SMY -femininity/M -feminism/M -feminist/SM -feminize/DSG -femoral -femur/SM -fen/SM -fence/DRSMZG -fencer/M -fencing/M -fend/CDRZGS -fender/CM -fenestration/M -fennel/M -fentanyl/M -feral -ferment/FCMS -fermentation/M -fermented -fermenting -fermium/M -fern/MS -ferny/RT -ferocious/PY -ferociousness/M -ferocity/M -ferret/GSMD -ferric -ferromagnetic -ferromagnetism -ferrous -ferrule/MS -ferry/DSMG -ferryboat/SM -ferryman/M -ferrymen -fertile/I -fertility/IM -fertilization/M -fertilize/DRSZG -fertilized/U -fertilizer/M -ferule/SM -fervency/M -fervent/Y -fervid/Y -fervor/M -fess/FKGSD -fest/MRZVS -festal -fester/GMD -festival/SM -festive/YP -festiveness/M -festivity/SM -festoon/GMDS -feta/M -fetal -fetch/DRSZG -fetcher/M -fetching/Y -fete/MGDS -fetid/P -fetidness/M -fetish/MS -fetishism/M -fetishist/SM -fetishistic -fetlock/MS -fetter's -fetter/USGD -fettle/M -fettuccine/M -fetus/MS -feud/MDGS -feudal -feudalism/M -feudalistic -fever/SMD -feverish/YP -feverishness/M -few/TPMR -fewness/M -fey -fez/M -fezzes -ff -fiance/CM -fiancee/MS -fiances -fiasco/M -fiascoes -fiat/MS -fib/ZSMR -fibbed -fibber/SM -fibbing -fiber/M -fiberboard/M -fiberfill/M -fiberglass/M -fibril/SM -fibrillate/GNDS -fibrillation/M -fibrin/M -fibroid -fibrosis/M -fibrous -fibula/M -fibulae -fibular -fiche/SM -fichu/SM -fickle/RPT -fickleness/M -fiction/MS -fictional/Y -fictionalization/SM -fictionalize/DSG -fictitious/Y -fictive -ficus/M -fiddle/DRSMZG -fiddler/M -fiddlesticks -fiddly/TR -fidelity/IM -fidget/SGMD -fidgety -fiduciary/SM -fie -fief/MS -fiefdom/MS -field/ISMRZ -fielded -fielder/IM -fielding -fieldsman -fieldsmen -fieldwork/MRZ -fieldworker/M -fiend/SM -fiendish/Y -fierce/PRYT -fierceness/M -fieriness/M -fiery/RPT -fiesta/SM -fife/MZRS -fifer/M -fifteen/MHS -fifteenth/M -fifteenths -fifth/MY -fifths -fiftieth/M -fiftieths -fifty/SMH -fig/SLM -fight/SMRZG -fightback -fighter/IMS -fighting/IM -figment/MS -figuration/FM -figurative/Y -figure's -figure/FEGSD -figurehead/SM -figurine/MS -filament/MS -filamentous -filbert/MS -filch/DSG -file's/KC -file/CAKGDS -filename/S -filer/CSM -filet -filial -filibuster/MDRSZG -filibusterer/M -filigree/DSM -filigreeing -filing's -filings -fill's -fill/AIDGS -filled/U -filler/MS -fillet/MDGS -filling/SM -fillip/MDGS -filly/SM -film/MDGS -filminess/M -filmmaker/SM -filmstrip/MS -filmy/TPR -filo -filter/MDRBSZG -filtered/U -filterer/M -filth/M -filthily -filthiness/M -filthy/RPT -filtrate's -filtrate/IGNDS -filtration/IM -fin/SMR -finagle/DRSZG -finagler/M -final/SMY -finale/MS -finalist/SM -finality/M -finalization/M -finalize/DSG -finance's -finance/ADSG -financial/Y -financier/MS -financing/M -finch/MS -find/JMRZGS -finder/M -finding/M -findings/M -fine's/F -fine/CAFTGDS -finely -fineness/M -finery/AM -finespun -finesse/DSMG -finger/MDGSJ -fingerboard/SM -fingering/M -fingerling/SM -fingermark/S -fingernail/SM -fingerprint/SGMD -fingertip/MS -finial/MS -finical -finickiness/M -finicky/RPT -finis/MS -finish's -finish/ADSG -finished/U -finisher/MS -finite/IY -fink/MDGS -finned -finny -fir/ZGSJMDRH -fire/MS -firearm/SM -fireball/MS -firebomb/MDSJG -firebox/MS -firebrand/SM -firebreak/SM -firebrick/SM -firebug/SM -firecracker/SM -firedamp/M -firefight/MRSZG -firefighter/M -firefighting/M -firefly/SM -fireguard/S -firehouse/SM -firelight/ZMR -fireman/M -firemen -fireplace/SM -fireplug/MS -firepower/M -fireproof/DSG -firer/M -firescreen/S -fireside/MS -firestorm/MS -firetrap/MS -firetruck/MS -firewall/MS -firewater/M -firewood/M -firework/SM -firm/MDRYPTGS -firmament/SM -firmness/M -firmware/M -first/SMY -firstborn/SM -firsthand -firth/M -firths -fiscal/MYS -fish/MDRSZG -fishbowl/SM -fishcake/SM -fisher/M -fisherman/M -fishermen -fishery/SM -fishhook/SM -fishily -fishiness/M -fishing/M -fishmonger/MS -fishnet/SM -fishpond/MS -fishtail/DGS -fishwife/M -fishwives -fishy/TRP -fissile -fission/BM -fissure/SM -fist/MS -fistfight/MS -fistful/SM -fisticuffs/M -fistula/SM -fistulous/M -fit/KAMS -fitful/YP -fitfulness/M -fitly -fitment/S -fitness/UM -fitted/UA -fitter/MS -fittest -fitting/SMY -five/MZRS -fix/ZGBJMDRS -fixate/GNVDSX -fixation/M -fixative/MS -fixed/Y -fixer/M -fixings/M -fixity/M -fixture/MS -fizz/MDSG -fizzle/DSMG -fizzy/RT -fjord/SM -fl/JDG -flab/M -flabbergast/SGD -flabbily -flabbiness/M -flabby/RPT -flaccid/Y -flaccidity/M -flack/SM -flag/MS -flagella -flagellant/S -flagellate/GNDS -flagellation/M -flagellum/M -flagged -flagging/U -flagman/M -flagmen -flagon/MS -flagpole/SM -flagrance/M -flagrancy/M -flagrant/Y -flagship/SM -flagstaff/MS -flagstone/MS -flail/SGMD -flair/SM -flak/M -flake/DSMG -flakiness/M -flaky/TRP -flamage -flambe/MS -flambeed -flambeing -flamboyance/M -flamboyancy/M -flamboyant/Y -flame/DRSJMZG -flamenco/MS -flameproof/DGS -flamethrower/SM -flamingo/MS -flammability/IM -flammable/SM -flan/MS -flange/MS -flank/SZGMDR -flanker/M -flannel/SGMD -flannelette/M -flap/MS -flapjack/MS -flapped -flapper/SM -flapping -flare/DSMG -flareup/SM -flash/ZTGMDRS -flashback/SM -flashbulb/SM -flashcard/SM -flashcube/SM -flasher/M -flashgun/SM -flashily -flashiness/M -flashing/M -flashlight/MS -flashy/RTP -flask/SM -flat/MYPS -flatbed/SM -flatboat/SM -flatbread -flatcar/SM -flatfeet -flatfish/MS -flatfoot/SMD -flatiron/SM -flatland/M -flatlet/S -flatmate/S -flatness/M -flatted -flatten/SDG -flatter/SDRZG -flatterer/M -flattering/Y -flattery/M -flattest -flatting -flattish -flattop/SM -flatulence/M -flatulent -flatus/M -flatware/M -flatworm/SM -flaunt/MDSG -flaunting/Y -flavor/MDSGJ -flavored/U -flavorful -flavoring/M -flavorless -flavorsome -flaw/MDGS -flawless/PY -flawlessness/M -flax/MN -flay/DGS -flea/MS -fleabag/SM -fleabite/S -fleapit/S -fleck/SGMD -fledged/U -fledgling/MS -flee/S -fleece/MZGDRS -fleecer/M -fleeciness/M -fleecy/RTP -fleeing -fleet/STGMDRYP -fleetingly/M -fleetingness/M -fleetness/M -flesh/GMDSY -fleshly/TR -fleshpot/MS -fleshy/RT -flew -flex/AMS -flexed -flexibility/IM -flexible/I -flexibly/I -flexing -flexion -flextime/M -flibbertigibbet/SM -flick/SZGMDR -flicker/GMD -flier/M -flight/MS -flightiness/M -flightless -flighty/PTR -flimflam/SM -flimflammed -flimflamming -flimsily -flimsiness/M -flimsy/TRP -flinch/GMDS -fling/GM -flint/SM -flintlock/SM -flinty/TR -flip/MS -flippancy/M -flippant/Y -flipped -flipper/MS -flippest -flipping -flippy/S -flirt/SGMD -flirtation/MS -flirtatious/YP -flirtatiousness/M -flirty -flit/MS -flitted -flitting -float/SMDRZG -floater/M -flock/SMDG -flocking/M -floe/MS -flog/S -flogged -flogger/SM -flogging/MS -flood/SMDRG -floodgate/MS -floodlight/MDSG -floodlit -floodplain/MS -floodwater/MS -floor/SMDG -floorboard/MS -flooring/M -floorwalker/SM -floozy/SM -flop/MS -flophouse/MS -flopped -floppily -floppiness/M -flopping -floppy/PRSMT -flora/SM -floral -florescence/IM -florescent/I -floret/SM -florid/PY -floridness/M -florin/SM -florist/SM -floss/MDSG -flossy/RT -flotation/SM -flotilla/MS -flotsam/M -flounce/DSMG -flouncy -flounder/MDSG -flour/SMDG -flourish/GMDS -floury -flout/SMDRZG -flouter/M -flow/MDGS -flowchart/SM -flower's -flower/CSDG -flowerbed/MS -floweriness/M -flowering/S -flowerless -flowerpot/MS -flowery/PTR -flown -flt -flu/M -flub/MS -flubbed -flubbing -fluctuate/GNDSX -fluctuation/M -flue/MS -fluency/M -fluent/Y -fluff/SMDG -fluffiness/M -fluffy/RPT -fluid/SMY -fluidity/M -fluke/SM -fluky/RT -flume/SM -flummox/DSG -flung -flunk/SMDG -flunky/SM -fluoresce/DSG -fluorescence/M -fluorescent -fluoridate/GNDS -fluoridation/M -fluoride/SM -fluorine/M -fluorite/M -fluorocarbon/MS -fluoroscope/SM -fluoroscopic -fluoxetine -flurry/GDSM -flush/MDRSTG -fluster/MDSG -flute/DSMG -fluting/M -flutist/MS -flutter/MDSG -fluttery -fluvial -flux/IMS -fluxed -fluxing -fly/ZTGBDRSM -flyaway -flyblown -flyby/M -flybys -flycatcher/MS -flying/M -flyleaf/M -flyleaves -flyover/MS -flypaper/SM -flypast/S -flysheet/S -flyspeck/GMDS -flyswatter/MS -flytrap/S -flyway/SM -flyweight/SM -flywheel/MS -foal/MDGS -foam/MDGS -foaminess/M -foamy/RTP -fob/SM -fobbed -fobbing -focal/Y -focus's -focus/ADSG -focused/U -fodder/SM -foe/SM -fog's -fog/CS -fogbound -fogged/C -foggily -fogginess/M -fogging/C -foggy/RTP -foghorn/MS -fogy/SM -fogyish -foible/SM -foil/MDGS -foist/SDG -fol -fold's -fold/AUSGD -foldaway -folder/SM -foldout/MS -foliage/M -folic -folio/SM -folk/MS -folklore/M -folkloric -folklorist/MS -folksiness/M -folksinger/SM -folksinging/M -folksy/PTR -folktale/MS -folkway/MS -foll -follicle/MS -follow/SDRZGJ -follower/M -following/M -followup/S -folly/SM -foment/SGD -fomentation/M -fond/RYTP -fondant/MS -fondle/DSG -fondness/M -fondue/SM -font/MS -fontanel/MS -foo -foobar -food/MS -foodie/SM -foodstuff/SM -fool/MDGS -foolery/SM -foolhardily -foolhardiness/M -foolhardy/TPR -foolish/YP -foolishness/M -foolproof -foolscap/M -foot/MDRZGSJ -footage/M -football/MRZGS -footballer/M -footbridge/SM -footfall/MS -foothill/MS -foothold/MS -footie -footing/M -footless -footlights/M -footling/MS -footlocker/SM -footloose -footman/M -footmen -footnote/MGDS -footpath/M -footpaths -footplate/S -footprint/SM -footrace/MS -footrest/MS -footsie/SM -footslogging -footsore -footstep/MS -footstool/SM -footwear/M -footwork/M -footy -fop/SM -foppery/M -foppish/P -foppishness/M -for/H -fora -forage/DRSMZG -forager/M -foray/SMDG -forbade -forbear/SMG -forbearance/M -forbid/S -forbidden -forbidding/YS -forbore -forborne -force/DSMG -forced/U -forceful/PY -forcefulness/M -forceps/M -forcible -forcibly -ford/MDGSB -fore/MS -forearm/GSMD -forebear/MS -forebode/GJDS -foreboding/M -forecast/MRZGS -forecaster/M -forecastle/MS -foreclose/DSG -foreclosure/MS -forecourt/SM -foredoom/DGS -forefather/MS -forefeet -forefinger/SM -forefoot/M -forefront/SM -forego/G -foregoes -foregone -foreground/GMDS -forehand/MS -forehead/MS -foreign/ZRP -foreigner/M -foreignness/M -foreknew -foreknow/GS -foreknowledge/M -foreknown -foreleg/SM -forelimb/MS -forelock/MS -foreman/M -foremast/MS -foremen -foremost -forename/MDS -forenoon/MS -forensic/MS -forensically -forensics/M -foreordain/GSD -forepart/MS -foreperson/SM -foreplay/M -forequarter/MS -forerunner/MS -foresail/MS -foresaw -foresee/RSBZ -foreseeable/U -foreseeing -foreseen/U -foreseer/M -foreshadow/GDS -foreshore/S -foreshorten/DSG -foresight/MD -foresightedness/M -foreskin/MS -forest's -forest/ACGDS -forestall/SGD -forestation/ACM -forester/MS -forestland/M -forestry/M -foretaste/DSMG -foretell/GS -forethought/M -foretold -forever/M -forevermore -forewarn/DSG -forewent -forewoman/M -forewomen -foreword/MS -forfeit/GSMD -forfeiture/SM -forgather/SDG -forgave -forge/DRSMZGVJ -forger/M -forgery/SM -forget/S -forgetful/YP -forgetfulness/M -forgettable/U -forgetting -forging/M -forgivable/U -forgive/BRSZGP -forgiven -forgiveness/M -forgiver/M -forgiving/U -forgo/RZG -forgoer/M -forgoes -forgone -forgot -forgotten/U -fork/MDGS -forkful/SM -forklift/MS -forlorn/Y -form's -form/CAIFDGS -formal/SMY -formaldehyde/M -formalin -formalism/M -formalist/MS -formalities -formality/IM -formalization/M -formalize/GDS -format/SMV -formation/CFASM -formatted/A -formatting/M -formed/U -former/FIAM -formerly -formfitting -formic -formidable -formidably -formless/PY -formlessness/M -formula/MS -formulae -formulaic -formulate/ADSGNX -formulated/U -formulation/AM -formulator/SM -fornicate/GNDS -fornication/M -fornicator/MS -forsake/GS -forsaken -forsook -forsooth -forswear/SG -forswore -forsworn -forsythia/SM -fort/MS -forte/SM -forthcoming/M -forthright/YP -forthrightness/M -forthwith -fortieth/M -fortieths -fortification/M -fortified/U -fortifier/M -fortify/DRSNZGX -fortissimo -fortitude/M -fortnight/MYS -fortress/MS -fortuitous/YP -fortuitousness/M -fortuity/M -fortunate/UY -fortune/MS -fortuneteller/SM -fortunetelling/M -forty/SMH -forum/SM -forward/MDRYZTGSP -forwarder/M -forwardness/M -forwent -fossa -fossil/SM -fossilization/M -fossilize/GDS -foster/GSD -fought -foul/MDRYTGSP -foulard/M -foulmouthed -foulness/M -found/FSDG -foundation/SM -foundational -founded/U -founder/GMDS -foundling/SM -foundry/SM -fount/SM -fountain/SM -fountainhead/MS -four/MHS -fourfold -fourposter/SM -fourscore/M -foursome/SM -foursquare -fourteen/SMH -fourteenth/M -fourteenths -fourth/MY -fourths -fowl/MDGS -fox/GMDS -foxfire/M -foxglove/SM -foxhole/MS -foxhound/SM -foxhunt/GS -foxily -foxiness/M -foxtrot/MS -foxtrotted -foxtrotting -foxy/RTP -foyer/SM -fps -fr -fracas/MS -frack/SDG -fractal/SM -fraction/ISM -fractional/Y -fractious/YP -fractiousness/M -fracture/MGDS -frag/S -fragile/RT -fragility/M -fragment/GMDS -fragmentary/M -fragmentation/M -fragrance/MS -fragrant/Y -frail/RYTP -frailness/M -frailty/SM -frame/DRSMZG -framed/U -framer/M -framework/SM -franc/SM -franchise's -franchise/EDSG -franchisee/SM -franchiser/SM -francium/M -francophone -frangibility/M -frangible -frank/SMDRYTGP -frankfurter/MS -frankincense/M -frankness/M -frantic -frantically -frappe/SM -frat/MS -fraternal/Y -fraternity/FSM -fraternization/M -fraternize/ZGDRS -fraternizer/M -fratricidal -fratricide/MS -fraud's -fraud/S -fraudster/S -fraudulence/M -fraudulent/Y -fraught -fray's -fray/CDGS -frazzle/MGDS -freak/SMDG -freakish/YP -freakishness/M -freaky/RT -freckle/DSMG -freckly -free/YTDRS -freebase/MGDS -freebie/SM -freebooter/SM -freeborn -freedman/M -freedmen -freedom/SM -freehand -freehold/ZMRS -freeholder/M -freeing -freelance/DRSMZG -freelancer/M -freeload/SDRZG -freeloader/M -freeman/M -freemasonry -freemen -freephone -freesia/S -freestanding -freestone/SM -freestyle/SM -freethinker/SM -freethinking/M -freeware/M -freeway/MS -freewheel/DGS -freewill -freezable -freeze's -freeze/UAGS -freezer/MS -freezing's -freight/MDRZGS -freighter/M -french -frenemy/S -frenetic -frenetically -frenzied/Y -frenzy/DSM -freq -frequencies -frequency/IM -frequent/DRYSZTG -frequented/U -frequenter/M -fresco/M -frescoes -fresh/PNRYXZT -freshen/ZGDR -freshener/M -freshet/MS -freshman/M -freshmen -freshness/M -freshwater/M -fret/MS -fretful/YP -fretfulness/M -fretsaw/MS -fretted -fretting -fretwork/M -friable -friar/SM -friary/SM -fricassee/DSM -fricasseeing -fricative/SM -friction/SM -frictional -fridge/SM -friedcake/MS -friend's -friend/UGSDY -friendless -friendlies -friendliness/UM -friendly's -friendly/UPTR -friendship/MS -frieze/SM -frig/S -frigate/MS -frigged -frigging -fright/SXGMDN -frighten/DG -frightening/Y -frightful/PY -frightfulness/M -frigid/YP -frigidity/M -frigidness/M -frill/SMD -frilly/TR -fringe's -fringe/IDSG -frippery/SM -frisk/SDG -friskily -friskiness/M -frisky/TRP -frisson/S -fritter/MDSG -fritz/M -frivolity/SM -frivolous/PY -frivolousness/M -frizz/MDSYG -frizzle/MGDS -frizzy/TR -fro -frock's -frock/CUS -frog/MS -frogging/S -frogman/M -frogmarch/GDS -frogmen -frogspawn -frolic/SM -frolicked -frolicker/SM -frolicking -frolicsome -from -frond/SM -front's -front/FSDG -frontage/MS -frontal/Y -frontbench/ZRS -frontier/MS -frontiersman/M -frontiersmen -frontierswoman -frontierswomen -frontispiece/MS -frontward/S -frosh/M -frost's -frost/CSDG -frostbit -frostbite/MGS -frostbitten -frostily -frostiness/M -frosting/SM -frosty/TPR -froth/MDG -frothiness/M -froths -frothy/TPR -froufrou/M -frown/SMDG -frowzily -frowziness/M -frowzy/TPR -froze/AU -frozen/UA -fructify/DSG -fructose/M -frugal/Y -frugality/M -fruit/SMDG -fruitcake/MS -fruiterer/S -fruitful/YP -fruitfulness/M -fruitiness/M -fruition/M -fruitless/PY -fruitlessness/M -fruity/TPR -frump/SM -frumpish -frumpy/TR -frustrate/GNXDS -frustrating/Y -frustration/M -frustum/MS -fry/GDSM -fryer/SM -ft -ftp/ZGS -fuchsia/MS -fuck/SMGDRZ! -fucker/M! -fuckhead/S! -fuddle/DSMG -fudge/DSMG -fuehrer/MS -fuel's -fuel/ADGS -fug -fugal -fuggy -fugitive/MS -fugue/SM -fuhrer/SM -fulcrum/MS -fulfill/LDGS -fulfilled/U -fulfilling/U -fulfillment/M -full/MDRZTGSP -fullback/MS -fuller/M -fullness/M -fully -fulminate/DSXGN -fulmination/M -fulsome/PY -fulsomeness/M -fum/S -fumble/DRSMZG -fumbler/M -fumbling/Y -fume/MGDS -fumigant/MS -fumigate/GNDS -fumigation/M -fumigator/SM -fumy/RT -fun/M -function/MDGS -functional/Y -functionalism -functionalist/S -functionality/S -functionary/SM -functor -fund/AMDGS -fundamental/SMY -fundamentalism/M -fundamentalist/SM -funded/U -funding/M -fundraiser/MS -fundraising -funeral/MS -funerary -funereal/Y -funfair/S -fungal -fungi -fungible/MS -fungicidal -fungicide/MS -fungoid -fungous -fungus/M -funicular/SM -funk/MDGS -funkiness/M -funky/PRT -funnel/MDGS -funner -funnest -funnily -funniness/M -funny/TPRSM -funnyman/M -funnymen -fur/SM -furbelow/M -furbish/ADSG -furious/Y -furl's -furl/UDGS -furlong/SM -furlough/GMD -furloughs -furn -furnace/SM -furnish/ADSG -furnished/U -furnishings/M -furniture/M -furor/SM -furosemide -furred -furrier/M -furriness/M -furring/M -furrow/MDSG -furry/ZTRP -further/SGD -furtherance/M -furthermore -furthermost -furthest -furtive/YP -furtiveness/M -fury/SM -furze/M -fuse's/A -fuse/CAIFGDS -fusee/SM -fuselage/SM -fusibility/M -fusible -fusilier/SM -fusillade/MS -fusion/IFKSM -fuss/MDSG -fussbudget/MS -fussily -fussiness/M -fusspot/SM -fussy/TRP -fustian/M -fustiness/M -fusty/TRP -fut -futile/Y -futility/M -futon/SM -future/MS -futurism/M -futurist/MS -futuristic -futurity/SM -futurologist/MS -futurology/M -futz/DSG -fuzz/MDSG -fuzzball/S -fuzzily -fuzziness/M -fuzzy/PTR -fwd -fwy -g/SNXVB -gab/SM -gabardine/SM -gabbed -gabbiness/M -gabbing -gabble/DSMG -gabby/RTP -gaberdine/SM -gabfest/MS -gable/DSM -gad/S -gadabout/SM -gadded -gadder/SM -gadding -gadfly/SM -gadget/SM -gadgetry/M -gadolinium/M -gaff/MDRZGS -gaffe/SM -gaffer/M -gag/SM -gaga -gagged -gagging -gaggle/SM -gaiety/M -gaily -gain's -gain/ADGS -gainer/SM -gainful/Y -gainsaid -gainsay/ZGRS -gainsayer/M -gait/MRZS -gaiter/M -gal/SM -gala/MS -galactic -galaxy/SM -gale's -gale/AS -galena/M -gall/MDGS -gallant/SMY -gallantry/M -gallbladder/MS -galleon/SM -galleria/MS -gallery/SM -galley/SM -gallimaufry/SM -gallium/M -gallivant/GSD -gallon/SM -gallop/SMDG -gallows/M -gallstone/MS -galoot/SM -galore -galosh/MS -galumph/DG -galumphs -galvanic -galvanism/M -galvanization/M -galvanize/DSG -galvanometer/MS -gambit/SM -gamble/DRSMZG -gambler/M -gambling/M -gambol/SMDG -game/MYTGDRSP -gamecock/MS -gamekeeper/MS -gameness/M -gamesmanship/M -gamester/MS -gamete/SM -gametic -gamin/SM -gamine/SM -gaminess/M -gaming/M -gamma/SM -gammon/M -gammy -gamut/SM -gamy/RTP -gander/SM -gang/MDGS -gangbusters/M -gangland/M -ganglia -gangling -ganglion/M -ganglionic -gangplank/SM -gangrene/DSMG -gangrenous -gangsta/S -gangster/SM -gangway/MS -ganja -gannet/SM -gantlet/MS -gantry/SM -gap/GSMD -gape/MS -gar/SLM -garage/DSMG -garb/MDGS -garbage/M -garbageman -garbanzo/SM -garble/DSG -garcon/SM -garden/SZGMDR -gardener/M -gardenia/MS -gardening/M -garfish/MS -gargantuan -gargle/DSMG -gargoyle/SM -garish/PY -garishness/M -garland/MDGS -garlic/M -garlicky -garment/MS -garner/SGD -garnet/SM -garnish/GLMDS -garnishee/DSM -garnisheeing -garnishment/SM -garret/SM -garrison/MDSG -garrote/MZGDRS -garroter/M -garrulity/M -garrulous/PY -garrulousness/M -garter/SM -gas's -gas/CS -gasbag/SM -gaseous -gash/MDSG -gasholder/S -gasket/SM -gaslight/MS -gasman -gasmen -gasohol/M -gasoline/M -gasometer/S -gasp/MDGS -gassed/C -gasses -gassing/C -gassy/RT -gastric -gastritis/M -gastroenteritis/M -gastrointestinal -gastronome/S -gastronomic -gastronomical/Y -gastronomy/M -gastropod/SM -gasworks/M -gate/MGDS -gateau -gateaux -gatecrash/DRSZG -gatecrasher/M -gatehouse/SM -gatekeeper/MS -gatepost/MS -gateway/MS -gather/SJZGMDR -gatherer/M -gathering/M -gator/SM -gauche/RPYT -gaucheness/M -gaucherie/M -gaucho/SM -gaudily -gaudiness/M -gaudy/RPT -gauge/DSMG -gaunt/RPT -gauntlet/MS -gauntness/M -gauze/M -gauziness/M -gauzy/RPT -gave -gavel/SM -gavotte/MS -gawd -gawk/DGS -gawkily -gawkiness/M -gawky/RPT -gawp/DGS -gay/TSPMR -gayness/M -gaze/MZGDRS -gazebo/SM -gazelle/MS -gazer/M -gazette/MGDS -gazetteer/MS -gazillion/S -gazpacho/M -gazump/DGS -gear/MDGS -gearbox/MS -gearing/M -gearshift/MS -gearwheel/SM -gecko/SM -geddit -gee/DS -geeing -geek/MS -geeky/RT -geese -geezer/MS -geisha/M -gel/SM -gelatin/M -gelatinous -gelcap/M -geld/DJGS -gelding/M -gelid -gelignite/M -gelled -gelling -gem/SM -gemological -gemologist/MS -gemology/M -gemstone/MS -gendarme/MS -gender/MDS -gene/MS -genealogical/Y -genealogist/MS -genealogy/SM -genera -general/SMY -generalissimo/MS -generalist/MS -generality/SM -generalization/MS -generalize/GDS -generalship/M -generate/CAVNGSD -generation/ACM -generational -generations -generator/SM -generic/SM -generically -generosity/SM -generous/PY -generousness/M -genes/S -genesis/M -genetic/S -genetically -geneticist/MS -genetics/M -genial/FY -geniality/FM -geniculate -genie/SM -genii -genital/FY -genitalia/M -genitals/M -genitive/MS -genitourinary -genius/MS -genned -genning -genocidal -genocide/MS -genome/MS -genomics -genre/SM -gent/AMS -genteel/YP -genteelness/M -gentian/SM -gentile/SM -gentility/M -gentle/TGDRSP -gentlefolk/MS -gentlefolks/M -gentleman/MY -gentlemanly/U -gentlemen -gentleness/M -gentlewoman/M -gentlewomen -gently -gentrification/M -gentrify/DSGN -gentry/SM -genuflect/DGS -genuflection/MS -genuine/PY -genuineness/M -genus/M -geocache/DSG -geocentric -geocentrically -geochemistry/M -geode/SM -geodesic/SM -geodesy/M -geodetic -geoengineering -geog -geographer/SM -geographic -geographical/Y -geography/SM -geologic -geological/Y -geologist/MS -geology/SM -geom -geomagnetic -geomagnetism/M -geometer -geometric -geometrical/Y -geometry/SM -geophysical -geophysicist/SM -geophysics/M -geopolitical -geopolitics/M -geostationary -geosynchronous -geosyncline/MS -geothermal -geothermic -geranium/MS -gerbil/MS -geriatric/S -geriatrician/S -geriatrics/M -germ/MS -germane -germanium/M -germicidal -germicide/MS -germinal/M -germinate/GNDS -germination/M -gerontological -gerontologist/MS -gerontology/M -gerrymander/GMDS -gerrymandering/M -gerund/MS -gestalt/S -gestapo/MS -gestate/GNDS -gestation/M -gestational -gesticulate/DSGNX -gesticulation/M -gestural -gesture/MGDS -gesundheit -get/S -getaway/SM -getting -getup/M -gewgaw/SM -geyser/SM -ghastliness/M -ghastly/TPR -ghat/MS -ghee -gherkin/MS -ghetto/SM -ghettoize/GDS -ghost/SMDYG -ghostliness/M -ghostly/RTP -ghostwrite/ZGRS -ghostwriter/M -ghostwritten -ghostwrote -ghoul/SM -ghoulish/YP -ghoulishness/M -giant/SM -giantess/MS -gibber/GDS -gibberish/M -gibbet/GMDS -gibbon/MS -gibbous -gibe/MGDS -giblet/SM -giddily -giddiness/M -giddy/RTP -gift/MDGS -gig/SM -gigabit/SM -gigabyte/MS -gigagram/S -gigahertz/M -gigajoule/S -gigameter/S -gigantic -gigantically -gigapascal/S -gigapixel/MS -gigawatt/SM -gigged -gigging -giggle/DRSMZG -giggler/M -giggly/RT -gigolo/SM -gild/MDRZGS -gilder/M -gilding/M -gill/MS -gillie/S -gillion/S -gilt/MS -gimbals/M -gimcrack/SM -gimcrackery/M -gimlet/GSMD -gimme/SM -gimmick/MS -gimmickry/M -gimmicky -gimp/MDGS -gimpy -gin/SM -ginger/GSMDY -gingerbread/M -gingersnap/SM -gingery -gingham/M -gingivitis/M -ginkgo/M -ginkgoes -ginned -ginning -ginormous -ginseng/M -giraffe/MS -gird/DRZGS -girder/M -girdle/DSMG -girl/MS -girlfriend/MS -girlhood/SM -girlish/YP -girlishness/M -girly -giro/S -girt/MDGS -girth/M -girths -gist/M -git/S -gite/S -give/ZGJRS -giveaway/MS -giveback/MS -given/SM -giver/M -gizmo/SM -gizzard/MS -glace/S -glaceed -glaceing -glacial/Y -glaciate/XGNDS -glaciation/M -glacier/MS -glad/MYSP -gladden/GDS -gladder -gladdest -glade/SM -gladiator/SM -gladiatorial -gladiola/SM -gladioli -gladiolus/M -gladness/M -gladsome -glam -glamorization/M -glamorize/DSG -glamorous/Y -glamour/GMDS -glance/DSMG -gland/SM -glandes -glandular -glans/M -glare/DSMG -glaring/Y -glasnost/M -glass/MDSG -glassblower/MS -glassblowing/M -glassful/SM -glasshouse/S -glassily -glassiness/M -glassware/M -glassy/RTP -glaucoma/M -glaze/DSMG -glazier/SM -glazing/M -gleam/SMDGJ -glean/SDRZGJ -gleaner/M -gleanings/M -glee/M -gleeful/YP -gleefulness/M -glen/MS -glenohumeral -glenoid -glib/YP -glibber -glibbest -glibness/M -glide/DRSMZG -glider/M -gliding/M -glimmer/MDGJS -glimmering/M -glimpse/MGDS -glint/SMDG -glissandi -glissando/M -glisten/MDSG -glister/DSG -glitch/GMDS -glitter/MDSG -glitterati -glittery -glitz/M -glitzy/TR -gloaming/SM -gloat/SMDG -gloating/Y -glob/MDGS -global/Y -globalism/M -globalist/MS -globalization/M -globalize/GDS -globe/SM -globetrotter/MS -globetrotting -globular -globule/MS -globulin/M -glockenspiel/SM -gloom/M -gloomily -gloominess/M -gloomy/TRP -glop/M -gloppy -glorification/M -glorify/GDSN -glorious/IY -glory/DSMG -gloss/MDSG -glossary/SM -glossily -glossiness/M -glossolalia/M -glossy/PTRSM -glottal -glottis/MS -glove/DSMG -glow/MDRZGS -glower/GMD -glowing/Y -glowworm/MS -glucagon -glucose/M -glue/MGDS -glued/U -gluey -gluier -gluiest -glum/YP -glummer -glummest -glumness/M -gluon/S -glut/MNS -gluten/M -glutenous -glutinous/Y -glutted -glutting -glutton/MS -gluttonous/Y -gluttony/M -glycerin/M -glycerol/M -glycogen/M -glycol -glyph -gm -gnarl/SMDG -gnarly/TR -gnash/MDSG -gnat/MS -gnaw/DGS -gneiss/M -gnocchi -gnome/SM -gnomic -gnomish -gnu/SM -go/JMRHZG -goad/MDGS -goal/MS -goalie/SM -goalkeeper/MS -goalkeeping/M -goalless -goalmouth -goalmouths -goalpost/MS -goalscorer/S -goaltender/MS -goat/MS -goatee/SM -goatherd/MS -goatskin/MS -gob/SM -gobbed -gobbet/SM -gobbing -gobble/DRSMZG -gobbledygook/M -gobbler/M -goblet/SM -goblin/SM -gobsmacked -gobstopper/S -god/SM -godawful -godchild/M -godchildren/M -goddammit -goddamn/D -goddaughter/MS -goddess/MS -godfather/SM -godforsaken -godhead/M -godhood/M -godless/PY -godlessness/M -godlike -godliness/UM -godly/URTP -godmother/SM -godparent/SM -godsend/SM -godson/SM -godspeed -goer/M -goes -gofer/SM -goggle/DSMG -goggles/M -going/M -goiter/SM -gold/MNS -goldbrick/ZGSMDR -goldbricker/M -golden/TR -goldenrod/M -goldfield/S -goldfinch/MS -goldfish/MS -goldmine/SM -goldsmith/M -goldsmiths -golf/MDRZGS -golfer/M -golliwog/S -golly/SM -gonad/SM -gonadal -gondola/MS -gondolier/SM -gone/ZR -goner/M -gong/MDGS -gonk/S -gonna -gonorrhea/M -gonorrheal -gonzo -goo/M -goober/SM -good/MYSP -goodbye/MS -goodhearted -goodish -goodly/TR -goodness/M -goodnight -goods/M -goodwill/M -goody/SM -gooey -goof/MDGS -goofball/SM -goofiness/M -goofy/RPT -google/DSMG -googly/S -gooier -gooiest -gook/MS -goon/MS -goop/M -goose/DSMG -gooseberry/SM -goosebumps/M -goosestep/S -goosestepped -goosestepping -gopher/SM -gore/MGDS -gorge's -gorge/EDSG -gorgeous/YP -gorgeousness/M -gorgon/SM -gorilla/MS -gorily -goriness/M -gormandize/DRSZG -gormandizer/M -gormless -gorp/MS -gorse/M -gory/RTP -gosh -goshawk/MS -gosling/SM -gospel/MS -gossamer/M -gossip/MDRZGS -gossiper/M -gossipy -got -gotcha/S -goths -gotta -gotten -gouache/S -gouge/DRSMZG -gouger/M -goulash/MS -gourd/SM -gourde/MS -gourmand/SM -gourmet/SM -gout/M -gouty/TR -gov -govern/DGSBL -governable/U -governance/M -governed/U -governess/MS -government/MS -governmental -governor/SM -governorship/M -govt -gown/MDGS -gr -grab/MS -grabbed -grabber/MS -grabbing -grabby/TR -grace/EDSMG -graceful/EPY -gracefulness/EM -graceless/PY -gracelessness/M -gracious/UY -graciousness/M -grackle/MS -grad/MRZSB -gradate/XGNDS -gradation/CM -grade's -grade/CADSG -graded/U -grader/M -gradient/MS -gradual/PY -gradualism/M -gradualness/M -graduate/XMGNDS -graduation/M -graffiti -graffito/M -graft/SMDRZG -grafter/M -graham/S -grail -grain/ISMD -graininess/M -grainy/PTR -gram/KMS -grammar/MS -grammarian/SM -grammatical/UY -gramophone/MS -grampus/MS -gran/S -granary/SM -grand/SMRYPT -grandam/MS -grandaunt/MS -grandchild/M -grandchildren/M -granddad/SM -granddaddy/SM -granddaughter/SM -grandee/MS -grandeur/M -grandfather/GMDYS -grandiloquence/M -grandiloquent -grandiose/Y -grandiosity/M -grandma/MS -grandmother/MYS -grandnephew/MS -grandness/M -grandniece/MS -grandpa/MS -grandparent/MS -grandson/MS -grandstand/SGMD -granduncle/SM -grange/SM -granite/M -granitic -granny/SM -granola/M -grant/SMDRZG -grantee/MS -granter/M -grantsmanship/M -granular -granularity/M -granulate/GNDS -granulation/M -granule/MS -grape/SM -grapefruit/MS -grapeshot/M -grapevine/SM -graph/MDG -graphic/MS -graphical/Y -graphite/M -graphologist/MS -graphology/M -graphs -grapnel/MS -grapple/MGDS -grasp/SMDBG -grass/MDSG -grasshopper/MS -grassland/MS -grassroots -grassy/TR -grate/DRSMZGJ -grateful/UYP -gratefulness/UM -grater/M -gratification/M -gratify/GNXDS -gratifying/Y -gratin/S -grating/MY -gratis -gratitude/IM -gratuitous/YP -gratuitousness/M -gratuity/SM -gravamen/MS -grave/DRSMYTGP -gravedigger/SM -gravel/SGMDY -graven -graveness/M -graveside/MS -gravestone/SM -graveyard/MS -gravid -gravimeter/MS -gravitas -gravitate/GNDS -gravitation/M -gravitational -gravity/M -gravy/SM -gray/MDRTGSP -graybeard/SM -grayish -grayness/M -graze/DRSMZG -grazer/M -grease/DRSMZG -greasepaint/M -greasily -greasiness/M -greasy/PTR -great/SMRYPT -greatcoat/SM -greathearted -greatness/M -grebe/SM -greed/M -greedily -greediness/M -greedy/PTR -green/GPSMDRYT -greenback/MS -greenbelt/MS -greenery/M -greenfield -greenfly/S -greengage/MS -greengrocer/SM -greenhorn/SM -greenhouse/SM -greenish -greenmail/M -greenness/M -greenroom/SM -greenstone -greensward/M -greenwood/M -greet/ZGJSDR -greeter/M -greeting/M -gregarious/PY -gregariousness/M -gremlin/SM -grenade/SM -grenadier/MS -grenadine/M -grep/S -grepped -grepping -grew/A -greyhound/SM -gribble/S -grid/MS -griddle/SM -griddlecake/SM -gridiron/SM -gridlock/SMD -grief/SM -grievance/MS -grieve/ZGDRS -griever/M -grievous/PY -grievousness/M -griffin/SM -griffon/SM -grill/SGMDJ -grille/MS -grim/DYPG -grimace/DSMG -grime/SM -griminess/M -grimmer -grimmest -grimness/M -grimy/TRP -grin/MS -grind/SZGMRJ -grinder/M -grindstone/MS -gringo/MS -grinned -grinning -grip/MDRSZG -gripe/SM -griper/M -grippe/MZGDR -gripper/M -grisliness/M -grisly/RTP -grist/MY -gristle/M -gristmill/MS -grit/MS -grits/M -gritted -gritter/SM -grittiness/M -gritting -gritty/RTP -grizzle/DSG -grizzly/TRSM -groan/SGMD -groat/SM -grocer/MS -grocery/SM -grog/M -groggily -grogginess/M -groggy/PRT -groin/SM -grok/S -grokked -grokking -grommet/SM -groom/SZGMDR -groomer/M -grooming/M -groomsman/M -groomsmen -groove/MGDS -groovy/RT -grope/DRSMZG -groper/M -grosbeak/MS -grosgrain/M -gross/PTGMDRSY -grossness/M -grotesque/SPMY -grotesqueness/M -grotto/M -grottoes -grotty/TR -grouch/GMDS -grouchily -grouchiness/M -grouchy/RTP -ground/ZGMDRJS -groundbreaking/MS -groundcloth -groundcloths -grounder/M -groundhog/MS -grounding/M -groundless/Y -groundnut/MS -groundsheet/S -groundskeeper/S -groundsman -groundsmen -groundswell/SM -groundwater/M -groundwork/M -group/JSZGMDR -grouper/M -groupie/MS -grouping/M -groupware/M -grouse/MZGDRS -grouser/M -grout/SGMD -grove/SM -grovel/ZGDRS -groveler/M -grovelled -grovelling -grow/AHSG -grower/MS -growing/I -growl/SZGMDR -growler/M -grown/AI -grownup/MS -growth/AM -growths -grub/MS -grubbed -grubber/MS -grubbily -grubbiness/M -grubbing -grubby/TRP -grubstake/M -grudge/MGDS -grudging/Y -grue/S -gruel/GJM -grueling/Y -gruesome/RYTP -gruesomeness/M -gruff/TPRY -gruffness/M -grumble/DRSMZGJ -grumbler/M -grump/SM -grumpily -grumpiness/M -grumpy/PRT -grunge/MS -grungy/RT -grunion/SM -grunt/SGMD -gt -guacamole/M -guanine/M -guano/M -guarani/MS -guarantee/MDS -guaranteeing -guarantor/MS -guaranty/GDSM -guard/SZGMDR -guarded/Y -guarder/M -guardhouse/SM -guardian/SM -guardianship/M -guardrail/SM -guardroom/SM -guardsman/M -guardsmen -guava/SM -gubernatorial -guerrilla/SM -guess/ZGBMDRS -guesser/M -guesstimate/DSMG -guesswork/M -guest/SGMD -guestbook/SM -guesthouse/S -guestroom/S -guff/M -guffaw/MDGS -guidance/M -guide/DRSMZG -guidebook/SM -guided/U -guideline/SM -guidepost/SM -guider/M -guild/SZMR -guilder/M -guildhall/MS -guile/M -guileful -guileless/YP -guilelessness/M -guillemot/S -guillotine/DSMG -guilt/M -guiltily -guiltiness/M -guiltless -guilty/PRT -guinea/MS -guise/ESM -guitar/MS -guitarist/SM -gulag/SM -gulch/MS -gulden/MS -gulf/MS -gull/MDSG -gullet/MS -gullibility/M -gullible -gully/SM -gulp/MDRSZG -gulper/M -gum/SM -gumball/S -gumbo/SM -gumboil/SM -gumboot/S -gumdrop/SM -gummed -gumming -gummy/TR -gumption/M -gumshoe/MDS -gumshoeing -gun/SM -gunboat/SM -gunfight/MRZS -gunfighter/M -gunfire/M -gunge -gungy -gunk/M -gunky -gunman/M -gunmen -gunmetal/M -gunned -gunnel/MS -gunner/MS -gunnery/M -gunning -gunny/M -gunnysack/MS -gunpoint/M -gunpowder/M -gunrunner/MS -gunrunning/M -gunship/MS -gunshot/MS -gunslinger/SM -gunsmith/M -gunsmiths -gunwale/MS -guppy/SM -gurgle/MGDS -gurney/MS -guru/MS -gush/MDRSZG -gusher/M -gushing/Y -gushy/TR -gusset/MSDG -gussy/DSG -gust/EMDSG -gustatory -gustily -gusto/M -gusty/RT -gut/SM -gutless/P -gutlessness/M -gutsy/RT -gutted -gutter/SMDG -guttersnipe/MS -gutting -guttural/MS -gutty/RT -guv/S -guvnor/S -guy/SGMD -guzzle/DRSZG -guzzler/M -gym/SM -gymkhana/MS -gymnasium/MS -gymnast/MS -gymnastic/S -gymnastically -gymnastics/M -gymnosperm/SM -gymslip/S -gynecologic -gynecological -gynecologist/SM -gynecology/M -gyp/SM -gypped -gypper/SM -gypping -gypster/SM -gypsum/M -gypsy/SM -gyrate/DSGNX -gyration/M -gyrator/SM -gyrfalcon/MS -gyro/MS -gyroscope/MS -gyroscopic -gyve/MGDS -h'm -h/NRSXZGVJ -ha/SH -haberdasher/SM -haberdashery/SM -habiliment/SM -habit's -habit/ISB -habitability/M -habitat/SM -habitation/MS -habitual/YP -habitualness/M -habituate/GNDS -habituation/M -habitue/SM -hacienda/SM -hack/MDRZGS -hacker/M -hacking/M -hackish -hackle/MS -hackney/SMDG -hacksaw/SM -hacktivist/MS -hackwork/M -had -haddock/SM -hadith -hadn't -hadst -hafnium/M -haft/MS -hag/SM -haggard/YP -haggardness/M -haggis/MS -haggish -haggle/MZGDRS -haggler/M -hagiographer/SM -hagiography/SM -hahnium/M -haiku/M -hail/MDGS -hailstone/MS -hailstorm/MS -hair/MDS -hairball/MS -hairband/S -hairbreadth/M -hairbreadths -hairbrush/MS -haircloth/M -haircut/SM -hairdo/MS -hairdresser/SM -hairdressing/M -hairdryer/MS -hairgrip/S -hairiness/M -hairless -hairlike -hairline/SM -hairnet/SM -hairpiece/MS -hairpin/SM -hairsbreadth/M -hairsbreadths -hairsplitter/SM -hairsplitting/M -hairspray/S -hairspring/MS -hairstyle/MS -hairstylist/SM -hairy/TRP -haj -hajj/M -hajjes -hajji/SM -hake/MS -halal/M -halberd/SM -halcyon -hale/ITGDRS -half/M -halfback/SM -halfhearted/PY -halfheartedness/M -halfpence -halfpenny/SM -halftime/MS -halftone/MS -halfway -halfwit/SM -halibut/SM -halite/M -halitosis/M -hall/MS -hallelujah/M -hallelujahs -hallmark/GMDS -halloo/MSG -hallow/DSG -hallowed/U -hallucinate/GNXDS -hallucination/M -hallucinatory -hallucinogen/SM -hallucinogenic/SM -hallway/SM -halo/MDGS -halogen/SM -halon -halt/MDRZGS -halter/GMD -halterneck/S -halting/Y -halve/DSG -halyard/MS -ham/SM -hamburg/SZMR -hamburger/M -hamlet/MS -hammed -hammer/MDRSJZG -hammerer/M -hammerhead/SM -hammerlock/SM -hammertoe/MS -hamming -hammock/SM -hammy/TR -hamper/GMDS -hampered/U -hamster/MS -hamstring/GSM -hamstrung -hand's -hand/UDGS -handbag/SM -handball/MS -handbarrow/SM -handbill/MS -handbook/MS -handbrake/S -handcar/SM -handcart/MS -handclasp/MS -handcraft/SMDG -handcuff/MDGS -handed/P -handful/SM -handgun/SM -handheld/MS -handhold/MS -handicap/MS -handicapped -handicapper/MS -handicapping -handicraft/MS -handily -handiness/M -handiwork/M -handkerchief/MS -handle/MZGDRS -handlebar/MS -handler/M -handmade -handmaid/XMNS -handmaiden/M -handout/SM -handover/S -handpick/GDS -handrail/MS -handsaw/SM -handset/SM -handshake/JMGS -handsome/PYTR -handsomeness/M -handspring/MS -handstand/SM -handwork/M -handwoven -handwriting/M -handwritten -handy/UTR -handyman/M -handymen -hang/MDRJZGS -hangar/MS -hangdog -hanger/M -hanging/M -hangman/M -hangmen -hangnail/MS -hangout/SM -hangover/MS -hangup/MS -hank/MRZS -hanker/GJD -hankering/M -hankie/MS -hansom/MS -hap/MY -haphazard/YP -haphazardness/M -hapless/YP -haplessness/M -haploid/MS -happen/SDGJ -happening/M -happenstance/SM -happily/U -happiness/UM -happy/URTP -haptic -harangue/MGDS -harass/LZGDRS -harasser/M -harassment/M -harbinger/SM -harbor/GMDS -harbormaster/S -hard/NRYXTP -hardback/MS -hardball/M -hardboard/M -hardbound -hardcore -hardcover/SM -harden/ZGDR -hardened/U -hardener/M -hardhat/MS -hardheaded/PY -hardheadedness/M -hardhearted/PY -hardheartedness/M -hardihood/M -hardily -hardiness/M -hardliner/MS -hardness/M -hardscrabble -hardship/SM -hardstand/SM -hardtack/M -hardtop/SM -hardware/M -hardwired -hardwood/SM -hardworking -hardy/PTR -hare/MGDS -harebell/MS -harebrained -harelip/SM -harelipped -harem/SM -haricot/S -hark/DGS -harlequin/SM -harlot/SM -harlotry/M -harm/MDGS -harmed/U -harmful/YP -harmfulness/M -harmless/PY -harmlessness/M -harmonic/SM -harmonica/MS -harmonically -harmonies -harmonious/PY -harmoniousness/M -harmonium/MS -harmonization/M -harmonize/ZGDRS -harmonizer/M -harmony/EM -harness's -harness/UDSG -harp/MDGS -harpist/SM -harpoon/ZGSMDR -harpooner/M -harpsichord/MS -harpsichordist/SM -harpy/SM -harridan/MS -harrier/M -harrow/SMDG -harrumph/GD -harrumphs -harry/DRSZG -harsh/RYTP -harshness/M -hart/MS -harvest/SMDRZG -harvested/U -harvester/M -hash/AMDSG -hashish/M -hashtag/SM -hasn't -hasp/MS -hassle/DSMG -hassock/SM -hast/DNXG -haste/SM -hasten/DG -hastily -hastiness/M -hasty/RTP -hat/ZGSMDR -hatband/S -hatbox/MS -hatch/MDSG -hatchback/MS -hatcheck/SM -hatched/U -hatchery/SM -hatchet/SM -hatching/M -hatchway/SM -hate/MS -hateful/PY -hatefulness/M -hatemonger/MS -hater/M -hatpin/S -hatred/SM -hatstand/S -hatted -hatter/SM -hatting -hauberk/SM -haughtily -haughtiness/M -haughty/PRT -haul/MDRZGS -haulage/M -hauler/M -haulier/S -haunch/MS -haunt/SMDRZG -haunter/M -haunting/Y -hauteur/M -have/MGS -haven't -haven/SM -haversack/SM -havoc/M -haw/GSMD -hawk/MDRZGS -hawker/M -hawkish/P -hawkishness/M -hawser/SM -hawthorn/MS -hay/GSMD -haycock/SM -hayloft/SM -haymaker/S -haymaking -haymow/SM -hayrick/MS -hayride/MS -hayseed/MS -haystack/SM -haywire -hazard/SMDG -hazardous/Y -haze/MZGJDRS -hazel/SM -hazelnut/MS -hazer/M -hazily -haziness/M -hazing/M -hazmat -hazy/RTP -hdqrs -he'd -he'll -he/M -head/MDRZGJS -headache/MS -headband/MS -headbanger/S -headbanging -headboard/SM -headbutt/DSG -headcase/S -headcheese -headcount/S -headdress/MS -header/M -headfirst -headgear/M -headhunt/DRSZG -headhunter/M -headhunting/M -headily -headiness/M -heading/M -headlamp/MS -headland/MS -headless -headlight/MS -headline/MZGDRS -headliner/M -headlock/MS -headlong -headman/M -headmaster/SM -headmen -headmistress/MS -headphone/MS -headpiece/MS -headpin/SM -headquarter/SDG -headquarters/M -headrest/MS -headroom/M -headscarf -headscarves -headset/SM -headship/SM -headshrinker/SM -headsman/M -headsmen -headstall/SM -headstand/SM -headstone/SM -headstrong -headteacher/S -headwaiter/SM -headwaters/M -headway/M -headwind/SM -headword/SM -heady/RTP -heal/DRHZGS -healed/U -healer/M -health/M -healthcare -healthful/PY -healthfulness/M -healthily/U -healthiness/UM -healthy/UTRP -heap/MDGS -hear/AHGJS -heard/AU -hearer/SM -hearing/AM -hearken/SGD -hearsay/M -hearse's -hearse/AS -heart/SM -heartache/MS -heartbeat/MS -heartbreak/SMG -heartbroken -heartburn/M -hearten/ESGD -heartfelt -hearth/M -hearthrug/S -hearths -hearthstone/SM -heartily -heartiness/M -heartland/MS -heartless/PY -heartlessness/M -heartrending/Y -heartsick/P -heartsickness/M -heartstrings/M -heartthrob/MS -heartwarming -heartwood/M -hearty/RSMPT -heat's -heat/ADGS -heated/U -heatedly -heater/SM -heath/MNRX -heathen/M -heathendom/M -heathenish -heathenism/M -heather/M -heaths -heating/M -heatproof -heatstroke/M -heatwave/S -heave/DRSMZG -heaven/SMY -heavenly/TR -heavens/M -heavenward/S -heaver/M -heavily -heaviness/M -heavy/RSMTP -heavyhearted -heavyset -heavyweight/MS -heck/M -heckle/DRSMZG -heckler/M -heckling/M -hectare/SM -hectic -hectically -hectogram/SM -hectometer/MS -hector/SMDG -hedge/DRSMZG -hedgehog/MS -hedgehop/S -hedgehopped -hedgehopping -hedger/M -hedgerow/SM -hedonism/M -hedonist/MS -hedonistic -heed/MDGS -heeded/U -heedful/Y -heedless/PY -heedlessness/M -heehaw/SMDG -heel/MDGS -heelless -heft/MDGS -heftily -heftiness/M -hefty/PRT -hegemonic -hegemony/M -hegira/SM -heifer/SM -height/XSMN -heighten/DG -heinous/YP -heinousness/M -heir/MS -heiress/MS -heirloom/SM -heist/SMDG -held -helical -helices -helicopter/SGMD -heliocentric -heliotrope/SM -helipad/S -heliport/MS -helium/M -helix/M -hell/M -hellbent -hellcat/MS -hellebore/M -hellfire -hellhole/MS -hellion/MS -hellish/YP -hellishness/M -hello/SM -helluva -helm/MS -helmet/SMD -helmsman/M -helmsmen -helot/SM -help/MDRZGSJ -helper/M -helpful/UY -helpfulness/M -helping/M -helpless/PY -helplessness/M -helpline/SM -helpmate/SM -helve/SM -hem/SM -hematite/M -hematologic -hematological -hematologist/MS -hematology/M -heme/M -hemiplegia -hemisphere/SM -hemispheric -hemispherical -hemline/SM -hemlock/SM -hemmed -hemmer/SM -hemming -hemoglobin/M -hemophilia/M -hemophiliac/MS -hemorrhage/MGDS -hemorrhagic -hemorrhoid/MS -hemostat/MS -hemp/MN -hemstitch/MDSG -hen/M -hence -henceforth -henceforward -henchman/M -henchmen -henna/SMDG -henpeck/GSD -hep -heparin/M -hepatic -hepatitis/M -hepatocyte/S -hepper -heppest -heptagon/MS -heptagonal -heptathlon/SM -herald/SMDG -heralded/U -heraldic -heraldry/M -herb/MS -herbaceous -herbage/M -herbal/S -herbalist/MS -herbicidal -herbicide/MS -herbivore/SM -herbivorous -herculean -herd/MDRZGS -herder/M -herdsman/M -herdsmen -here/M -hereabout/S -hereafter/SM -hereby -hereditary -heredity/M -herein -hereinafter -hereof -hereon -heresy/SM -heretic/SM -heretical -hereto -heretofore -hereunder -hereunto -hereupon -herewith -heritable/I -heritage/MS -hermaphrodite/SM -hermaphroditic -hermetic -hermetical/Y -hermit/SM -hermitage/MS -hermitian -hernia/SM -hernial -herniate/GNDS -herniation/M -hero/M -heroes -heroic/S -heroically -heroics/M -heroin/SM -heroine/SM -heroism/M -heron/SM -herpes/M -herpetologist/SM -herpetology/M -herring/MS -herringbone/M -herself -hertz/M -hesitance/M -hesitancy/M -hesitant/Y -hesitate/DSGNX -hesitating/UY -hesitation/M -hessian -hetero/SM -heterodox -heterodoxy/M -heterogeneity/M -heterogeneous/Y -heterosexual/MYS -heterosexuality/M -heuristic/MS -heuristically -heuristics/M -hew/ZGSDR -hewer/M -hex/GMDS -hexadecimal/S -hexagon/MS -hexagonal -hexagram/SM -hexameter/SM -hey -heyday/SM -hf -hgt -hgwy -hi/SD -hiatus/MS -hibachi/MS -hibernate/GNDS -hibernation/M -hibernator/MS -hibiscus/MS -hiccough/DG -hiccoughs -hiccup/GSMD -hick/MS -hickey/SM -hickory/SM -hid -hidden -hide/MZGJDRS -hideaway/SM -hidebound -hideous/YP -hideousness/M -hideout/MS -hider/M -hiding/M -hie/S -hieing -hierarchic -hierarchical/Y -hierarchy/SM -hieroglyph/M -hieroglyphic/MS -hieroglyphs -high/MRYZTP -highball/SM -highborn -highboy/MS -highbrow/SM -highchair/MS -highfalutin -highhanded/PY -highhandedness/M -highland/MRZS -highlander/M -highlight/SMDRZG -highlighter/M -highness/M -highroad/MS -highs -hightail/DSG -highway/MS -highwayman/M -highwaymen -hijab/SM -hijack/SJZGMDR -hijacker/M -hijacking/M -hike/MZGDRS -hiker/M -hiking/M -hilarious/PY -hilariousness/M -hilarity/M -hill/MS -hillbilly/SM -hilliness/M -hillock/MS -hillside/SM -hilltop/MS -hilly/PRT -hilt/MS -him/S -himself -hind/MRZS -hinder/GD -hindered/U -hindmost -hindquarter/MS -hindrance/SM -hindsight/M -hinge's -hinge/UDSG -hint/MDRZGS -hinter/M -hinterland/SM -hip/SPM -hipbath -hipbaths -hipbone/MS -hiphuggers -hipness/M -hipped -hipper -hippest -hippie/SM -hipping -hippo/SM -hippocampus -hippodrome/SM -hippopotamus/MS -hippy -hipster/MS -hiragana -hire's -hire/AGDS -hireling/MS -hirsute/P -hirsuteness/M -hiss/MDSG -hist -histamine/MS -histogram/MS -histologist/SM -histology/M -histopathology -historian/MS -historic -historical/Y -historicity/M -historiographer/MS -historiography/M -history/SM -histrionic/S -histrionically -histrionics/M -hit/SM -hitch's -hitch/UDSG -hitcher/MS -hitchhike/DRSMZG -hitchhiker/M -hither -hitherto -hitter/SM -hitting -hive/MGDS -hivemind/SM -hiya -hmm -ho/SMDRYZ -hoagie/MS -hoard/SZGMDRJ -hoarder/M -hoarding/M -hoarfrost/M -hoariness/M -hoarse/YTRP -hoarseness/M -hoary/TRP -hoax/MDRSZG -hoaxer/M -hob/SM -hobbit/S -hobble/MZGDRS -hobbler/M -hobby/SM -hobbyhorse/MS -hobbyist/SM -hobgoblin/MS -hobnail/SGMD -hobnob/S -hobnobbed -hobnobbing -hobo/MS -hoc -hock/MDSG -hockey/M -hockshop/MS -hod/SM -hodgepodge/SM -hoe/SM -hoecake/SM -hoedown/SM -hoeing -hoer/M -hog/SM -hogan/SM -hogback/SM -hogged -hogging -hoggish/Y -hogshead/SM -hogtie/DS -hogtying -hogwash/M -hoick/SGD -hoist/SGMD -hoke/GDS -hokey -hokier -hokiest -hokum/M -hold/MRJSZG -holdall/S -holder/M -holding/M -holdout/SM -holdover/SM -holdup/MS -hole/MGDS -holey -holiday/SMDG -holidaymaker/S -holiness/UM -holism -holistic -holistically -holler/MDGS -hollow/MDRYPSTG -hollowness/M -holly/SM -hollyhock/MS -holmium/M -holocaust/SM -hologram/MS -holograph/M -holographic -holographs -holography/M -hols -holster/SMDG -holy/URPT -homage/MS -hombre/MS -homburg/SM -home/MYZGDRS -homebody/SM -homeboy/SM -homecoming/SM -homegrown -homeland/MS -homeless/MP -homelessness/M -homelike -homeliness/M -homely/PRT -homemade -homemaker/SM -homemaking/M -homeopath/M -homeopathic -homeopaths -homeopathy/M -homeostasis/M -homeostatic -homeowner/MS -homepage/MS -homer/GMD -homeroom/MS -homeschooling/M -homesick/P -homesickness/M -homespun/M -homestead/SMDRZG -homesteader/M -homestretch/MS -hometown/MS -homeward/S -homework/MRZG -homewrecker/SM -homey/SMP -homeyness/M -homicidal -homicide/MS -homier -homiest -homiletic -homily/SM -hominid/SM -hominoid/S -hominy/M -homo/MS -homoerotic -homogeneity/M -homogeneous/Y -homogenization/M -homogenize/DSG -homograph/M -homographs -homologous -homology -homonym/SM -homophobia/M -homophobic -homophone/MS -homosexual/SM -homosexuality/M -hon/SZTGMDR -honcho/MS -hone/MS -honer/M -honest/EYT -honester -honesty/EM -honey/SGMD -honeybee/SM -honeycomb/MDSG -honeydew/SM -honeylocust/M -honeymoon/ZGMDRS -honeymooner/M -honeypot/S -honeysuckle/SM -honk/MDRSZG -honker/M -honky/SM -honor/ESGMDB -honorableness/M -honorably/E -honorarily -honorarium/MS -honorary -honoree/SM -honorer/SM -honorific/MS -hooch/M -hood/MDSG -hoodie/MS -hoodlum/SM -hoodoo/MDSG -hoodwink/DGS -hooey/M -hoof/MDRSZG -hook's -hook/UDSG -hookah/M -hookahs -hooker/MS -hookup/MS -hookworm/MS -hooky/M -hooligan/MS -hooliganism/M -hoop/MDSG -hoopla/M -hooray -hoosegow/SM -hoot/MDRSZG -hootenanny/SM -hooter/M -hoover/DSG -hooves -hop/SGMD -hope/MS -hopeful/PSMY -hopefulness/M -hopeless/YP -hopelessness/M -hopped -hopper/MS -hopping -hopscotch/MDSG -hora/MS -horde/DSMG -horehound/SM -horizon/SM -horizontal/SMY -hormonal -hormone/SM -horn/MDS -hornbeam -hornblende/M -hornet/MS -hornless -hornlike -hornpipe/MS -horny/TR -horologic -horological -horologist/MS -horology/M -horoscope/SM -horrendous/Y -horrible/P -horribleness/M -horribly -horrid/Y -horrific -horrifically -horrify/DSG -horrifying/Y -horror/MS -horse's -horse/UDSG -horseback/M -horsebox/S -horseflesh/M -horsefly/SM -horsehair/M -horsehide/M -horselaugh/M -horselaughs -horseless -horseman/M -horsemanship/M -horsemen -horseplay/M -horsepower/M -horseradish/MS -horseshit/! -horseshoe/DSM -horseshoeing -horsetail/SM -horsetrading -horsewhip/SM -horsewhipped -horsewhipping -horsewoman/M -horsewomen -horsey -horsier -horsiest -hortatory -horticultural -horticulturalist/S -horticulture/M -horticulturist/MS -hosanna/SM -hose/MGDS -hosepipe/S -hosier/MS -hosiery/M -hosp -hospholipase -hospice/MS -hospitable/I -hospitably/I -hospital/SM -hospitality/M -hospitalization/SM -hospitalize/DSG -host/MDSG -hostage/MS -hostel/ZGMDRS -hosteler/M -hostelry/SM -hostess/MDSG -hostile/MYS -hostilities/M -hostility/SM -hostler/MS -hot/SYP -hotbed/MS -hotblooded -hotbox/MS -hotcake/SM -hotel/SM -hotelier/MS -hotfoot/MDGS -hothead/DSM -hotheaded/YP -hotheadedness/M -hothouse/SM -hotkey/S -hotlink/S -hotness/M -hotplate/SM -hotpot/S -hots/M -hotshot/MS -hotted -hotter -hottest -hottie/S -hotting -hound/SGMD -hour/MYS -hourglass/MS -houri/SM -house's -house/ADSG -houseboat/SM -housebound -houseboy/SM -housebreak/RSZG -housebreaker/M -housebreaking/M -housebroke -housebroken -houseclean/DSG -housecleaning/M -housecoat/SM -housefly/SM -houseful/SM -household/SMRZ -householder/M -househusband/SM -housekeeper/MS -housekeeping/M -houselights/M -housemaid/SM -houseman/M -housemaster/S -housemate/S -housemen -housemistress/S -housemother/SM -houseparent/SM -houseplant/MS -houseproud -houseroom -housetop/SM -housewares/M -housewarming/SM -housewife/MY -housewives -housework/M -housing/MS -hove -hovel/SM -hover/SGD -hoverboard/MS -hovercraft/MS -how'd -how're -how/SM -howbeit -howdah/M -howdahs -howdy -however -howitzer/SM -howl/MDRSZG -howler/M -howsoever -hoyden/MS -hoydenish -hp -hr/S -ht -huarache/SM -hub/SM -hubbub/SM -hubby/SM -hubcap/SM -hubris/M -huckleberry/SM -huckster/SGMD -hucksterism/M -huddle/DSMG -hue/DSM -huff/MDSG -huffily -huffiness/M -huffy/PRT -hug/STMR -huge/YP -hugeness/M -hugged -hugging -huh -hula/MS -hulk/MSG -hull/MDRSZG -hullabaloo/SM -huller/M -hum/SM -human/SMRYTP -humane/PY -humaneness/M -humanism/M -humanist/SM -humanistic -humanitarian/MS -humanitarianism/M -humanities/M -humanity/ISM -humanization/CM -humanize/CDSG -humanizer/SM -humankind/M -humanness/M -humanoid/SM -humble/DRSZTGJP -humbleness/M -humbler/M -humbly -humbug/SM -humbugged -humbugging -humdinger/MS -humdrum/M -humeral -humeri -humerus/M -humid/Y -humidification/M -humidifier/CM -humidify/CZGDRS -humidity/M -humidor/SM -humiliate/DSGNX -humiliating/Y -humiliation/M -humility/M -hummed -hummer/SM -humming -hummingbird/SM -hummock/SM -hummocky -hummus/M -humongous -humor/SMDG -humoresque -humorist/MS -humorless/YP -humorlessness/M -humorous/PY -humorousness/M -hump/MDSG -humpback/MDS -humph/DG -humphs -humus/M -hunch/MDSG -hunchback/SMD -hundred/SMH -hundredfold -hundredth/M -hundredths -hundredweight/SM -hung -hunger/SMDG -hungover -hungrily -hungriness/M -hungry/PRT -hunk/MRSZ -hunker/DG -hunky/RT -hunt/MDRSZG -hunter/M -hunting/M -huntress/MS -huntsman/M -huntsmen -hurdle/DRSMZG -hurdler/M -hurdling/M -hurl/MDRSZG -hurler/M -hurling/M -hurrah/GMD -hurrahs -hurricane/MS -hurried/UY -hurry/DSMG -hurt/MSG -hurtful/YP -hurtfulness/M -hurtle/DSG -husband/GMDS -husbandman/M -husbandmen -husbandry/M -hush/MDSG -husk/MDRSZG -husker/M -huskily -huskiness/M -husky/PRSMT -hussar/SM -hussy/SM -hustings/M -hustle/DRSMZG -hustler/M -hut/SM -hutch/MS -huzzah/MDG -huzzahs -hwy -hyacinth/M -hyacinths -hybrid/SM -hybridism/M -hybridization/M -hybridize/DSG -hydra/SM -hydrangea/SM -hydrant/MS -hydrate's -hydrate/CGNDS -hydration/CM -hydraulic/S -hydraulically -hydraulics/M -hydro/M -hydrocarbon/MS -hydrocephalus/M -hydrochloride -hydrocortisone -hydrodynamic/S -hydrodynamics/M -hydroelectric -hydroelectrically -hydroelectricity/M -hydrofoil/MS -hydrogen/M -hydrogenate/CGDS -hydrogenation/M -hydrogenous -hydrologist/MS -hydrology/M -hydrolyses -hydrolysis/M -hydrolyze/DSG -hydrometer/SM -hydrometry/M -hydrophilic -hydrophobia/M -hydrophobic -hydrophone/SM -hydroplane/GDSM -hydroponic/S -hydroponically -hydroponics/M -hydrosphere/M -hydrotherapy/M -hydrothermal -hydrous -hydroxide/SM -hyena/SM -hygiene/M -hygienic/U -hygienically -hygienist/MS -hygrometer/SM -hying -hymen/SM -hymeneal -hymn/MDSG -hymnal/MS -hymnbook/SM -hype/MGDRS -hyperactive -hyperactivity/M -hyperbola/SM -hyperbole/M -hyperbolic -hypercritical/Y -hypercube -hyperglycemia/M -hyperinflation -hyperlink/GSMD -hypermarket/S -hypermedia/M -hyperparathyroidism -hyperplane -hypersensitive/P -hypersensitiveness/M -hypersensitivity/SM -hyperspace/S -hypertension/M -hypertensive/SM -hypertext/M -hyperthyroid/M -hyperthyroidism/M -hypertrophy/DSMG -hyperventilate/GNDS -hyperventilation/M -hypervisor/MS -hyphen/MDSG -hyphenate/XDSMGN -hyphenation/M -hypnoses -hypnosis/M -hypnotherapist/S -hypnotherapy/M -hypnotic/SM -hypnotically -hypnotism/M -hypnotist/MS -hypnotize/GDS -hypo/MS -hypoallergenic -hypochondria/M -hypochondriac/SM -hypocrisy/SM -hypocrite/MS -hypocritical/Y -hypodermic/MS -hypoglycemia/M -hypoglycemic/SM -hypotenuse/MS -hypothalami -hypothalamus/M -hypothermia/M -hypotheses -hypothesis/M -hypothesize/DSG -hypothetical/Y -hypothyroid/M -hypothyroidism/M -hyssop/M -hysterectomy/SM -hysteresis -hysteria/M -hysteric/SM -hysterical/Y -hysterics/M -i/US -iOS/M -iPad/M -iPhone/M -iPod/M -iTunes/M -iamb/MS -iambi -iambic/SM -iambus/MS -ibex/MS -ibid -ibidem -ibis/MS -ibuprofen/M -ice's -ice/CDSG -iceberg/SM -iceboat/SM -icebound -icebox/MS -icebreaker/SM -icecap/SM -iceman/M -icemen -ichthyologist/MS -ichthyology/M -icicle/SM -icily -iciness/M -icing/SM -icky/RT -icon/MS -iconic -iconoclasm/M -iconoclast/SM -iconoclastic -iconography/M -ictus/M -icy/TPR -id/SMY -idea/MS -ideal/SMY -idealism/M -idealist/SM -idealistic -idealistically -idealization/MS -idealize/DSG -idem -idempotent -identical/Y -identifiable/U -identification/M -identified/U -identify/ZGNDRSX -identikit/S -identity/SM -ideogram/SM -ideograph/M -ideographs -ideological/Y -ideologist/SM -ideologue/MS -ideology/SM -ides/M -idiocy/SM -idiom/SM -idiomatic/U -idiomatically -idiopathic -idiosyncrasy/SM -idiosyncratic -idiosyncratically -idiot/SM -idiotic -idiotically -idle/MZTGDRSP -idleness/M -idler/M -idol/MS -idolater/SM -idolatress/MS -idolatrous -idolatry/M -idolization/M -idolize/GDS -idyll/SM -idyllic -idyllically -if/SM -iffiness/M -iffy/RTP -igloo/SM -igneous -ignitable -ignite/AGDS -ignition/MS -ignoble -ignobly -ignominious/Y -ignominy/SM -ignoramus/MS -ignorance/M -ignorant/Y -ignore/GDS -iguana/MS -ii -iii -ilea -ileitis/M -ileum/M -ilia -ilium/M -ilk/SM -ill/SMP -illegal/MYS -illegality/SM -illegibility/M -illegible -illegibly -illegitimacy/M -illegitimate/Y -illiberal/Y -illiberality/M -illicit/YP -illicitness/M -illimitable -illiteracy/M -illiterate/MYS -illness/MS -illogical/Y -illogicality/M -illuminate/GNXDS -illuminating/Y -illumination/M -illumine/DSBG -illus/V -illusion/EMS -illusionist/SM -illusory -illustrate/GNVXDS -illustration/M -illustrative/Y -illustrator/SM -illustrious/PY -illustriousness/M -image/DSMG -imagery/M -imaginable/U -imaginably/U -imaginal -imaginary -imagination/MS -imaginative/UY -imagine/DSBJG -imago/M -imagoes -imam/MS -imbalance/DSM -imbecile/MS -imbecilic -imbecility/SM -imbibe/ZGDRS -imbiber/M -imbrication/M -imbroglio/SM -imbue/DSG -imitable/I -imitate/DSGNVX -imitation/M -imitative/PY -imitativeness/M -imitator/SM -immaculate/PY -immaculateness/M -immanence/M -immanency/M -immanent/Y -immaterial/YP -immateriality/M -immaterialness/M -immature/Y -immaturity/M -immeasurable -immeasurably -immediacies/M -immediacy/SM -immediate/PY -immediateness/M -immemorial/Y -immense/Y -immensity/SM -immerse/XDSGNV -immersible -immersion/M -immigrant/SM -immigrate/DSGN -immigration/M -imminence/M -imminent/Y -immobile -immobility/M -immobilization/M -immobilize/ZGDRS -immoderate/Y -immodest/Y -immodesty/M -immolate/DSGN -immolation/M -immoral/Y -immorality/SM -immortal/MYS -immortality/M -immortalize/DSG -immovability/M -immovable -immovably -immune -immunity/M -immunization/SM -immunize/GDS -immunodeficiency/M -immunodeficient -immunoglobulin/S -immunologic -immunological -immunologist/MS -immunology/M -immure/DSG -immutability/M -immutable -immutably -imp/SMR -impact/SMDG -impair/SDGL -impaired/U -impairment/MS -impala/SM -impale/DSGL -impalement/M -impalpable -impalpably -impanel/SDG -impart/SDG -impartial/Y -impartiality/M -impassably -impasse/BSMV -impassibility/M -impassible -impassibly -impassioned -impassive/YP -impassiveness/M -impassivity/M -impasto/M -impatience/MS -impatiens/M -impatient/Y -impeach/ZGBLDRS -impeachable/U -impeacher/M -impeachment/SM -impeccability/M -impeccable -impeccably -impecunious/PY -impecuniousness/M -impedance/M -impede/DSG -impeded/U -impediment/SM -impedimenta/M -impel/S -impelled -impeller/MS -impelling -impend/SDG -impenetrability/M -impenetrable -impenetrably -impenitence/M -impenitent/Y -imperative/SMY -imperceptibility/M -imperceptible -imperceptibly -imperceptive -imperf -imperfect/SMYP -imperfection/MS -imperfectness/M -imperial/MYS -imperialism/M -imperialist/SM -imperialistic -imperialistically -imperil/GSLD -imperilment/M -imperious/PY -imperiousness/M -imperishable -imperishably -impermanence/M -impermanent/Y -impermeability/M -impermeable -impermeably -impermissible -impersonal/Y -impersonate/GNXDS -impersonation/M -impersonator/SM -impertinence/MS -impertinent/Y -imperturbability/M -imperturbable -imperturbably -impervious/Y -impetigo/M -impetuosity/M -impetuous/YP -impetuousness/M -impetus/MS -impiety/SM -impinge/LDSG -impingement/M -impious/PY -impiousness/M -impish/YP -impishness/M -implacability/M -implacable -implacably -implant/BSGMD -implantation/M -implausibility/SM -implausible -implausibly -implement/GBMDRS -implementable/U -implementation/SM -implemented/U -implicate/DSG -implication/M -implicit/PY -implicitness/M -implode/DSG -implore/DSG -imploring/Y -implosion/MS -implosive -imply/XDSGN -impolite/YP -impoliteness/MS -impolitic -imponderable/MS -import/ZGBSMDR -importance/M -important/Y -importation/MS -importer/M -importunate/Y -importune/GDS -importunity/M -impose/ADSG -imposer/MS -imposing/U -imposingly -imposition/MS -impossibility/SM -impossible/S -impossibly -impost/SM -impostor/SM -imposture/MS -impotence/M -impotency/M -impotent/Y -impound/DGS -impoverish/DSLG -impoverishment/M -impracticability -impracticable -impracticably -impractical/Y -impracticality/M -imprecate/DSXGN -imprecation/M -imprecise/PYN -impreciseness/M -imprecision/M -impregnability/M -impregnable -impregnably -impregnate/GNDS -impregnation/M -impresario/SM -impress/MDSGV -impressed/U -impressibility/M -impressible -impression/BSM -impressionability/M -impressionism/M -impressionist/SM -impressionistic -impressive/PY -impressiveness/M -imprimatur/SM -imprint/MDRZGS -imprinter/M -imprison/SDLG -imprisonment/SM -improbability/SM -improbable -improbably -impromptu/SM -improper/Y -impropriety/SM -improve/GBDSL -improved/U -improvement/MS -improvidence/M -improvident/Y -improvisation/SM -improvisational -improvise/ZGDRS -improviser/M -imprudence/M -imprudent/Y -impudence/M -impudent/Y -impugn/ZGSDR -impugner/M -impulse/MGNVDS -impulsion/M -impulsive/PY -impulsiveness/M -impulsivity -impunity/M -impure/RYT -impurity/SM -imputation/SM -impute/BDSG -in/ASM -inaccuracy/S -inaction/M -inadequacy/S -inadvertence/M -inadvertent/Y -inalienability/M -inalienably -inamorata/SM -inane/RYT -inanimate/PY -inanimateness/M -inanity/SM -inappropriate/Y -inarticulate/Y -inasmuch -inaudible -inaugural/SM -inaugurate/XGNDS -inauguration/M -inboard/MS -inbound -inbox/MS -inbreed/S -inc/TGD -incalculably -incandescence/M -incandescent/Y -incantation/SM -incapacitate/GNDS -incarcerate/XDSGN -incarceration/M -incarnadine/DSG -incarnate/AXGNDS -incarnation/AM -incendiary/SM -incense/MGDS -incentive's -incentive/ES -inception/SM -incessant/Y -incest/M -incestuous/PY -incestuousness/M -inch/MDSG -inchoate -inchworm/SM -incidence/SM -incident/SM -incidental/MYS -incinerate/DSGN -incineration/M -incinerator/MS -incipience/M -incipient/Y -incise/XGNVDS -incision/M -incisive/PY -incisiveness/M -incisor/MS -incitement/MS -inciter/MS -incl -inclement -inclination/EM -inclinations -incline's -incline/EGDS -include/GDS -inclusion/MS -inclusive/YP -inclusiveness/M -incognito/MS -incombustible -incommode/GD -incommodious -incommunicado -incompatibility/S -incompetent/MS -incomplete/Y -inconceivability/M -incongruous/PY -incongruousness/M -inconsolably -inconstant/Y -incontestability/M -incontestably -incontinent -incontrovertibly -inconvenience/GD -incorporate/ADSGN -incorporated/U -incorporation/AM -incorporeal -incorrect/Y -incorrigibility/M -incorrigible -incorrigibly -incorruptibly -increasing/Y -increment/SMDG -incremental/Y -incrementalism -incrementalist/SM -incriminate/GNDS -incrimination/M -incriminatory -incrustation/SM -incubate/GNDS -incubation/M -incubator/SM -incubus/MS -inculcate/DSGN -inculcation/M -inculpate/DSG -incumbency/SM -incumbent/SM -incunabula -incunabulum/M -incur/SB -incurable/MS -incurably -incurious -incurred -incurring -incursion/MS -ind -indebted/P -indebtedness/M -indeed -indefatigable -indefatigably -indefeasible -indefeasibly -indefinably -indelible -indelibly -indemnification/M -indemnify/GDSXN -indemnity/SM -indentation/MS -indention/M -indenture/DG -indescribably -indestructibly -indeterminably -indeterminacy/M -indeterminate/Y -index/ZGMDRS -indexation/SM -indexer/M -indicate/XDSGNV -indication/M -indicative/SMY -indicator/MS -indict/GDSBL -indictment/SM -indie/S -indigence/M -indigenous -indigent/SMY -indignant/Y -indignation/M -indigo/M -indirect/Y -indiscipline -indiscreet/Y -indiscretion/S -indiscriminate/Y -indispensability/M -indispensable/MS -indispensably -indissolubility -indissolubly -indistinguishably -indite/GDS -indium/M -individual/MYS -individualism/M -individualist/MS -individualistic -individualistically -individuality/M -individualization/M -individualize/GDS -individuate/DSGN -individuation/M -indivisibly -indoctrinate/GNDS -indoctrination/M -indolence/M -indolent/Y -indomitable -indomitably -indubitable -indubitably -induce/DRSZGL -inducement/SM -inducer/M -induct/DGV -inductance/M -inductee/SM -induction/MS -inductive/Y -indulge/DSG -indulgence/SM -indulgent/Y -industrial/Y -industrialism/M -industrialist/SM -industrialization/M -industrialize/DSG -industrious/YP -industriousness/M -industry/SM -indwell/SG -inebriate/MGNDS -inebriation/M -inedible -ineffability/M -ineffable -ineffably -inelastic -ineligible/MS -ineligibly -ineluctable -ineluctably -inept/YP -ineptitude/M -ineptness/M -inequality/S -inert/YP -inertia/M -inertial -inertness/M -inescapable -inescapably -inestimably -inevitability/M -inevitable/M -inevitably -inexact/Y -inexhaustibly -inexorability -inexorable -inexorably -inexpedient -inexpert/Y -inexpiable -inexplicably -inexpressibly -inexpressive -inextricably -inf/ZT -infallible -infamy/SM -infancy/M -infant/MS -infanticide/MS -infantile -infantry/SM -infantryman/M -infantrymen -infarct/MS -infarction/M -infatuate/DSXGN -infatuation/M -infect/AESDG -infected/U -infection/ASM -infectious/PY -infectiousness/M -infelicitous -inference/SM -inferential -inferior/MS -inferiority/M -infernal/Y -inferno/MS -inferred -inferring -infest/GDS -infestation/MS -infidel/MS -infidelity/S -infiltrator/SM -infinite/MV -infinitesimal/SMY -infinitival -infinitive/MS -infinitude/M -infinity/SM -infirm -infirmary/SM -infirmity/SM -infix -inflame/DSG -inflammable -inflammation/SM -inflammatory -inflatable/SM -inflate/ADSG -inflation/EM -inflationary -inflect/SDG -inflection/MS -inflectional -inflict/SDGV -infliction/M -inflow/SM -influence/MGDS -influenced/U -influential/Y -influenza/M -info/M -infomercial/SM -inform/Z -informal/Y -informant/SM -informatics -information/EM -informational -informative/PY -informativeness/M -informed/U -infotainment/M -infra -infrared/M -infrasonic -infrastructural -infrastructure/SM -infrequence/M -infrequent/Y -infringement/MS -infuriate/GDS -infuriating/Y -infuser/SM -ingenious/PY -ingeniousness/M -ingenue/SM -ingenuity/M -ingenuous/EY -ingenuousness/M -ingest/SDG -ingestion/M -inglenook/SM -ingot/SM -ingrain/G -ingrate/SM -ingratiate/GNDS -ingratiating/Y -ingratiation/M -ingredient/MS -ingress/MS -inguinal -inhabit/DG -inhabitable/U -inhabitant/SM -inhabited/U -inhalant/SM -inhalation/MS -inhalator/MS -inhaler/SM -inharmonious -inhere/DSG -inherent/Y -inherit/EGSD -inheritance/EM -inheritances -inheritor/SM -inhibit/GSD -inhibition/SM -inhibitor/SM -inhibitory -inhuman/Y -inhumane/Y -inimical/Y -inimitably -iniquitous/Y -iniquity/SM -initial/SGMDY -initialism -initialization -initialize/DSG -initialized/AU -initiate/XMGNVDS -initiated/U -initiation/M -initiative/SM -initiator/MS -initiatory -initio -inject/SDG -injection/SM -injector/SM -injunctive -injure/DRSZG -injured/U -injurer/M -injurious -ink/MD -inkblot/SM -inkiness/M -inkling/SM -inkstand/SM -inkwell/MS -inky/RTP -inland/M -inline -inmate/SM -inmost -inn/SGMRJ -innards/M -innate/PY -innateness/M -innermost -innersole/SM -innerspring -innervate/GNDS -innervation/M -inning/M -innit -innkeeper/MS -innocence/M -innocent/MYS -innocuous/PY -innocuousness/M -innovate/XDSGNV -innovation/M -innovator/MS -innovatory -innuendo/SM -innumerably -innumerate -inoculate/AGDS -inoculation/MS -inoperative -inordinate/Y -inorganic -inositol -inquire/ZGDR -inquirer/M -inquiring/Y -inquiry/SM -inquisition/MS -inquisitional -inquisitive/YP -inquisitiveness/M -inquisitor/SM -inquisitorial -inrush/MS -insane/T -insatiability/M -insatiably -inscribe/ZGDR -inscriber/M -inscription/MS -inscrutability/M -inscrutable/P -inscrutableness/M -inscrutably -inseam/SM -insecticidal -insecticide/MS -insectivore/MS -insectivorous -insecure/Y -inseminate/DSGN -insemination/M -insensate -insensible -insensitive/Y -inseparable/MS -insert's -insert/AGSD -insertion/AM -insertions -insetting -inshore -inside/RSMZ -insider/M -insidious/YP -insidiousness/M -insight/MS -insightful -insignia/M -insinuate/GNVDSX -insinuation/M -insinuator/SM -insipid/PY -insipidity/M -insist/SGD -insistence/M -insistent/Y -insisting/Y -insofar -insole/SM -insolence/M -insolent/Y -insoluble -insolubly -insolvency/S -insomnia/M -insomniac/SM -insomuch -insouciance/M -insouciant -inspect/AGDS -inspection/SM -inspector/MS -inspectorate/MS -inspiration/MS -inspirational -inspiratory -inspired/U -inspiring/U -inst -instability/S -install/UBZRSDG -installation/MS -installer/UM -installment/SM -instance/GD -instant/MRYS -instantaneous/Y -instantiate/DSG -instar -instate/AGDS -instead -instigate/DSGN -instigation/M -instigator/MS -instillation/M -instinct/VMS -instinctive/Y -instinctual -institute/XMZGNDRS -instituter/M -institution/M -institutional/Y -institutionalization/M -institutionalize/DSG -instr -instruct/SDGV -instructed/U -instruction/MS -instructional -instructive/Y -instructor/MS -instrument/MDSG -instrumental/MYS -instrumentalist/SM -instrumentality/M -instrumentation/M -insubordinate -insufferable -insufferably -insula -insular -insularity/M -insulate/GNDS -insulation/M -insulator/MS -insulin/M -insult/SMDG -insulting/Y -insuperable -insuperably -insurance/SM -insure/DRSZGB -insured/SM -insurer/M -insurgence/SM -insurgency/SM -insurgent/MS -insurmountably -insurrection/SM -insurrectionist/SM -int -intact -intaglio/MS -integer/MS -integral/SMY -integrate/AEVNGSD -integration/EAM -integrator -integrity/M -integument/SM -intel/M -intellect/MS -intellectual/MYS -intellectualism/M -intellectualize/GDS -intelligence/M -intelligent/Y -intelligentsia/M -intelligibility/M -intelligible/U -intelligibly/U -intended/SM -intense/YTVR -intensification/M -intensifier/M -intensify/DRSZGN -intensity/S -intensive/MYPS -intensiveness/M -intent/SMYP -intention/MS -intentional/UY -intentness/M -inter/ESL -interact/SGVD -interaction/SM -interactive/Y -interactivity -interbred -interbreed/GS -intercede/GDS -intercept/GMDS -interception/MS -interceptor/SM -intercession/SM -intercessor/MS -intercessory -interchange/DSMG -interchangeability -interchangeable -interchangeably -intercity -intercollegiate -intercom/SM -intercommunicate/DSGN -intercommunication/M -interconnect/GDS -interconnection/SM -intercontinental -intercourse/M -intercultural -interdenominational -interdepartmental -interdependence/M -interdependent/Y -interdict/GMDS -interdiction/M -interdisciplinary -interest/ESMD -interested/U -interesting/Y -interface/MGDS -interfaith -interfere/GDS -interference/M -interferon/M -interfile/GDS -intergalactic -intergovernmental -interim/M -interior/SM -interj -interject/GDS -interjection/SM -interlace/GDS -interlard/DGS -interleave/DSG -interleukin/M -interline/GDSJ -interlinear -interlining/M -interlink/DSG -interlock/GMDS -interlocutor/SM -interlocutory -interlope/ZGDRS -interloper/M -interlude/MGDS -intermarriage/SM -intermarry/GDS -intermediary/SM -intermediate/MYS -interment/EM -interments -intermezzi -intermezzo/MS -interminably -intermingle/DSG -intermission/SM -intermittence -intermittency -intermittent/Y -intermix/GDS -intern/GDL -internal/SY -internalization/M -internalize/GDS -international/SMY -internationalism/M -internationalist/SM -internationalization -internationalize/DSG -internecine -internee/SM -internet -internist/MS -internment/M -internship/MS -interoffice -interoperability -interoperable -interoperate/S -interpenetrate/DSGN -interpersonal -interplanetary -interplay/M -interpolate/XDSGN -interpolation/M -interpose/GDS -interposition/M -interpret/AGVDS -interpretation/AMS -interpretative -interpreted/U -interpreter/MS -interracial -interred/E -interregnum/SM -interrelate/XDSGN -interrelation/M -interrelationship/MS -interring/E -interrogate/DSGNVX -interrogation/M -interrogative/MYS -interrogator/SM -interrogatory/SM -interrupt/ZGMDRS -interrupter/M -interruption/MS -interscholastic -intersect/GDS -intersection/SM -intersectional -intersectionality -intersession/SM -intersex -intersperse/GNDS -interspersion/M -interstate/MS -interstellar -interstice/MS -interstitial -intertwine/GDS -interurban -interval/SM -intervene/GDS -intervention/SM -interventionism/M -interventionist/SM -interview/ZGMDRS -interviewee/MS -interviewer/M -intervocalic -interwar -interweave/GS -interwove -interwoven -intestacy/M -intestate -intestinal -intestine/MS -intifada -intimacy/SM -intimate/MYGNDSX -intimation/M -intimidate/GNDS -intimidating/Y -intimidation/M -intonation/SM -intoxicant/SM -intoxicate/DSGN -intoxication/M -intracranial -intramural -intramuscular -intranet/MS -intransigence/M -intransigent/MYS -intrastate -intrauterine -intravenous/MSY -intrepid/Y -intrepidity/M -intricacy/SM -intricate/Y -intrigue/DRSMZG -intriguer/M -intriguing/Y -intrinsic -intrinsically -intro/SM -introduce/AGDS -introduction/AM -introductions -introductory -introit/SM -introspect/GVDS -introspection/M -introspective/Y -introversion/M -introvert/MDS -intrude/DRSZG -intruder/M -intrusion/SM -intrusive/YP -intrusiveness/M -intuit/SDGV -intuition/S -intuitive/PY -intuitiveness/M -inundate/XDSGN -inundation/M -inure/DSG -invade/DRSZG -invader/M -invalid/GMDYS -invalidism/M -invaluable -invaluably -invariant -invasion/MS -invasive -invective/M -inveigh/GD -inveighs -inveigle/ZGDRS -inveigler/M -invent/ASGVD -invention/AMS -inventive/PY -inventiveness/M -inventor/MS -inventory/DSMG -inverse/SMY -invert/SMDRZG -inverter/M -invest/ASDGL -investigate/GNVDSX -investigation/M -investigator/SM -investigatory -investiture/MS -investment/AEM -investor/SM -inveteracy/M -inveterate -invidious/YP -invidiousness/M -invigilate/GNDS -invigilator/S -invigorate/ADSG -invigorating/Y -invigoration/M -invincibility/M -invincibly -inviolability/M -inviolably -inviolate -invitation/SM -invitational/SM -invite/DSMG -invited/U -invitee/SM -inviting/Y -invoke/DSG -involuntariness/M -involuntary/P -involution/M -involve/LDSG -involved/U -involvement/SM -inward/SY -ioctl -iodide/SM -iodine/M -iodize/DSG -ion/USM -ionic -ionization/UM -ionize/UDSG -ionizer/MS -ionosphere/MS -ionospheric -iota/MS -ipecac/SM -irascibility/M -irascible -irascibly -irate/YP -irateness/M -ire/M -ireful -irenic -irides -iridescence/M -iridescent/Y -iridium/M -iris/MS -irk/SGD -irksome/YP -irksomeness/M -iron/MDSG -ironclad/MS -ironic -ironical/Y -ironing/M -ironmonger/S -ironmongery -ironstone/M -ironware/M -ironwood/MS -ironwork/M -irony/SM -irradiate/DSGN -irradiation/M -irrational/SMY -irrationality/M -irreclaimable -irreconcilability/M -irreconcilable -irreconcilably -irrecoverable -irrecoverably -irredeemable -irredeemably -irreducible -irreducibly -irrefutable -irrefutably -irregular/MYS -irregularity/SM -irrelevance/MS -irrelevancy/MS -irrelevant/Y -irreligion -irreligious -irremediable -irremediably -irremovable -irreparable -irreparably -irreplaceable -irrepressible -irrepressibly -irreproachable -irreproachably -irresistible -irresistibly -irresolute/PYN -irresoluteness/M -irresolution/M -irrespective -irresponsibility/M -irresponsible -irresponsibly -irretrievable -irretrievably -irreverence/M -irreverent/Y -irreversible -irreversibly -irrevocable -irrevocably -irrigable -irrigate/DSGN -irrigation/M -irritability/M -irritable -irritably -irritant/SM -irritate/DSXGN -irritating/Y -irritation/M -irrupt/DGVS -irruption/SM -ischemia -ischemic -isinglass/M -isl -island/SZMR -islander/M -isle/MS -islet/SM -ism/CM -isms -isn't -isobar/MS -isobaric -isolate/DSMGN -isolation/M -isolationism/M -isolationist/SM -isomer/MS -isomeric -isomerism/M -isometric/S -isometrically -isometrics/M -isomorphic -isomorphism -isosceles -isotherm/SM -isotope/SM -isotopic -isotropic -issuance/M -issue/ADSMG -issuer/MS -isthmian -isthmus/MS -it'd -it'll -it/USM -ital -italic/SM -italicization/M -italicize/GDS -italics/M -itch/MDSG -itchiness/M -itchy/RPT -item/MS -itemization/M -itemize/GDS -iterate/AXGNVDS -iteration/AM -iterator/S -itinerant/SM -itinerary/SM -itself -iv/U -ivory/SM -ivy/DSM -ix -j/F -jab/SM -jabbed -jabber/SMDRZG -jabberer/M -jabbing -jabot/SM -jacaranda/MS -jack/MDGS -jackal/SM -jackass/MS -jackboot/SMD -jackdaw/MS -jacket/SMD -jackhammer/MS -jackknife/MGDS -jackknives -jackpot/MS -jackrabbit/MS -jackstraw/MS -jacquard/M -jade/MGDS -jaded/PY -jadedness/M -jadeite/M -jag/SM -jagged/TPRY -jaggedness/M -jaggies -jaguar/SM -jail/MDRZGS -jailbird/SM -jailbreak/SM -jailer/M -jailhouse/S -jalapeno/MS -jalopy/SM -jalousie/MS -jam/SM -jamb/MS -jambalaya/M -jamboree/MS -jammed -jamming -jammy/RT -jangle/DRSMZG -jangler/M -janitor/SM -janitorial -japan/SM -japanned -japanning -jape/MGDS -jar/SM -jardiniere/SM -jarful/MS -jargon/M -jarred -jarring/Y -jasmine/SM -jasper/M -jato/MS -jaundice/DSMG -jaunt/SGMD -jauntily -jauntiness/M -jaunty/RPT -java/M -javelin/SM -jaw/SGMD -jawbone/DSMG -jawbreaker/MS -jawline/S -jay/SM -jaybird/SM -jaywalk/DRSZG -jaywalker/M -jaywalking/M -jazz/MDSG -jazzy/TR -jct -jealous/Y -jealousy/SM -jean/MS -jeans/M -jeep/MS -jeer/MDSG -jeering/MY -jeez -jejuna -jejune -jejunum/M -jell/DSG -jello/S -jelly/GDSM -jellybean/MS -jellyfish/MS -jellylike -jellyroll/SM -jemmy/GDS -jennet/MS -jenny/SM -jeopardize/GDS -jeopardy/M -jeremiad/MS -jerk/MDSG -jerkily -jerkin/MS -jerkiness/M -jerkwater -jerky/TRMP -jeroboam/S -jerrybuilt -jerrycan/S -jersey/MS -jest/MDRSZG -jester/M -jesting/Y -jet/SM -jetliner/SM -jetport/MS -jetsam/M -jetted -jetting -jettison/MDSG -jetty/SM -jewel/SZGMDR -jeweler/M -jewelry/SM -jg -jib/SGMD -jibbed -jibbing -jibe/MS -jiff/MS -jiffy/SM -jig's -jig/AS -jigged/A -jigger's -jigger/ASDG -jigging/A -jiggle/DSMG -jiggly -jigsaw/SMDG -jihad/SM -jihadist/SM -jilt/MDSG -jimmy/DSMG -jimsonweed/M -jingle/DSMG -jingly -jingoism/M -jingoist/SM -jingoistic -jink/DSG -jinn -jinni/M -jinrikisha/SM -jinx/MDSG -jitney/SM -jitterbug/MS -jitterbugged -jitterbugger/M -jitterbugging -jitters/M -jittery/RT -jive/MGDS -job/SM -jobbed -jobber/SM -jobbing -jobholder/MS -jobless/P -joblessness/M -jobshare/S -jobsworth -jobsworths -jock/MS -jockey/SGMD -jockstrap/MS -jocose/PY -jocoseness/M -jocosity/M -jocular/Y -jocularity/M -jocund/Y -jocundity/M -jodhpurs/M -joey/S -jog/SM -jogged -jogger/SM -jogging/M -joggle/DSMG -john/MS -johnny/SM -johnnycake/MS -join's -join/AFDSG -joiner/FMS -joinery/M -joint's -joint/EGSD -jointly/F -joist/SM -jojoba -joke/MZGDRS -joker/M -jokey -jokier -jokiest -joking/Y -jollification/SM -jollily -jolliness/M -jollity/M -jolly/TGPDRSM -jolt/MDRSZG -jolter/M -jonquil/SM -josh/MDRSZG -josher/M -jostle/MGDS -jot/SM -jotted -jotter/MS -jotting/MS -joule/SM -jounce/MGDS -jouncy -journal/MS -journalese/M -journalism/M -journalist/SM -journalistic -journey/ZGMDRS -journeyer/M -journeyman/M -journeymen -journo/S -joust/SZGMDR -jouster/M -jousting/M -jovial/Y -joviality/M -jowl/MS -jowly/TR -joy/SGMD -joyful/YP -joyfuller -joyfullest -joyfulness/M -joyless/PY -joylessness/M -joyous/YP -joyousness/M -joyridden -joyride/RSMZG -joyrider/M -joyriding/M -joyrode -joystick/SM -jr -jubilant/Y -jubilation/M -jubilee/SM -judder/GDS -judge's -judge/ADSG -judgeship/M -judgment/SM -judgmental/Y -judicatory/SM -judicature/M -judicial/Y -judiciary/SM -judicious/IYP -judiciousness/IM -judo/M -jug/SM -jugful/MS -jugged -juggernaut/SM -jugging -juggle/MZGDRS -juggler/M -jugglery/M -jugular/SM -juice/DRSMZG -juicer/M -juicily -juiciness/M -juicy/PTR -jujitsu/M -jujube/MS -jukebox/MS -julep/SM -julienne -jumble/MGDS -jumbo/SM -jump/MDRSZG -jumper/M -jumpily -jumpiness/M -jumpsuit/MS -jumpy/TRP -jun -junco/SM -junction/FISM -juncture/FMS -jungle/MS -junior/MS -juniper/SM -junk/MDRSZG -junker/M -junket/MDSG -junketeer/MS -junkie/MTRS -junkyard/MS -junta/SM -juridic -juridical/Y -jurisdiction/SM -jurisdictional -jurisprudence/M -jurist/MS -juristic -juror/SM -jury/ISM -juryman/M -jurymen -jurywoman/M -jurywomen -just/RYPT -justice/IMS -justifiable/U -justifiably/U -justification/M -justified/U -justify/XGDSN -justness/M -jut/SM -jute/M -jutted -jutting -juvenile/SM -juxtapose/DSG -juxtaposition/SM -k/IFGS -kHz -kW -kWh -kabbalah -kaboom -kabuki/M -kaddish/MS -kaffeeklatch/MS -kaffeeklatsch/MS -kahuna/S -kaiser/MS -kale/M -kaleidoscope/MS -kaleidoscopic -kaleidoscopically -kamikaze/MS -kana -kangaroo/MS -kanji -kaolin/M -kapok/M -kappa/SM -kaput -karakul/M -karaoke/MS -karat/SM -karate/M -karma/M -karmic -kart/MS -katakana -katydid/SM -kayak/SMDG -kayaking/M -kayo/MDSG -kazoo/SM -kc -kebab/SM -kedgeree -keel/MDSG -keelhaul/DGS -keen/MDRYSTGP -keenness/M -keep/MRSZG -keeper/M -keeping/M -keepsake/MS -keg/SM -kelp/M -kelvin/SM -ken/SM -kenned -kennel/SGMD -kenning -keno/M -kepi/MS -kept -keratin/M -keratitis -kerbside -kerchief/SM -kerfuffle/S -kernel/SM -kerosene/M -kestrel/MS -ketch/MS -ketchup/M -keto -ketogenic -ketone/S -kettle/SM -kettledrum/SM -key/SGMD -keybinding/S -keyboard/ZGSMDR -keyboarder/M -keyboardist/SM -keyhole/MS -keynote/MZGDRS -keynoter/M -keypad/SM -keypunch/ZGMDRS -keypuncher/M -keystone/MS -keystroke/SM -keyword/MS -kg -khaki/SM -khan/MS -kibble/DSMG -kibbutz/MS -kibbutzim -kibitz/ZGDRS -kibitzer/M -kibosh/M -kick/MDRSZG -kickback/SM -kickball/M -kickboxing -kicker/M -kickoff/MS -kickstand/MS -kicky/RT -kid/SM -kidded -kidder/SM -kiddie/SM -kidding -kiddish -kiddo/SM -kidnap/S -kidnapped -kidnapper/MS -kidnapping/MS -kidney/SM -kidskin/M -kielbasa/MS -kielbasi -kike/S -kill/JMDRSZG -killdeer/SM -killer/M -killing/M -killjoy/SM -kiln/MDSG -kilo/MS -kilobyte/SM -kilocoulomb/S -kilocycle/SM -kilogram/SM -kilohertz/M -kilojoule/S -kiloliter/MS -kilometer/MS -kilonewton/S -kilopascal/S -kiloton/SM -kilovolt/S -kilowatt/SM -kilt/MDRS -kilter/M -kimono/MS -kin/M -kinase -kind's -kind/UPRYT -kinda -kindergarten/MS -kindergartner/SM -kindhearted/PY -kindheartedness/M -kindle/AGDS -kindliness/M -kindling/M -kindly/URT -kindness/UM -kindnesses -kindred/M -kinds -kine/S -kinematic/S -kinematics/M -kinetic/S -kinetically -kinetics/M -kinfolk/SM -kinfolks/M -king/MYS -kingdom/SM -kingfisher/SM -kingly/RT -kingmaker/S -kingpin/SM -kingship/M -kink/MDSG -kinkily -kinkiness/M -kinky/TPR -kinsfolk/M -kinship/M -kinsman/M -kinsmen -kinswoman/M -kinswomen -kiosk/SM -kip/SM -kipped -kipper/MDGS -kipping -kirsch/MS -kismet/M -kiss/MDRSBZG -kisser/M -kissoff/SM -kissogram/S -kit/SGMD -kitchen/SM -kitchenette/MS -kitchenware/M -kite/MS -kith/M -kitsch/M -kitschy -kitted -kitten/MS -kittenish -kitting -kitty/SM -kiwi/MS -kiwifruit/MS -kl -klaxon/S -kleptocracy -kleptomania/M -kleptomaniac/SM -kludge/GDS -kluge/DS -klutz/MS -klutziness/M -klutzy/TRP -km -kn -knack/SZMR -knacker/GD -knapsack/MS -knave/SM -knavery/M -knavish/Y -knead/SZGDR -kneader/M -knee/MDS -kneecap/SM -kneecapped -kneecapping -kneeing -kneel/SG -knell/SGMD -knelt -knew -knicker/S -knickerbockers/M -knickers/M -knickknack/MS -knife/DSMG -knight/MDYSG -knighthood/MS -knightliness/M -knish/MS -knit/MS -knitted -knitter/SM -knitting/M -knitwear/M -knives -knob/MS -knobbly -knobby/TR -knock/SZGMDR -knockabout -knockdown/SM -knocker/M -knockoff/SM -knockout/SM -knockwurst/SM -knoll/SM -knot/MS -knothole/SM -knotted -knotting -knotty/TR -know/SB -knowing/UYS -knowledge/M -knowledgeable -knowledgeably -known -knuckle/DSMG -knuckleduster/S -knucklehead/MS -knurl/SGMD -koala/SM -koan/S -kohl -kohlrabi/M -kohlrabies -kola/MS -kook/MS -kookaburra/SM -kookiness/M -kooky/TPR -kopeck/MS -korma -kosher/DSG -kowtow/GMDS -kph -kraal/SM -kraut/SM! -krill/M -krona/M -krone/RM -kronor -kronur -krypton/M -kt -kuchen/SM -kudos/M -kudzu/SM -kumquat/MS -kvetch/ZGMDRS -kvetcher/M -kw -l/SDXTGJ -la/M -lab/SM -label's -label/ASDG -labeled/U -labia -labial/SM -labile -labium/M -labor/SMDRZG -laboratory/SM -laborer/M -laborious/PY -laboriousness/M -laborsaving -laburnum/MS -labyrinth/M -labyrinthine -labyrinths -lac/M -lace's -lace/UGDS -lacerate/DSGNX -laceration/M -lacewing/SM -lacework/M -lachrymal -lachrymose -lack/MDSG -lackadaisical/Y -lackey/SM -lackluster -laconic -laconically -lacquer/GMDS -lacrosse/M -lactate/GNDS -lactation/M -lacteal -lactic -lactose/M -lacuna/M -lacunae -lacy/RT -lad/SGMDNJ -ladder/GSMD -laddie/SM -laddish/P -lade/S -laden/U -lading/M -ladle/DSMG -lady/SM -ladybird/SM -ladybug/MS -ladyfinger/MS -ladylike/U -ladylove/MS -ladyship/MS -laetrile/M -lag/SZMR -lager/M -laggard/MYS -lagged -lagging/M -lagniappe/SM -lagoon/SM -laid/IA -lain -lair/MS -laird/SM -laity/M -lake/MS -lakefront/S -lakeside -lam/SM -lama/MS -lamasery/SM -lamb/MDSG -lambada/MS -lambaste/GDS -lambda/SM -lambency/M -lambent/Y -lambkin/SM -lambskin/SM -lambswool -lame/MYZTGDRSP -lamebrain/MDS -lameness/M -lament/BSMDG -lamentably -lamentation/MS -lamina/M -laminae -laminar -laminate/MGNDS -lamination/M -lammed -lamming -lamp/MS -lampblack/M -lamplight/MRZ -lamplighter/M -lampoon/SGMD -lamppost/SM -lamprey/MS -lampshade/SM -lanai/SM -lance/DRSMZG -lancer/M -lancet/SM -land/MDRSGJ -landau/SM -landfall/MS -landfill/MS -landholder/SM -landholding/MS -landing/M -landlady/SM -landless/M -landline/MS -landlocked -landlord/MS -landlubber/MS -landmark/MS -landmass/MS -landmine/S -landowner/MS -landownership -landowning/SM -landscape/MZGDRS -landscaper/M -landslid -landslide/MGS -landslip/S -landsman/M -landsmen -landward/S -lane/MS -language/MS -languid/PY -languidness/M -languish/DSG -languor/SM -languorous/Y -lank/RYTP -lankiness/M -lankness/M -lanky/RTP -lanolin/M -lantern/MS -lanthanum/M -lanyard/MS -lap/SM -laparoscopic -laparoscopy -laparotomy -lapboard/SM -lapdog/SM -lapel/SM -lapidary/SM -lapin/SM -lapped -lappet/SM -lapping -lapse/AKGMSD -laptop/SM -lapwing/MS -larboard/SM -larcenist/SM -larcenous -larceny/SM -larch/MS -lard/MDRSZG -larder/M -lardy/RT -large/RSPMYT -largehearted -largeness/M -largess/M -largish -largo/SM -lariat/SM -lark/MDSG -larkspur/SM -larva/M -larvae -larval -laryngeal -larynges -laryngitis/M -larynx/M -lasagna/MS -lascivious/YP -lasciviousness/M -lase/ZGDRS -laser/M -lash/MDSGJ -lashing/M -lass/MS -lassie/SM -lassitude/M -lasso/SMDG -last/MDYSG -lasting/Y -lat/S -latch's -latch/UDSG -latchkey/SM -late/YTRP -latecomer/MS -latency/M -lateness/M -latent -lateral/MDYSG -latest/M -latex/M -lath/MDRSZG -lathe/M -lather/GMD -lathery -laths -latices -latish -latitude/MS -latitudinal -latitudinarian/MS -latrine/MS -latte/RSM -latter/MY -lattice/MDS -latticework/SM -laud/MDSGB -laudably -laudanum/M -laudatory -laugh/BMDG -laughably -laughing/MY -laughingstock/SM -laughs -laughter/M -launch/AGMDS -launcher/SM -launchpad/SM -launder/DRZGS -launderer/M -launderette/SM -laundress/MS -laundromat/MS -laundry/SM -laundryman/M -laundrymen -laundrywoman/M -laundrywomen -laureate/MS -laureateship/M -laurel/SM -lav/SGD -lava/M -lavage/M -lavaliere/SM -lavatorial -lavatory/SM -lave/S -lavender/SM -lavish/PTGDRSY -lavishness/M -law/SM -lawbreaker/SM -lawbreaking/M -lawful/UPY -lawfulness/UM -lawgiver/MS -lawless/PY -lawlessness/M -lawmaker/MS -lawmaking/M -lawman/M -lawmen -lawn/MS -lawnmower/SM -lawrencium/M -lawsuit/MS -lawyer/SM -lax/TRYP -laxative/MS -laxity/M -laxness/M -lay/AICSGM -layabout/S -layaway/M -layer/CSM -layered -layering/M -layette/MS -layman/M -laymen -layoff/SM -layout/SM -layover/MS -laypeople -layperson/MS -layup/SM -laywoman/M -laywomen -laze/MGDS -lazily -laziness/M -lazy/DRSTGP -lazybones/M -lb/S -lbw -lea/SM -leach/DSG -lead/MDNRSZG -leader/M -leaderless -leadership/SM -leading/M -leaf/MDSG -leafage/M -leafless -leaflet/GMDS -leafstalk/MS -leafy/RT -league/DSMG -leak/MDSG -leakage/MS -leakiness/M -leaky/PRT -lean/MDRSTGJP -leaning/M -leanness/M -leap/MDRSZG -leaper/M -leapfrog/MS -leapfrogged -leapfrogging -leapt -learn/AUGDS -learnability -learnable -learnedly -learner/MS -learning's -lease/ADSMG -leaseback/SM -leasehold/MRSZ -leaseholder/M -leaser/SM -leash's -leash/UDSG -least/M -leastwise -leather/MS -leatherette/M -leatherneck/MS -leathery -leave/DRSMZGJ -leaven/SGMD -leavened/U -leavening/M -leaver/M -leavings/M -lech/MDRSZG -lecher/M -lecherous/PY -lecherousness/M -lechery/M -lecithin/M -lectern/MS -lecture/MZGDRS -lecturer/M -lectureship/SM -ledge/RSMZ -ledger/M -lee/RSMZ -leech/MDSG -leek/MS -leer/MDG -leeriness/M -leery/RPT -leeward/SM -leeway/M -left/MRST -leftism/M -leftist/SM -leftmost -leftover/SM -leftward/S -lefty/SM -leg/SM -legacy/SM -legal/SMY -legalese/M -legalism/MS -legalistic -legalistically -legality/SM -legalization/M -legalize/GDS -legate/CXMNS -legatee/MS -legation's/AC -legato/SM -legend/SM -legendarily -legendary -legerdemain/M -legged -legginess/M -legging/MS -leggy/RPT -leghorn/MS -legibility/M -legible -legibly -legion/SM -legionary/SM -legionnaire/SM -legislate/DSGNV -legislation/M -legislative/Y -legislator/MS -legislature/SM -legit -legitimacy/M -legitimate/DSYG -legitimatize/GDS -legitimization/M -legitimize/DSG -legless -legman/M -legmen -legroom/SM -legume/MS -leguminous -legwarmer/S -legwork/M -lei/SM -leisure/DMY -leisureliness/M -leisurewear/M -leitmotif/MS -leitmotiv/MS -lemma/S -lemme/JG -lemming/M -lemon/SM -lemonade/SM -lemongrass -lemony -lemur/SM -lend/RSZG -lender/M -length/MNX -lengthen/GD -lengthily -lengthiness/M -lengths -lengthwise -lengthy/PRT -lenience/M -leniency/M -lenient/Y -lenitive -lens/MS -lent -lentil/MS -lento -leonine -leopard/SM -leopardess/MS -leotard/SM -leper/SM -leprechaun/MS -leprosy/M -leprous -lepta -lepton/MS -lesbian/SM -lesbianism/M -lesion/MS -less/MNRX -lessee/MS -lessen/GD -lesson/MS -lessor/MS -let/ISM -letdown/SM -lethal/Y -lethargic -lethargically -lethargy/M -letter/ZGMDRS -letterbomb/S -letterbox/S -lettered/U -letterer/M -letterhead/MS -lettering/M -letterpress/M -letting/S -lettuce/MS -letup/SM -leucine -leucotomy/S -leukemia/M -leukemic/SM -leukocyte/MS -levee/SM -level/PSZGMDRY -leveler/M -levelheaded/P -levelheadedness/M -levelness/M -lever/SGMD -leverage's -leverage/CDSG -leviathan/MS -levier/M -levitate/DSGN -levitation/M -levity/M -levy/DRSMZG -lewd/RYPT -lewdness/M -lexer/S -lexical -lexicographer/MS -lexicographic -lexicographical -lexicography/M -lexicon/SM -lexis -lg -liabilities -liability/AM -liable/A -liaise/GDS -liaison/MS -liar/MS -lib/M -libation/SM -libber/MS -libel/SZGMDR -libeler/M -libelous -liberal/MYPS -liberalism/M -liberality/M -liberalization/SM -liberalize/GDS -liberalness/M -liberate/CDSGN -liberation/CM -liberator/MS -libertarian/SM -libertine/MS -liberty/SM -libidinal -libidinous -libido/MS -librarian/MS -librarianship -library/SM -librettist/MS -libretto/SM -lice -license/MGDS -licensed/U -licensee/MS -licentiate/SM -licentious/YP -licentiousness/M -lichen/MS -licit/Y -lick/MDJSG -licking/M -licorice/SM -lid/SM -lidded -lidless -lido/MS -lie/DSM -lied/MR -lief/RT -liege/SM -lien/MS -lieu/M -lieutenancy/M -lieutenant/MS -life/MZR -lifebelt/S -lifeblood/M -lifeboat/MS -lifebuoy/MS -lifeforms -lifeguard/SM -lifeless/YP -lifelessness/M -lifelike -lifeline/MS -lifelong -lifer/M -lifesaver/SM -lifesaving/M -lifespan/S -lifestyle/SM -lifetime/MS -lifework/MS -lift/MDRSZG -lifter/M -liftoff/SM -ligament/MS -ligate/GNDS -ligation/M -ligature/MGDS -light's/C -light/CASTGD -lighted/U -lighten/SDRZG -lightener/M -lighter/SM -lightface/MD -lightheaded -lighthearted/YP -lightheartedness/M -lighthouse/MS -lighting's -lightly -lightness/M -lightning/MDS -lightproof -lightship/MS -lightweight/SM -ligneous -lignin -lignite/M -lii -likability/M -likable/P -likableness/M -like/EMGDST -likelihood/UM -likelihoods -likeliness/UM -likely/UPRT -liken/SGD -likeness/UM -likenesses -liker -likewise -liking/M -lilac/SM -lilliputian -lilo/S -lilt/MDSG -lily/SM -limb/MS -limber/UDSG -limberness/M -limbless -limbo/SM -lime/MGDS -limeade/SM -limelight/M -limerick/SM -limescale -limestone/M -limey/S -limit's -limit/CSZGDR -limitation/CM -limitations -limited/U -limiter's -limiting/S -limitless/P -limitlessness/M -limn/DSG -limo/MS -limousine/MS -limp/MDRYSPTG -limpet/MS -limpid/YP -limpidity/M -limpidness/M -limpness/M -limy/RT -linage/M -linchpin/SM -linden/MS -line/MZGDRSJ -lineage/MS -lineal/Y -lineament/SM -linear/Y -linearity/M -linebacker/MS -lined/U -linefeed -lineman/M -linemen -linen/SM -linens/M -liner/M -linesman/M -linesmen -lineup/MS -ling/M -linger/ZGJDRS -lingerer/M -lingerie/M -lingering/Y -lingo/M -lingoes -lingual -linguine/M -linguist/SM -linguistic/S -linguistically -linguistics/M -liniment/SM -lining/M -link/MDRSG -linkage/MS -linkman -linkmen -linkup/MS -linnet/MS -lino -linoleum/M -linseed/M -lint's -lint/CDG -lintel/MS -lints -linty/TR -lion/MS -lioness/MS -lionhearted -lionization/M -lionize/GDS -lip/SM -lipid/SM -liposuction/M -lipped -lippy -lipread/GRS -lipreader/M -lipreading/M -lipstick/MDSG -liq -liquefaction/M -liquefy/DSG -liqueur/SM -liquid/MS -liquidate/XGNDS -liquidation/M -liquidator/MS -liquidity/M -liquidize/ZGDRS -liquidizer/M -liquor/MDGS -lira/M -lire -lisle/M -lisp/MDRSZG -lisper/M -lissome -list/MDNSJXG -listed/U -listen/BMDRZG -listener/M -listeria -listing/M -listless/YP -listlessness/M -lit/ZR -litany/SM -litchi/MS -lite -liter/M -literacy/M -literal/SMYP -literalness/M -literariness/M -literary/P -literate/SMY -literati/M -literature/M -lithe/RPYT -litheness/M -lithesome -lithium/M -lithograph/MDRZG -lithographer/M -lithographic -lithographically -lithographs -lithography/M -lithosphere/SM -litigant/SM -litigate/DSGN -litigation/M -litigator/MS -litigious/P -litigiousness/M -litmus/M -litotes/M -litter/MDRSZG -litterateur/MS -litterbug/MS -litterer/M -little/MTRP -littleness/M -littoral/SM -liturgical/Y -liturgist/SM -liturgy/SM -livability/M -livable/U -live/ATGDSB -livelihood/SM -liveliness/M -livelong/S -lively/PRT -liven/SGD -liver's -liver/S -liveried -liverish -liverwort/MS -liverwurst/M -livery/CSM -liveryman/CM -liverymen/C -livestock/M -liveware -livid/Y -living/MS -lix/K -lizard/MS -ll -llama/SM -llano/SM -lo -load's -load/AUGSD -loadable -loader/MS -loading's -loaf/MDRSZG -loafer/M -loam/M -loamy/TR -loan/MDRSZG -loaner/M -loansharking/M -loanword/MS -loath/JZGDRS -loathe -loather/M -loathing/M -loathsome/PY -loathsomeness/M -loaves -lob/SMD -lobar -lobbed -lobber/MS -lobbing -lobby/GDSM -lobbyist/MS -lobe/MS -lobotomize/DSG -lobotomy/SM -lobster/MS -local/SMY -locale/MS -locality/SM -localization/M -localize/DSG -locate/EAGNDS -location's/A -location/ESM -locator/MS -locavore/SM -loci -lock/MDRSBZG -locker/M -locket/MS -lockjaw/M -lockout/MS -locksmith/M -locksmiths -lockstep/M -lockup/MS -loco/S -locomotion/M -locomotive/MS -locoweed/SM -locum/S -locus/M -locust/SM -locution/MS -lode/MS -lodestar/MS -lodestone/MS -lodge/DRSJMZG -lodger/M -lodging/M -lodgings/M -loft/MDSG -loftily -loftiness/M -lofty/PRT -log/SM -loganberry/SM -logarithm/SM -logarithmic -logbook/SM -loge/MS -logged -logger/SM -loggerhead/SM -loggia/SM -logging/M -logic/M -logical/Y -logicality/M -logician/MS -login/SM -logistic/S -logistical/Y -logistics/M -logjam/SM -logo/MS -logoff/SM -logon/SM -logotype/SM -logout/SM -logrolling/M -logy/RT -loin/MS -loincloth/M -loincloths -loiter/ZGSDR -loiterer/M -loitering/M -lolcat/SM -loll/DSG -lollipop/SM -lollop/GSD -lolly/S -lollygag/S -lollygagged -lollygagging -lone/YZR -loneliness/M -lonely/PTR -loner/M -lonesome/YP -lonesomeness/M -long's -long/KDSTG -longboat/MS -longbow/MS -longer -longevity/M -longhair/MS -longhand/M -longhorn/MS -longhouse/S -longing/MYS -longish -longitude/MS -longitudinal/Y -longshoreman/M -longshoremen -longsighted -longstanding -longtime -longueur/SM -longways -loo -loofah/M -loofahs -look/MDRSZG -lookalike/MS -looker/M -lookout/MS -lookup -loom/MDSG -loon/MS -loonie/M -loony/RSMT -loop/MDSG -loophole/MS -loopy/RT -loos/NRX -loose/UDSTG -loosely -loosen/UGSD -looseness/M -loot/MDRSZG -looter/M -looting/M -lop/S -lope/MGDS -lopped -lopping -lopsided/YP -lopsidedness/M -loquacious/PY -loquaciousness/M -loquacity/M -lord/MDYSG -lordliness/M -lordly/TPR -lordship/SM -lore/M -lorgnette/SM -loris/MS -lorn -lorry/SM -lose/ZGRSJ -loser/M -losing/M -loss/MS -lossless -lost -lot/SM -lotion/SM -lottery/SM -lotto/M -lotus/MS -louche -loud/RYTP -loudhailer/SM -loudmouth/MD -loudmouths -loudness/M -loudspeaker/MS -lough -loughs -lounge/MZGDRS -lounger/M -lour/DSG -louse's -louse/CDSG -lousily -lousiness/M -lousy/TPR -lout/MS -loutish/PY -louver/MDS -lovableness/M -lovably -love/MYZGDRSB -lovebird/SM -lovechild/M -loved/U -loveless -loveliness/M -lovelorn -lovely/RSMTP -lovemaking/M -lover/M -lovesick -lovey/S -loving/Y -low/SZTGMDRYP -lowborn -lowboy/MS -lowbrow/SM -lowdown/M -lower/GD -lowercase/M -lowermost -lowish -lowland/SZMR -lowlander/M -lowlife/SM -lowliness/M -lowly/TPR -lowness/M -lox/M -loyal/ETY -loyaler -loyalism/M -loyalist/SM -loyalties -loyalty/EM -lozenge/SM -ltd -luau/MS -lubber/MYS -lube/MGDS -lubricant/SM -lubricate/DSGN -lubrication/M -lubricator/MS -lubricious/Y -lubricity/M -lucid/PY -lucidity/M -lucidness/M -luck/MDSG -luckily/U -luckiness/UM -luckless -lucky/UPTR -lucrative/YP -lucrativeness/M -lucre/M -lucubrate/GNDS -lucubration/M -ludicrous/YP -ludicrousness/M -ludo -luff/DSG -lug/SM -luge/S -luggage/M -lugged -lugger/MS -lugging -lughole/S -lugsail/SM -lugubrious/YP -lugubriousness/M -lukewarm/YP -lukewarmness/M -lull/MDSG -lullaby/SM -lulu/S -lumbago/M -lumbar -lumber/MDRZGS -lumberer/M -lumbering/M -lumberjack/SM -lumberman/M -lumbermen -lumberyard/SM -lumen -luminary/SM -luminescence/M -luminescent -luminosity/M -luminous/Y -lummox/MS -lump/MDNSG -lumpectomy/S -lumpenproletariat -lumpiness/M -lumpish -lumpy/TRP -lunacy/SM -lunar -lunatic/SM -lunch/GMDS -lunchbox/S -luncheon/SM -luncheonette/SM -lunchroom/MS -lunchtime/MS -lung/MDSG -lunge/SM -lungfish/MS -lungful/S -lunkhead/MS -lupine/MS -lupus/M -lurch/GMDS -lure/MGDS -lurgy -lurid/PY -luridness/M -lurk/DRSZG -luscious/PY -lusciousness/M -lush/MRSYPT -lushness/M -lust/MDRSG -luster/M -lusterless -lustful/Y -lustily -lustiness/M -lustrous/Y -lusty/PTR -lutanist/SM -lute/MS -lutenist/SM -lutetium/M -lux -luxuriance/M -luxuriant/Y -luxuriate/DSGN -luxuriation/M -luxurious/PY -luxuriousness/M -luxury/SM -lvi -lvii -lxi -lxii -lxiv -lxix -lxvi -lxvii -lyceum/MS -lychgate/S -lye/MG -lying/M -lymph/M -lymphatic/SM -lymphocyte/SM -lymphoid -lymphoma/SM -lynch/JZGDRS -lyncher/M -lynching/M -lynx/MS -lyre/MS -lyrebird/MS -lyric/SM -lyrical/Y -lyricism/M -lyricist/SM -lysosomal -lysosomes -m/KAS -ma'am -ma/SMH -mac/SGMD -macabre -macadam/M -macadamia/SM -macadamize/GDS -macaque/MS -macaroni/MS -macaroon/MS -macaw/SM -mace/MS -macerate/DSGN -maceration/M -mach/M -machete/SM -machinate/GNDSX -machination/M -machine/DSMGB -machinery/M -machinist/MS -machismo/M -macho/M -mackerel/SM -mackinaw/SM -mackintosh/MS -macrame/M -macro/SM -macrobiotic/S -macrobiotics/M -macrocosm/SM -macroeconomic/S -macroeconomics/M -macrology/S -macron/MS -macrophages -macroscopic -mad/SMYP -madam/SM -madame/M -madcap/MS -madden/DGS -maddening/Y -madder/MS -maddest -madding -made/AU -mademoiselle/MS -madhouse/SM -madman/M -madmen -madness/M -madras/MS -madrasa/SM -madrasah/M -madrasahs -madrassa/SM -madrigal/SM -madwoman/M -madwomen -maelstrom/SM -maestro/SM -mafia/SM -mafiosi -mafioso/M -mag/SM -magazine/SM -mage/MS -magenta/M -maggot/MS -maggoty -magi/M -magic/SM -magical/Y -magician/SM -magicked -magicking -magisterial/Y -magistracy/M -magistrate/SM -magma/M -magnanimity/M -magnanimous/Y -magnate/SM -magnesia/M -magnesium/M -magnet/MS -magnetic -magnetically -magnetism/M -magnetite/M -magnetizable -magnetization/CM -magnetize/CGDS -magneto/SM -magnetometer/SM -magnetosphere -magnification/M -magnificence/M -magnificent/Y -magnifier/M -magnify/ZGXDRSN -magniloquence/M -magniloquent -magnitude/SM -magnolia/MS -magnon -magnum/MS -magpie/MS -magus/M -maharajah/M -maharajahs -maharani/SM -maharishi/SM -mahatma/SM -mahogany/SM -mahout/MS -maid/MNSX -maiden/MY -maidenhair/M -maidenhead/SM -maidenhood/M -maidservant/SM -mail/JMDRSZG -mailbag/SM -mailbomb/GSD -mailbox/MS -mailer/M -mailing/M -maillot/SM -mailman/M -mailmen -mailshot/S -maim/DSG -main/MYS -mainframe/SM -mainland/MS -mainline/MGDS -mainmast/MS -mainsail/MS -mainspring/MS -mainstay/MS -mainstream/SMDG -maintain/ZGBDRS -maintainability -maintainable/U -maintained/U -maintenance/M -maintop/SM -maisonette/MS -maize/SM -majestic -majestically -majesty/SM -majolica/M -major/SGMDY -majordomo/MS -majorette/MS -majoritarian/SM -majoritarianism -majority/SM -make's/A -make/UAGS -makeover/MS -maker/SM -makeshift/SM -makeup/MS -makeweight/S -making/MS -makings/M -malachite/M -maladjusted -maladjustment/M -maladministration -maladroit/PY -maladroitness/M -malady/SM -malaise/M -malamute/MS -malapropism/SM -malaria/M -malarial -malarkey/M -malathion/M -malcontent/MS -male/MPS -malediction/SM -malefaction/M -malefactor/SM -malefic -maleficence/M -maleficent -maleness/M -malevolence/M -malevolent/Y -malfeasance/M -malformation/SM -malformed -malfunction/MDSG -malice/M -malicious/PY -maliciousness/M -malign/DSG -malignancy/SM -malignant/Y -malignity/M -malinger/ZGSDR -malingerer/M -mall/MS -mallard/SM -malleability/M -malleable -mallet/MS -mallow/MS -malnourished -malnutrition/M -malocclusion/M -malodorous -malpractice/SM -malt/MDSG -malted/MS -maltose/M -maltreat/GLDS -maltreatment/M -malty/TR -malware/M -mam/S -mama/MS -mamba/SM -mambo/SGMD -mamma/M -mammal/MS -mammalian/MS -mammary -mammogram/MS -mammography/M -mammon/M -mammoth/M -mammoths -mammy/SM -man's/F -man/USY -manacle/DSMG -manage/ZGDRSL -manageability/M -manageable/U -management/MS -manager/M -manageress/S -managerial -manana/MS -manatee/SM -mandala/SM -mandamus/MS -mandarin/MS -mandate/DSMG -mandatory -mandible/MS -mandibular -mandolin/MS -mandrake/MS -mandrel/SM -mandrill/MS -mane/MDS -manege/M -maneuver/MDGSBJ -maneuverability/M -manful/Y -manga/M -manganese/M -mange/DRMZ -manger/M -mangetout/S -manginess/M -mangle/MZGDRS -mango/M -mangoes -mangrove/MS -mangy/TRP -manhandle/GDS -manhole/SM -manhood/M -manhunt/SM -mania/SM -maniac/MS -maniacal/Y -manic/SM -manically -manicure/MGDS -manicurist/MS -manifest/MDYSG -manifestation/SM -manifesto/SM -manifold/GMDS -manikin/SM -manila/M -manioc/MS -manipulable -manipulate/XGNVDS -manipulation/M -manipulative/Y -manipulator/MS -mankind/M -manky -manlike -manliness/M -manly/UTR -manna/M -manned/U -mannequin/SM -manner/MDYS -mannerism/SM -mannerly/U -manning/U -mannish/YP -mannishness/M -manometer/SM -manor/SM -manorial -manpower/M -manque -mansard/MS -manse/SXMN -manservant/M -mansion/M -manslaughter/M -manta/SM -mantel/MS -mantelpiece/SM -mantelshelf -mantelshelves -mantes -mantilla/SM -mantis/MS -mantissa/SM -mantle's -mantle/EGDS -mantra/MS -manual/MYS -manufacture/DRSMZG -manufacturer/M -manufacturing/M -manumission/SM -manumit/S -manumitted -manumitting -manure/MGDS -manuscript/MS -many/M -map's -map/AS -maple/SM -mapmaker/SM -mapped/A -mapper/MS -mapping/S -mar/S -marabou/MS -marabout/SM -maraca/MS -maraschino/MS -marathon/SMRZ -marathoner/M -maraud/ZGDRS -marauder/M -marble/MGDS -marbleize/GDS -marbling/M -march/ZGMDRS -marcher/M -marchioness/MS -mare/MS -margarine/M -margarita/MS -marge -margin/MS -marginal/YS -marginalia/M -marginalization/M -marginalize/GDS -maria/M -mariachi/MS -marigold/MS -marijuana/M -marimba/SM -marina/MS -marinade/DSMG -marinara/M -marinate/DSGN -marination/M -marine/MZRS -mariner/M -marionette/MS -marital/Y -maritime -marjoram/M -mark/AMDSG -markdown/SM -marked/U -markedly -marker/MS -market/MDRZGBS -marketability/M -marketable/U -marketeer/SM -marketer/M -marketing/M -marketplace/SM -marking/SM -markka/M -markkaa -marksman/M -marksmanship/M -marksmen -markup/MS -marl/M -marlin/MS -marlinespike/SM -marmalade/M -marmoreal -marmoset/SM -marmot/MS -maroon/MDGS -marque/MS -marquee/SM -marquess/MS -marquetry/M -marquis/MS -marquise/M -marquisette/M -marred/U -marriage/ASM -marriageability/M -marriageable -married/SM -marring -marrow/MS -marry/AGDS -marsh/MS -marshal/SMDG -marshland/SM -marshmallow/SM -marshy/RT -marsupial/MS -mart/MNSX -marten/M -martensite -martial/Y -martian/S -martin/MS -martinet/MS -martingale/MS -martini/SM -martyr/MDGS -martyrdom/M -marvel/MDGS -marvelous/Y -marzipan/M -masc -mascara/GMDS -mascot/MS -masculine/SM -masculinity/M -maser/SM -mash/MDRSZG -masher/M -mashup/MS -mask's -mask/UDSG -masker/MS -masochism/M -masochist/SM -masochistic -masochistically -mason/SM -masonic -masonry/M -masque/MS -masquerade/DRSMZG -masquerader/M -mass/MDSGV -massacre/MGDS -massage/DSMG -masseur/SM -masseuse/MS -massif/MS -massive/PY -massiveness/M -mast/MDS -mastectomy/SM -master's -master/ADGS -masterclass/S -masterful/Y -masterly -mastermind/SGMD -masterpiece/MS -masterstroke/SM -masterwork/MS -mastery/M -masthead/MS -mastic/M -masticate/GNDS -mastication/M -mastiff/SM -mastitis -mastodon/SM -mastoid/SM -masturbate/GNDS -masturbation/M -masturbatory -mat/SZGMDR -matador/SM -match/AMS -matchbook/SM -matchbox/MS -matched/U -matching -matchless -matchlock/SM -matchmaker/MS -matchmaking/M -matchstick/MS -matchwood/M -mate/MS -material/SMY -materialism/M -materialist/SM -materialistic -materialistically -materialization/M -materialize/DSG -materiel/M -maternal/Y -maternity/M -matey/S -mathematical/Y -mathematician/SM -mathematics/M -matinee/SM -mating/M -matins/M -matriarch/M -matriarchal -matriarchs -matriarchy/SM -matrices -matricidal -matricide/MS -matriculate/DSGN -matriculation/M -matrimonial -matrimony/M -matrix/M -matron/MYS -matte/DRSMZG -matter/MDG -matting/M -mattock/SM -mattress/MS -maturate/GNDS -maturation/M -mature/YTGDRS -maturity/SM -matzo/SMH -matzoh/M -matzohs -matzot -maudlin -maul/MDRSZG -mauler/M -maunder/SDG -mausoleum/SM -mauve/M -maven/SM -maverick/SM -maw/SM -mawkish/PY -mawkishness/M -max/GMDS -maxi/MS -maxilla/M -maxillae -maxillary -maxim/SM -maxima -maximal/Y -maximization/M -maximize/GDS -maximum/SM -may/M -maybe/SM -mayday/MS -mayflower/MS -mayfly/SM -mayhem/M -mayn't -mayo/M -mayonnaise/M -mayor/SM -mayoral -mayoralty/M -mayoress/MS -maypole/SM -mayst -maze/MS -mazurka/MS -mdse -me/DSH -mead/M -meadow/MS -meadowlark/MS -meager/PY -meagerness/M -meal/MS -mealiness/M -mealtime/SM -mealy/TPR -mealybug/SM -mealymouthed -mean/MRYJPSTG -meander/SMDJG -meanderings/M -meanie/M -meaning/M -meaningful/PY -meaningfulness/M -meaningless/YP -meaninglessness/M -meanness/M -meant/U -meantime/M -meanwhile/M -meany/SM -meas -measles/M -measly/RT -measurable -measurably -measure's -measure/ADSG -measured/U -measureless -measurement/MS -meat/MS -meatball/MS -meathead/MS -meatiness/M -meatless -meatloaf/M -meatloaves -meatpacking/M -meaty/TPR -mecca/SM -mechanic/MS -mechanical/Y -mechanics/M -mechanism/SM -mechanistic -mechanistically -mechanization/M -mechanize/DSG -medal/SM -medalist/MS -medallion/SM -meddle/ZGDRS -meddler/M -meddlesome -media/SM -medial/AY -median/MS -mediate/ADSGN -mediated/U -mediation/AM -mediator/MS -medic/SM -medicaid/M -medical/SMY -medicament/M -medicare/M -medicate/GNXDS -medication/M -medicinal/Y -medicine/MS -medico/MS -medieval -medievalist/MS -mediocre -mediocrity/SM -meditate/DSGNVX -meditation/M -meditative/Y -medium/MS -medley/MS -medulla/SM -medusa -medusae -meed/M -meek/RYPT -meekness/M -meerschaum/SM -meet/MJSG -meeting/M -meetinghouse/SM -meetup/MS -meg/S -mega -megabit/SM -megabucks/M -megabyte/MS -megachurch/MS -megacycle/SM -megadeath/M -megadeaths -megagram/S -megahertz/M -megajoule/S -megalith/M -megalithic -megaliths -megalomania/M -megalomaniac/SM -megalopolis/MS -megameter/S -megapascal/S -megaphone/DSMG -megapixel/SM -megastar/S -megaton/SM -megawatt/MS -meh -meiosis/M -meiotic -melamine/M -melancholia/M -melancholic/S -melancholy/M -melange/MS -melanin/M -melanoma/SM -meld/MDSG -melee/SM -meliorate/GNVDS -melioration/M -mellifluous/PY -mellifluousness/M -mellow/PTGDRYS -mellowness/M -melodic -melodically -melodious/YP -melodiousness/M -melodrama/MS -melodramatic/S -melodramatically -melodramatics/M -melody/SM -melon/SM -melt's -melt/ADSG -meltdown/SM -member's -member/EAS -membership/SM -membrane/SM -membranous -meme/MS -memento/MS -memo/MS -memoir/MS -memorabilia/M -memorability/M -memorable/U -memorably -memorandum/MS -memorial/SM -memorialize/DSG -memorization/M -memorize/DSG -memory/SM -memsahib/S -men/M -menace/MGDS -menacing/Y -menage/MS -menagerie/MS -mend/MDRSZG -mendacious/Y -mendacity/M -mendelevium/M -mender/M -mendicancy/M -mendicant/SM -mending/M -menfolk/MS -menfolks/M -menhaden/M -menial/MYS -meningeal -meninges -meningitis/M -meninx/M -menisci -meniscus/M -menopausal -menopause/M -menorah/M -menorahs -mensch/MS -menservants -menses/M -menstrual -menstruate/GNDS -menstruation/M -mensurable -mensuration/M -menswear/M -mental/Y -mentalist/SM -mentality/SM -menthol/M -mentholated -mention/GSMD -mentioned/U -mentor/MDSG -mentorship -menu/MS -meow/MDSG -mercantile -mercantilism/M -mercenary/SM -mercer/MS -mercerize/GDS -merchandise/MZGDRS -merchandiser/M -merchandising/M -merchant/MBS -merchantman/M -merchantmen -merciful/UY -merciless/PY -mercilessness/M -mercurial/Y -mercuric -mercury/M -mercy/SM -mere/MYTS -meretricious/YP -meretriciousness/M -merganser/MS -merge/DRSZG -merger/M -meridian/MS -meringue/MS -merino/MS -merit/CSM -merited/U -meriting -meritless -meritocracy/SM -meritocratic -meritorious/PY -meritoriousness/M -mermaid/SM -merman/M -mermen -merrily -merriment/M -merriness/M -merry/TRP -merrymaker/MS -merrymaking/M -mesa/MS -mescal/MS -mescalin -mescaline/M -mesdames -mesdemoiselles -mesh/MDSG -mesmeric -mesmerism/M -mesmerize/ZGDRS -mesmerizer/M -mesomorph/M -mesomorphs -meson/SM -mesosphere/SM -mesquite/SM -mess/MDSG -message/MGDS -messeigneurs -messenger/SM -messiah/M -messiahs -messianic -messieurs -messily -messiness/M -messmate/SM -messy/PTR -mestizo/MS -met -meta -metabolic -metabolically -metabolism/SM -metabolite/SM -metabolize/DSG -metacarpal/SM -metacarpi -metacarpus/M -metadata -metal/SMD -metalanguage/MS -metallic -metallurgic -metallurgical -metallurgist/MS -metallurgy/M -metalwork/MRZG -metalworker/M -metalworking/M -metamorphic -metamorphism/M -metamorphose/GDS -metamorphosis/M -metaphor/MS -metaphoric -metaphorical/Y -metaphysical/Y -metaphysics/M -metastases -metastasis/M -metastasize/DSG -metastatic -metatarsal/MS -metatarsi -metatarsus/M -metatheses -metathesis/M -mete/MZGDRS -metempsychoses -metempsychosis/M -meteor/MS -meteoric -meteorically -meteorite/SM -meteoroid/SM -meteorologic -meteorological -meteorologist/SM -meteorology/M -meter/GMD -metformin -methadone/M -methamphetamine/M -methane/M -methanol/M -methinks -method/MS -methodical/YP -methodicalness/M -methodological/Y -methodology/SM -methotrexate -methought -meths -methyl/M -meticulous/YP -meticulousness/M -metier/MS -metric/S -metrical/Y -metricate/GNDS -metrication/M -metricize/GDS -metro/SM -metronome/MS -metropolis/MS -metropolitan -mettle/M -mettlesome -mew/SGMD -mewl/DSG -mews/M -mezzanine/MS -mezzo/SM -mfg -mfr/S -mg -mgr -mi/MNX -miasma/MS -mic/S -mica/M -mice -mick/S -mickey/MS -micro/SM -microaggression/SM -microbe/MS -microbial -microbiological -microbiologist/MS -microbiology/M -microbrewery/SM -microchip/MS -microcircuit/SM -microcode -microcomputer/MS -microcosm/MS -microcosmic -microdot/SM -microeconomics/M -microelectronic/S -microelectronics/M -microfiber/MS -microfiche/M -microfilm/GMDS -microfinance -microfloppies -microgroove/SM -microlight/MS -microloan/MS -micromanage/ZGDRSL -micromanagement/M -micromanager/M -micrometeorite/SM -micrometer/MS -micron/MS -microorganism/MS -microphone/SM -microplastics -microprocessor/MS -microscope/SM -microscopic -microscopical/Y -microscopy/M -microsecond/MS -microsurgery/M -microwave/DSMGB -microwaveable -mid -midair/M -midday/M -midden/MS -middle/MGS -middlebrow/SM -middleman/M -middlemen -middlemost -middleweight/MS -middy/SM -midfield/RZ -midge/SM -midget/MS -midi/MS -midland/MS -midlife/M -midmost -midnight/M -midpoint/MS -midrib/MS -midriff/MS -midsection/MS -midshipman/M -midshipmen -midships -midsize -midst/M -midstream/M -midsummer/M -midterm/MS -midtown/M -midway/MS -midweek/MS -midwife/MGDS -midwifery/SM -midwinter/M -midwives -midyear/MS -mien/M -miff/DSG -might've -might/M -mightily -mightiness/M -mightn't -mighty/TRP -mignonette/SM -migraine/MS -migrant/MS -migrate/AGDS -migration/SM -migratory -mikado/MS -mike/MGDS -mil/SZMR -milady/SM -milch -mild/MRYTP -mildew/SMDG -mildness/M -mile/MS -mileage/SM -milepost/MS -miler/M -milestone/MS -milf/MS -milieu/SM -militancy/M -militant/MYS -militarily -militarism/M -militarist/SM -militaristic -militarization/CM -militarize/CDSG -military/M -militate/GDS -militia/SM -militiaman/M -militiamen -milk/MDRSZG -milker/M -milkiness/M -milkmaid/MS -milkman/M -milkmen -milkshake/SM -milksop/MS -milkweed/SM -milky/RTP -mill/MDRSZGJ -millage/M -millennia -millennial/M -millennium/MS -miller/M -millet/M -milliard/MS -millibar/MS -milligram/MS -milliliter/MS -millimeter/MS -milliner/MS -millinery/M -milling/M -million/HSM -millionaire/SM -millionairess/S -millionth/M -millionths -millipede/SM -millisecond/SM -millpond/SM -millrace/SM -millstone/SM -millstream/MS -millwright/SM -milometer/S -milquetoast/SM -milt/MDSG -mime/MGDS -mimeograph/GMD -mimeographs -mimetic -mimic/SM -mimicked -mimicker/SM -mimicking -mimicry/SM -mimosa/SM -min -minaret/MS -minatory -mince/DRSMZG -mincemeat/M -mincer/M -mind's -mind/ADRSZG -mindbogglingly -minded/P -mindful/YP -mindfulness/M -mindless/YP -mindlessness/M -mindset/MS -mine/MZGNDRSX -minefield/SM -miner/M -mineral/MS -mineralogical -mineralogist/MS -mineralogy/M -minestrone/M -minesweeper/SM -mingle/DSG -mingy -mini/MS -miniature/MS -miniaturist/MS -miniaturization/M -miniaturize/GDS -minibar/S -minibike/SM -minibus/MS -minicab/S -minicam/MS -minicomputer/SM -minifloppies -minim/SM -minima -minimal/Y -minimalism/M -minimalist/MS -minimization/M -minimize/DSG -minimum/MS -mining/M -minion/M -miniseries/M -miniskirt/MS -minister/SGMD -ministerial -ministrant/MS -ministration/MS -ministry/SM -minivan/MS -mink/MS -minnesinger/MS -minnow/SM -minor/SMDG -minority/SM -minoxidil/M -minster/MS -minstrel/SM -minstrelsy/M -mint/MDRSZG -mintage/M -minter/M -minty/RT -minuend/MS -minuet/SM -minus/MS -minuscule/MS -minute/PDRSMYTG -minuteman/M -minutemen -minuteness/M -minutia/M -minutiae -minx/MS -miracle/MS -miraculous/Y -mirage/SM -mire/MGDS -mirror/GSMD -mirth/M -mirthful/PY -mirthfulness/M -mirthless/Y -miry/RT -misaddress/DSG -misadventure/MS -misaligned -misalignment/M -misalliance/MS -misanthrope/SM -misanthropic -misanthropically -misanthropist/MS -misanthropy/M -misapplication/M -misapply/DSGNX -misapprehend/GSD -misapprehension/MS -misappropriate/XDSGN -misappropriation/M -misbegotten -misbehave/GDS -misbehavior/M -misc -miscalculate/DSXGN -miscalculation/M -miscall/DSG -miscarriage/MS -miscarry/GDS -miscast/SG -miscegenation/M -miscellaneous/Y -miscellany/SM -mischance/SM -mischief/M -mischievous/YP -mischievousness/M -miscibility/M -miscible -misclassified -miscommunication/S -misconceive/GDS -misconception/SM -misconduct/MDGS -misconstruction/MS -misconstrue/GDS -miscount/MDSG -miscreant/SM -miscue/DSMG -misdeal/GMS -misdealt -misdeed/MS -misdemeanor/MS -misdiagnose/GDS -misdiagnosis/M -misdid -misdirect/SDG -misdirection/M -misdo/JG -misdoes -misdoing/M -misdone -miser/SBMY -miserableness/M -miserably -miserliness/M -misery/SM -misfeasance/M -misfeature/S -misfile/GDS -misfire/MGDS -misfit/SM -misfitted -misfitting -misfortune/SM -misgiving/MS -misgovern/SDGL -misgovernment/M -misguidance/M -misguide/DSG -misguided/Y -mishandle/DSG -mishap/SM -mishear/GS -misheard -mishit/S -mishitting -mishmash/MS -misidentify/GDS -misinform/DGS -misinformation/M -misinterpret/SGD -misinterpretation/SM -misjudge/DSG -misjudgment/SM -mislabel/GSD -mislaid -mislay/GS -mislead/GS -misleading/Y -misled -mismanage/LGDS -mismanagement/M -mismatch/GMDS -misname/GDS -misnomer/MS -misogamist/MS -misogamy/M -misogynist/SM -misogynistic -misogynous -misogyny/M -misplace/GLDS -misplacement/M -misplay/GMDS -misprint/GMDS -misprision/M -mispronounce/DSG -mispronunciation/SM -misquotation/MS -misquote/MGDS -misread/GJS -misreading/M -misremember/GDS -misreport/MDGS -misrepresent/GDS -misrepresentation/MS -misrule/MGDS -miss's -miss/EDSGV -missal/ESM -missed/U -misshape/GDS -misshapen -missile/MS -missilery/M -mission/AMS -missionary/SM -missioner/SM -missive/MS -misspeak/GS -misspell/GDJS -misspelling/M -misspend/GS -misspent -misspoke -misspoken -misstate/GDSL -misstatement/SM -misstep/MS -missus/MS -mist's -mist/CDRSZG -mistakable/U -mistake/BMGS -mistaken/Y -mister's -mistily -mistime/GDS -mistiness/M -mistletoe/M -mistook -mistral/MS -mistranslated -mistreat/LDGS -mistreatment/M -mistress/MS -mistrial/MS -mistrust/MDSG -mistrustful/Y -misty/PRT -mistype/GS -misunderstand/SGJ -misunderstanding/M -misunderstood -misuse/DSMG -mite/MZRS -miter/MDG -mitigate/DSGN -mitigated/U -mitigation/M -mitochondria -mitochondrial -mitochondrion -mitoses -mitosis/M -mitotic -mitral -mitt/MNSX -mitten/M -mitzvah -mix/ZGMDRSB -mixed/U -mixer/M -mixture/SM -mizzen/MS -mizzenmast/SM -mkay -mks -ml -mm -mnemonic/MS -mnemonically -mo/CKHS -moan/MDRSZG -moaner/M -moat/MDS -mob's -mob/CS -mobbed/C -mobbing/C -mobile/MS -mobility/M -mobilization/CM -mobilizations -mobilize/CDSG -mobilizer/SM -mobster/SM -moccasin/SM -mocha/SM -mock/DRSZG -mocker/M -mockery/SM -mocking/Y -mockingbird/SM -mod/STM -modal/SM -modality/S -modded -modding -mode/MS -model/ZGSJMDR -modeler/M -modeling/M -modem/SM -moderate/MYGNPDS -moderateness/M -moderation/M -moderator/SM -modern/MYPS -modernism/M -modernist/SM -modernistic -modernity/M -modernization/M -modernize/DRSZG -modernizer/M -modernness/M -modest/Y -modesty/M -modicum/SM -modifiable -modification/M -modified/U -modifier/M -modify/DRSXZGN -modish/YP -modishness/M -modular -modularization -modulate/CGNDS -modulation/CM -modulations -modulator/MS -module/MS -modulo -modulus -moggy -mogul/SM -mohair/M -moi -moiety/SM -moil/MDSG -moire/SM -moist/XTPNRY -moisten/DRZG -moistener/M -moistness/M -moisture/M -moisturize/ZGDRS -moisturizer/M -molar/SM -molasses/M -mold/MDRJSZG -moldboard/SM -molder/GMD -moldiness/M -molding/M -moldy/TPR -mole/MS -molecular -molecularity/M -molecule/SM -molehill/SM -moleskin/M -molest/DRZGS -molestation/M -molested/U -molester/M -moll/MS -mollification/M -mollify/DSNG -molluscan -mollusk/SM -molly/SM -mollycoddle/DSMG -molt/MDNRSZG -molter/M -molybdenum/M -mom/SM -moment/MS -momenta -momentarily -momentariness/M -momentary/P -momentous/PY -momentousness/M -momentum/M -mommy/SM -monad -monarch/M -monarchic -monarchical -monarchism/M -monarchist/MS -monarchistic -monarchs -monarchy/SM -monastery/SM -monastic/MS -monastical/Y -monasticism/M -monaural -monetarily -monetarism/M -monetarist/MS -monetary -monetization/C -monetize/CGDS -money/SMD -moneybag/MS -moneybox/S -moneylender/SM -moneymaker/SM -moneymaking/M -monger/MDGS -mongol/S -mongolism/M -mongoloid/MS -mongoose/MS -mongrel/SM -monies -moniker/SM -monism/M -monist/MS -monition/SM -monitor/SMDG -monitory -monk/MS -monkey/MDGS -monkeyshine/SM -monkish -monkshood/SM -mono/M -monochromatic -monochrome/MS -monocle/DSM -monoclonal -monocotyledon/SM -monocotyledonous -monocular -monodic -monodist/SM -monody/SM -monogamist/MS -monogamous/Y -monogamy/M -monogram/SM -monogrammed -monogramming -monograph/M -monographs -monolingual/MS -monolith/M -monolithic -monoliths -monologist/SM -monologue/SM -monomania/M -monomaniac/MS -monomaniacal -monomer/SM -mononucleosis/M -monophonic -monoplane/SM -monopolist/SM -monopolistic -monopolization/M -monopolize/DRSZG -monopolizer/M -monopoly/SM -monorail/MS -monosyllabic -monosyllable/MS -monotheism/M -monotheist/SM -monotheistic -monotone/MS -monotonic -monotonically -monotonous/PY -monotonousness/M -monotony/M -monounsaturated -monoxide/MS -monseigneur/M -monsieur/M -monsignor/SM -monsoon/SM -monsoonal -monster/SM -monstrance/ASM -monstrosity/SM -monstrous/Y -montage/SM -month/MY -monthly/SM -months -monument/MS -monumental/Y -moo/SGMD -mooch/ZGMDRS -moocher/M -mood/MS -moodily -moodiness/M -moody/TPR -moon/MDSG -moonbeam/MS -moonless -moonlight/SMDRZG -moonlighter/M -moonlighting/M -moonlit -moonscape/SM -moonshine/MZRS -moonshiner/M -moonshot/MS -moonstone/MS -moonstruck -moonwalk/MS -moor/MDJSG -moorhen/S -mooring/M -moorland/MS -moose/M -moot/DSG -mop/SZGMDR -mope/MS -moped/SM -moper/M -mopey -mopier -mopiest -mopish -mopped -moppet/MS -mopping -moraine/SM -moral/SMY -morale/M -moralism -moralist/MS -moralistic -moralistically -moralities -morality/UM -moralization/CM -moralize/CGDS -moralizer/MS -morass/MS -moratorium/SM -moray/SM -morbid/YP -morbidity/M -morbidness/M -mordancy/M -mordant/SMY -more/MS -moreish -morel/SM -moreover -mores/M -morgue/MS -moribund -morn/MJSG -morning/M -morocco/M -moron/SM -moronic -moronically -morose/YP -moroseness/M -morph/GD -morpheme/MS -morphemic -morphia/M -morphine/M -morphing/M -morphological -morphology/M -morphs -morrow/MS -morsel/MS -mortal/MYS -mortality/M -mortar/MDSG -mortarboard/SM -mortgage's -mortgage/AGDS -mortgagee/MS -mortgagor/MS -mortician/MS -mortification/M -mortify/NGDS -mortise/DSMG -mortuary/SM -mosaic/MS -mosey/SGD -mosh/DSG -mosque/MS -mosquito/M -mosquitoes -moss/MS -mossback/SM -mossy/TR -most/MY -mot/SM -mote's -mote/KCXSVN -motel/SM -motet/SM -moth/M -mothball/GMDS -mother/MDYSG -motherboard/SM -motherfucker/MS! -motherfucking/! -motherhood/M -motherland/MS -motherless -motherliness/M -moths -motif/SM -motile/S -motility/M -motion/KCM -motioned -motioning -motionless/YP -motionlessness/M -motivate/CDSG -motivated/U -motivation/SM -motivational -motivator/SM -motive/MS -motiveless -motley/MS -motlier -motliest -motocross/MS -motor/SGMD -motorbike/MGDS -motorboat/MS -motorcade/MS -motorcar/SM -motorcycle/DSMG -motorcyclist/MS -motorist/SM -motorization/M -motorize/DSG -motorman/M -motormen -motormouth/M -motormouths -motorway/SM -mottle/GDS -motto/M -mottoes -moue/MS -mound/SGMD -mount/EASGMD -mountable -mountain/SM -mountaineer/SMDG -mountaineering/M -mountainous -mountainside/SM -mountaintop/SM -mountebank/MS -mounted/U -mounter/MS -mounting/SM -mourn/SZGDR -mourned/U -mourner/M -mournful/YP -mournfulness/M -mourning/M -mouse/DRSMZG -mouser/M -mousetrap/SM -mousetrapped -mousetrapping -mousiness/M -moussaka/S -mousse/MGDS -mousy/PTR -mouth/GMD -mouthfeel -mouthful/MS -mouthiness/M -mouthpiece/MS -mouths -mouthwash/MS -mouthwatering -mouthy/PTR -mouton/M -movable/SM -move/AMZGDRSB -moved/U -movement/SM -mover/AM -movie/SM -moviegoer/SM -moving/Y -mow/SZGMDR -mower/M -moxie/M -mozzarella/M -mp -mpg -mph -mt -mtg -mtge -mu/SM -much/M -mucilage/M -mucilaginous -muck/MDSG -muckrake/DRSZG -muckraker/M -mucky/TR -mucous -mucus/M -mud/M -muddily -muddiness/M -muddle/MGDS -muddleheaded -muddy/PTGDRS -mudflap/S -mudflat/MS -mudguard/SM -mudpack/S -mudroom/MS -mudslide/MS -mudslinger/SM -mudslinging/M -muenster/M -muesli -muezzin/MS -muff/MDSG -muffin/MS -muffle/ZGDRS -muffler/M -mufti/SM -mug/SM -mugful/MS -mugged -mugger/MS -mugginess/M -mugging/MS -muggins -muggle/MS -muggy/PTR -mugshot/MS -mugwump/MS -mujaheddin -mukluk/MS -mulatto/M -mulattoes -mulberry/SM -mulch/GMDS -mulct/SGMD -mule/MS -muleskinner/MS -muleteer/MS -mulish/PY -mulishness/M -mull/DSG -mullah/M -mullahs -mullein/M -mullet/MS -mulligan/SM -mulligatawny/M -mullion/SMD -multi -multicellular -multichannel -multicolored -multicultural -multiculturalism/M -multidimensional -multidisciplinary -multifaceted -multifamily -multifarious/PY -multifariousness/M -multiform -multigrain -multilateral/Y -multilayered -multilevel -multilingual -multilingualism/M -multimedia/M -multimillionaire/SM -multinational/SM -multipart -multiparty -multiplayer/M -multiple/MS -multiplex/ZGMDRS -multiplexer/M -multiplicand/MS -multiplication/M -multiplicative -multiplicity/SM -multiplier/M -multiply/NZGDRSX -multiprocessing -multiprocessor/SM -multipurpose -multiracial -multistage -multistory -multitask/GS -multitasking/M -multitude/SM -multitudinous -multivariate -multiverse/SM -multivitamin/MS -multiyear -mum -mumble/MZGDRS -mumbler/M -mumbletypeg/M -mummer/MS -mummery/M -mummification/M -mummify/GNDS -mummy/SM -mumps/M -mun -munch/GDS -munchie/S -munchies/M -munchkin/SM -mundane/SY -mung/DSG -municipal/SMY -municipality/SM -munificence/M -munificent/Y -munition/MDGS -mural/SM -muralist/SM -murder/ZGMDRS -murderer/M -murderess/MS -murderous/Y -murk/MS -murkily -murkiness/M -murky/PTR -murmur/ZGJMDRS -murmurer/M -murmuring/M -murmurous -murrain/M -muscat/MS -muscatel/SM -muscle/MGDS -musclebound -muscleman -musclemen -muscly -muscular/Y -muscularity/M -musculature/M -musculoskeletal -muse/MGDSJ -musette/MS -museum/MS -mush/MDRSZG -mushiness/M -mushroom/GSMD -mushy/PTR -music/SM -musical/MYS -musicale/MS -musicality/M -musician/SMY -musicianship/M -musicological -musicologist/MS -musicology/M -musing/MY -musk/M -muskeg/MS -muskellunge/MS -musket/MS -musketeer/MS -musketry/M -muskie/M -muskiness/M -muskmelon/SM -muskox/MN -muskrat/MS -musky/PTRS -muslin/M -muss/MDSG -mussel/MS -mussy/TR -must've -must/MRSZ -mustache/MDS -mustachio/SMD -mustang/MS -mustard/M -muster/GMD -mustily -mustiness/M -mustn't -musty/PTR -mutability/M -mutably -mutagen/MS -mutagenic -mutant/MS -mutate/XGNVDS -mutation/M -mutational -mute/MYTGDRSPB -muteness/M -mutilate/DSGNX -mutilation/M -mutilator/SM -mutineer/SM -mutinous/Y -mutiny/GDSM -mutt/MS -mutter/ZGJMDRS -mutterer/M -muttering/M -mutton/M -muttonchops/M -muttony -mutual/Y -mutuality/M -muumuu/MS -muzak -muzzily -muzzle/DSMG -muzzy/P -my -mycologist/SM -mycology/M -myelitis/M -myna/MS -myocardial -myocardium -myopia/M -myopic -myopically -myriad/SM -myrmidon/MS -myrrh/M -myrtle/SM -mys -myself -mysterious/PY -mysteriousness/M -mystery/SM -mystic/SM -mystical/Y -mysticism/M -mystification/CM -mystify/CDSGN -mystique/M -myth/M -mythic -mythical -mythological -mythologist/SM -mythologize/DSG -mythology/SM -myths -myxomatosis -n/IKTH -naan/S -nab/S -nabbed -nabbing -nabob/SM -nacelle/SM -nacho/SM -nacre/M -nacreous -nadir/SM -nae -naff/RT -nag/SM -nagged -nagger/MS -nagging -nagware -nah -naiad/SM -naif/MS -nail/MDSG -nailbrush/MS -naive/RYT -naivete/M -naivety/M -naked/PY -nakedness/M -name's -name/AGDS -nameable/U -named/U -nameless/Y -namely -nameplate/MS -namesake/SM -nanny/SM -nanobot/S -nanometer/S -nanosecond/SM -nanotechnology/SM -nanotube -nap/SM -napalm/MDSG -nape/MS -naphtha/M -naphthalene/M -napkin/MS -napless -napoleon/SM -napped -napper/MS -napping -nappy/TRSM -narc/MS -narcissism/M -narcissist/MS -narcissistic -narcissus/M -narcolepsy/M -narcoleptic -narcoses -narcosis/M -narcotic/SM -narcotization/M -narcotize/GDS -nark -narky -narrate/GNVDSX -narration/M -narrative/SM -narrator/SM -narrow/PTGMDRYS -narrowness/M -narwhal/MS -nary -nasal/SMY -nasality/M -nasalization/M -nasalize/DSG -nascence/AM -nascent/A -nastily -nastiness/M -nasturtium/SM -nasty/PTR -natal -natch -nation/MS -national/MYS -nationalism/M -nationalist/SM -nationalistic -nationalistically -nationality/SM -nationalization/MS -nationalize/CDSG -nationhood/M -nationwide -native/MS -nativity/SM -natl -natter/GMDS -nattily -nattiness/M -natty/PTR -natural's -natural/UPY -naturalism/M -naturalist/SM -naturalistic -naturalization/M -naturalize/DSG -naturalness/UM -naturals -nature's -nature/CS -naturism -naturist/S -naught/MS -naughtily -naughtiness/M -naughty/PTR -nausea/M -nauseam -nauseate/GDS -nauseating/Y -nauseous/PY -nauseousness/M -nautical/Y -nautilus/MS -naval -nave/MS -navel/SM -navigability/M -navigable -navigate/DSGN -navigation/M -navigational -navigator/MS -navvy/S -navy/SM -nay/SM -naysayer/MS -ne'er -neanderthal/MS -neap/MS -near/DRYSPTG -nearby -nearness/M -nearshore -nearside -nearsighted/YP -nearsightedness/M -neat/NRYPXT -neaten/GD -neath -neatness/M -nebula/M -nebulae -nebular -nebulous/PY -nebulousness/M -necessarily/U -necessary/SM -necessitate/DSG -necessitous -necessity/SM -neck/MDSG -neckband/S -neckerchief/MS -necking/M -necklace/MGDSJ -neckline/MS -necktie/MS -necrology/M -necromancer/SM -necromancy/M -necrophilia -necrophiliac/S -necropolis/MS -necroses -necrosis/M -necrotic -nectar/M -nectarine/MS -nee -need/MDSG -needed/U -needful/Y -neediness/M -needle/MGDS -needlepoint/M -needless/YP -needlessness/M -needlewoman/M -needlewomen -needlework/M -needn't -needy/PTR -nefarious/YP -nefariousness/M -neg -negate/DSGNVX -negation/M -negative/MYGPDS -negativeness/M -negativism/M -negativity/M -neglect/SGMD -neglectful/YP -neglectfulness/M -negligee/MS -negligence/M -negligent/Y -negligible -negligibly -negotiability/M -negotiable/A -negotiate/ADSGN -negotiation/AM -negotiations -negotiator/MS -negritude/M -negro -negroid -neigh/MDG -neighbor/SMDYG -neighborhood/SM -neighborliness/M -neighs -neither -nelson/SM -nematode/SM -nemeses -nemesis/M -neoclassic -neoclassical -neoclassicism/M -neocolonialism/M -neocolonialist/MS -neocon/SM -neoconservative/SM -neocortex -neodymium/M -neolithic -neologism/SM -neon/M -neonatal -neonate/MS -neophilia -neophyte/MS -neoplasm/MS -neoplastic -neoprene/M -nepenthe/M -nephew/SM -nephrite/M -nephritic -nephritis/M -nephropathy -nepotism/M -nepotist/SM -nepotistic -neptunium/M -nerd/MS -nerdy/RT -nerve's -nerve/UDSG -nerveless/YP -nervelessness/M -nerviness/M -nervous/YP -nervousness/M -nervy/TPR -nest/MDSG -nestle/GJDS -nestling/M -net/SM -netball -netbook/MS -nether -nethermost -netherworld/M -netiquette/S -netted -netter/S -netting/M -nettle/MGDS -nettlesome -network/SGMD -networking/M -neural/Y -neuralgia/M -neuralgic -neurasthenia/M -neurasthenic/MS -neuritic/MS -neuritis/M -neurological/Y -neurologist/SM -neurology/M -neuron/MS -neuronal -neuroscience -neuroses -neurosis/M -neurosurgeon/MS -neurosurgery/M -neurosurgical -neurotic/MS -neurotically -neuroticism -neurotransmitter/SM -neut -neuter/MDGS -neutral/SMY -neutralism/M -neutralist/SM -neutrality/M -neutralization/M -neutralize/DRSZG -neutralizer/M -neutrino/SM -neutron/SM -never -nevermore -nevertheless -nevi -nevus/M -new/STMRYP -newbie/MS -newborn/SM -newcomer/SM -newel/SM -newfangled -newfound -newline/S -newlywed/SM -newness/M -news/M -newsagent/S -newsboy/SM -newscast/SMRZ -newscaster/M -newsdealer/SM -newsflash/S -newsgirl/SM -newsgroup/MS -newshound/S -newsletter/MS -newsman/M -newsmen -newspaper/MS -newspaperman/M -newspapermen -newspaperwoman/M -newspaperwomen -newspeak -newsprint/M -newsreader/S -newsreel/MS -newsroom/MS -newsstand/SM -newsweekly/SM -newswoman/M -newswomen -newsworthiness/M -newsworthy/P -newsy/TR -newt/MS -newton/MS -next/M -nexus/MS -niacin/M -nib/SM -nibble/MZGDRS -nibbler/M -nice/PYTR -niceness/M -nicety/SM -niche/SM -nick/MDRSZG -nickel/MS -nickelodeon/SM -nicker/MDG -nickle/S -nickname/DSMG -nicotine/M -niece/SM -nifedipine -niff -niffy -nifty/TR -nigga/MS! -niggard/SMY -niggardliness/M -niggaz/! -nigger/SM! -niggle/MZGDRS -niggler/M -nigh/RT -night/SMY -nightcap/SM -nightclothes/M -nightclub/SM -nightclubbed -nightclubbing -nightdress/MS -nightfall/M -nightgown/SM -nighthawk/SM -nightie/SM -nightingale/SM -nightlife/M -nightlight/S -nightlong -nightmare/SM -nightmarish -nightshade/SM -nightshirt/SM -nightspot/MS -nightstand/SM -nightstick/SM -nighttime/M -nightwatchman -nightwatchmen -nightwear/M -nihilism/M -nihilist/MS -nihilistic -nil/M -nimbi -nimble/TPR -nimbleness/M -nimbly -nimbus/M -nimby -nimrod/MS -nincompoop/SM -nine/MS -ninepin/MS -ninepins/M -nineteen/SMH -nineteenth/M -nineteenths -ninetieth/M -ninetieths -ninety/HSM -ninja/SM -ninny/SM -ninth/M -ninths -niobium/M -nip/SM -nipped -nipper/MS -nippiness/M -nipping -nipple/MS -nippy/TPR -nirvana/M -nisei/M -nit/SMR -niter/M -nitpick/SZGDR -nitpicker/M -nitpicking/M -nitrate/DSMGN -nitration/M -nitric -nitrification/M -nitrite/SM -nitro -nitrocellulose/M -nitrogen/M -nitrogenous -nitroglycerin/M -nitwit/MS -nix/GMDS -no/SM -nob/SY -nobble/GDS -nobelium/M -nobility/M -noble/RSPMT -nobleman/M -noblemen -nobleness/M -noblewoman/M -noblewomen -nobody/SM -nocturnal/Y -nocturne/MS -nod/SM -nodal -nodded -nodding -noddle/MS -noddy -node/MS -nodular -nodule/MS -noel/MS -noes -noggin/MS -nohow -noise/DSMG -noiseless/PY -noiselessness/M -noisemaker/MS -noisily -noisiness/M -noisome -noisy/PTR -nomad/SM -nomadic -nomenclature/MS -nominal/Y -nominate/ACGNVDS -nomination's/A -nomination/CSM -nominative/SM -nominator/CSM -nominee/MS -non -nonabrasive -nonabsorbent/SM -nonacademic -nonacceptance/M -nonacid -nonactive/MS -nonaddictive -nonadhesive -nonadjacent -nonadjustable -nonadministrative -nonage/MS -nonagenarian/MS -nonaggression/M -nonalcoholic -nonaligned -nonalignment/M -nonallergic -nonappearance/MS -nonassignable -nonathletic -nonattendance/M -nonautomotive -nonavailability/M -nonbasic -nonbeliever/MS -nonbelligerent/MS -nonbinding -nonbreakable -nonburnable -noncaloric -noncancerous -nonce/M -nonchalance/M -nonchalant/Y -nonchargeable -nonclerical/MS -nonclinical -noncollectable -noncom/MS -noncombat -noncombatant/MS -noncombustible -noncommercial/MS -noncommittal/Y -noncommunicable -noncompeting -noncompetitive -noncompliance/M -noncomplying -noncomprehending -nonconducting -nonconductor/MS -nonconforming -nonconformism -nonconformist/MS -nonconformity/M -nonconsecutive -nonconstructive -noncontagious -noncontinuous -noncontributing -noncontributory -noncontroversial -nonconvertible -noncooperation/M -noncorroding -noncorrosive -noncredit -noncriminal/SM -noncritical -noncrystalline -noncumulative -noncustodial -nondairy -nondeductible/M -nondelivery/SM -nondemocratic -nondenominational -nondepartmental -nondepreciating -nondescript -nondestructive -nondetachable -nondeterminism -nondeterministic -nondisciplinary -nondisclosure/M -nondiscrimination/M -nondiscriminatory -nondramatic -nondrinker/MS -nondrying -none -noneducational -noneffective -nonelastic -nonelectric -nonelectrical -nonempty -nonenforceable -nonentity/SM -nonequivalent/MS -nonessential -nonesuch/MS -nonetheless -nonevent/MS -nonexchangeable -nonexclusive -nonexempt/M -nonexistence/M -nonexistent -nonexplosive/MS -nonfactual -nonfading -nonfat -nonfatal -nonfattening -nonferrous -nonfiction/M -nonfictional -nonflammable -nonflowering -nonfluctuating -nonflying -nonfood/M -nonfreezing -nonfunctional -nongovernmental -nongranular -nonhazardous -nonhereditary -nonhuman -nonidentical -noninclusive -nonindependent -nonindustrial -noninfectious -noninflammatory -noninflationary -noninflected -nonintellectual/MS -noninterchangeable -noninterference/M -nonintervention/M -nonintoxicating -noninvasive -nonirritating -nonissue -nonjudgmental -nonjudicial -nonlegal -nonlethal -nonlinear -nonliterary -nonliving/M -nonmagnetic -nonmalignant -nonmember/MS -nonmetal/SM -nonmetallic -nonmigratory -nonmilitant -nonmilitary -nonnarcotic/SM -nonnative/MS -nonnegotiable -nonnuclear -nonnumerical -nonobjective -nonobligatory -nonobservance/M -nonobservant -nonoccupational -nonoccurence -nonofficial -nonoperational -nonoperative -nonparallel/MS -nonpareil/MS -nonparticipant/MS -nonparticipating -nonpartisan/SM -nonpaying -nonpayment/SM -nonperformance/M -nonperforming -nonperishable -nonperson/MS -nonphysical/Y -nonplus/S -nonplussed -nonplussing -nonpoisonous -nonpolitical -nonpolluting -nonporous -nonpracticing -nonprejudicial -nonprescription -nonproductive -nonprofessional/SM -nonprofit/SMB -nonproliferation/M -nonpublic -nonpunishable -nonracial -nonradioactive -nonrandom -nonreactive -nonreciprocal/SM -nonreciprocating -nonrecognition/M -nonrecoverable -nonrecurring -nonredeemable -nonrefillable -nonrefundable -nonreligious -nonrenewable -nonrepresentational -nonresident/MS -nonresidential -nonresidual/M -nonresistance/M -nonresistant -nonrestrictive -nonreturnable/MS -nonrhythmic -nonrigid -nonsalaried -nonscheduled -nonscientific -nonscoring -nonseasonal -nonsectarian -nonsecular -nonsegregated -nonsense/M -nonsensical/Y -nonsensitive -nonsexist -nonsexual -nonskid -nonslip -nonsmoker/SM -nonsmoking -nonsocial -nonspeaking -nonspecialist/MS -nonspecializing -nonspecific -nonspiritual/SM -nonstaining -nonstandard -nonstarter/MS -nonstick -nonstop -nonstrategic -nonstriking -nonstructural -nonsuccessive -nonsupport/GM -nonsurgical -nonsustaining -nonsympathizer/M -nontarnishable -nontaxable -nontechnical -nontenured -nontheatrical -nonthinking -nonthreatening -nontoxic -nontraditional -nontransferable -nontransparent -nontrivial -nontropical -nonuniform -nonunion -nonuser/MS -nonvenomous -nonverbal -nonviable -nonviolence/M -nonviolent/Y -nonvirulent -nonvocal -nonvocational -nonvolatile -nonvoter/MS -nonvoting -nonwhite/MS -nonworking -nonyielding -nonzero -noodle/MGDS -nook/MS -nookie -nooky -noon/M -noonday/M -noontide/M -noontime/M -noose/SM -nope -nor -nor'easter -norm/MS -normal/MY -normalcy/M -normality/M -normalization/M -normalize/DSG -normative -north/ZMR -northbound -northeast/MRZ -northeaster/MY -northeastern -northeastward/S -norther/MY -northerly/SM -northern/ZR -northerner/M -northernmost -northward/S -northwest/ZMR -northwester/MY -northwestern -northwestward/S -nose/MGDS -nosebag/S -nosebleed/MS -nosecone/SM -nosedive/DSMG -nosegay/SM -nosh/MDRSZG -nosher/M -nosily -nosiness/M -nostalgia/M -nostalgic -nostalgically -nostril/MS -nostrum/MS -nosy/RPT -not/B -notability/SM -notable/SM -notably -notarial -notarization/M -notarize/GDS -notary/SM -notate/GDS -notation/FCSM -notch/GMDS -note's -note/FCSDG -notebook/MS -notelet/S -notepad/S -notepaper/M -noteworthiness/M -noteworthy/P -nothing/PSM -nothingness/M -notice/MGDS -noticeable/U -noticeably -noticeboard/S -noticed/U -notifiable -notification/M -notifier/M -notify/NDRSXZG -notion/MS -notional/Y -notoriety/M -notorious/Y -notwithstanding -notwork/S -nougat/MS -noun/KMS -nourish/DSLG -nourishment/M -nous -nova/MS -novae -novel/SM -novelette/SM -novelist/SM -novelization/MS -novelize/DSG -novella/MS -novelty/SM -novena/MS -novene -novice/MS -novitiate/MS -now/M -nowadays/M -noway/S -nowhere/M -nowise -nowt -noxious -nozzle/MS -nu/SM -nuance/MDS -nub/SM -nubbin/MS -nubby/TR -nubile -nuclear/K -nucleate/DSGN -nucleation/M -nuclei -nucleic -nucleoli -nucleolus/M -nucleon/SM -nucleoside -nucleotide -nucleus/M -nude/MTRS -nudge/GDSM -nudism/M -nudist/SM -nudity/M -nugatory -nugget/SM -nuisance/MS -nuke/MGDS -null/S -nullification/M -nullify/NDSG -nullity/M -numb/ZTGPDRYS -number's -number/ASDG -numbered/U -numberless -numbness/M -numerable/I -numeracy/IM -numeral/SM -numerate/XGNDS -numeration/M -numerator/MS -numeric -numerical/Y -numerologist/MS -numerology/M -numerous/Y -numinous -numismatic/S -numismatics/M -numismatist/SM -numskull/MS -nun/SM -nuncio/SM -nunnery/SM -nuptial/MS -nurse/MZGDRS -nurselings -nursemaid/MS -nurser/M -nursery/SM -nurseryman/M -nurserymen -nursing/M -nursling/SM -nurture/DRSMZG -nurturer/M -nut/SM -nutcase/S -nutcracker/MS -nuthatch/MS -nuthouse/S -nutmeat/SM -nutmeg/SM -nutpick/SM -nutria/SM -nutrient/MS -nutriment/MS -nutrition/M -nutritional/Y -nutritionist/SM -nutritious/YP -nutritiousness/M -nutritive -nutshell/MS -nutted -nutter/S -nuttiness/M -nutting -nutty/RTP -nuzzle/DRSMZG -nuzzler/M -nybble/S -nylon/MS -nylons/M -nymph/M -nymphet/MS -nympho/S -nymphomania/M -nymphomaniac/SM -nymphs -o -o'clock -o'er -oaf/SM -oafish/PY -oafishness/M -oak/SMN -oakum/M -oar/SGMD -oarlock/SM -oarsman/M -oarsmen -oarswoman/M -oarswomen -oases -oasis/M -oat/SMN -oatcake/SM -oath/M -oaths -oatmeal/M -oats/M -ob/S -obbligato/MS -obduracy/M -obdurate/PY -obdurateness/M -obedience/EM -obedient/EY -obeisance/SM -obeisant -obelisk/MS -obese -obesity/M -obey/EDSG -obfuscate/GNXDS -obfuscation/M -obi/SM -obit/MS -obituary/SM -obj -object/SGVMD -objectify/NGDS -objection/SMB -objectionable/U -objectionably -objective/SMYP -objectiveness/M -objectivity/M -objector/MS -objurgate/XGNDS -objurgation/M -oblate/NX -oblation/M -obligate/DSXGN -obligation/M -obligatorily -obligatory -oblige/EGDS -obliging/Y -oblique/SMYP -obliqueness/M -obliquity/M -obliterate/DSGN -obliteration/M -oblivion/M -oblivious/YP -obliviousness/M -oblong/MS -obloquy/M -obnoxious/YP -obnoxiousness/M -oboe/MS -oboist/MS -obscene/RYT -obscenity/SM -obscurantism/M -obscurantist/SM -obscure/DRSYTG -obscurity/SM -obsequies -obsequious/PY -obsequiousness/M -obsequy/M -observably -observance/MS -observant/Y -observation/SM -observational -observatory/SM -observe/DRSBZG -observed/U -observer/M -obsess/DSGV -obsession/SM -obsessional/Y -obsessive/PSMY -obsessiveness/M -obsidian/M -obsolesce/DSG -obsolescence/M -obsolescent -obsolete/GDS -obstacle/MS -obstetric/S -obstetrical -obstetrician/SM -obstetrics/M -obstinacy/M -obstinate/Y -obstreperous/YP -obstreperousness/M -obstruct/DGVS -obstructed/U -obstruction/SM -obstructionism/M -obstructionist/MS -obstructive/YP -obstructiveness/M -obtain/DBLGS -obtainable/U -obtainment/M -obtrude/DSG -obtrusion/M -obtrusive/UPY -obtrusiveness/UM -obtuse/YTRP -obtuseness/M -obverse/SM -obviate/DSGN -obviation/M -obvious/PY -obviousness/M -ocarina/MS -occasion/GMDS -occasional/Y -occidental/SM -occlude/GDS -occlusion/SM -occlusive -occult/M -occultism/M -occultist/SM -occupancy/M -occupant/SM -occupation/AM -occupational/Y -occupations -occupied/U -occupier/SM -occupy/ADSG -occur/AS -occurred/A -occurrence/SM -occurring/A -ocean/SM -oceanfront/SM -oceangoing -oceanic/M -oceanographer/SM -oceanographic -oceanography/M -oceanology/M -ocelot/MS -och/R -ocher/M -ocker/S -octagon/MS -octagonal -octal -octane/MS -octave/MS -octavo/MS -octet/SM -octogenarian/SM -octopus/MS -ocular/MS -oculist/SM -oculomotor -odalisque/SM -odd/STRYLP -oddball/SM -oddity/SM -oddment/SM -oddness/M -odds/M -ode/SM -odious/YP -odiousness/M -odium/M -odometer/MS -odor/MDS -odoriferous -odorless -odorous -odyssey/MS -oedipal -oenology/M -oenophile/SM -oeuvre/MS -of -off/SZGDRJ -offal/M -offbeat/MS -offend/ZGDRS -offender/M -offense/MS -offensive's -offensive/IPY -offensiveness/IM -offensives -offer/JGMD -offering/M -offertory/SM -offhand -offhanded/PY -offhandedness/M -office/MZRS -officeholder/SM -officer/M -official/MYS -officialdom/M -officialese -officialism/M -officiant/SM -officiate/DSG -officiator/MS -officious/PY -officiousness/M -offing/M -offish -offline -offload/SDG -offprint/SM -offset/MS -offsetting -offshoot/MS -offshore/G -offside -offsite -offspring/M -offstage/S -offtrack -oft -often/TR -oftentimes -ofttimes -ogle/MZGDRS -ogler/M -ogre/MS -ogreish -ogress/MS -oh/M -ohm/SM -ohmmeter/MS -oho -ohs -oi -oik/S -oil/SGMD -oilcan/S -oilcloth/M -oilcloths -oilfield/S -oiliness/M -oilman -oilmen -oilskin/MS -oilskins/M -oily/RPT -oink/MDSG -ointment/SM -okapi/SM -okay/MSG -okra/MS -old/TMNRP -oldie/SM -oldish -oldness/M -oldster/MS -ole/SMV -oleaginous -oleander/MS -oleo/M -oleomargarine/M -olfactory/SM -oligarch/M -oligarchic -oligarchical -oligarchs -oligarchy/SM -oligonucleotide/S -oligopoly/SM -olive/SM -om/SMNX -ombudsman/M -ombudsmen -omega/SM -omelet/MS -omen/M -omicron/MS -ominous/YP -ominousness/M -omission/MS -omit/S -omitted -omitting -omnibus/MS -omnipotence/M -omnipotent -omnipresence/M -omnipresent -omniscience/M -omniscient -omnivore/MS -omnivorous/PY -omnivorousness/M -on/Y -onboard -once/M -oncogene/SM -oncologist/SM -oncology/M -oncoming -one/SXMNP -oneness/M -onerous/PY -onerousness/M -oneself -onetime -ongoing -onion/M -onionskin/M -online -onlooker/SM -onlooking -onomatopoeia/M -onomatopoeic -onomatopoetic -onrush/MSG -onscreen -onset/MS -onshore -onside -onsite -onslaught/MS -onstage -onto -ontogeny/M -ontological -ontology/M -onus/MS -onward -onyx/MS -oodles/M -ooh/GD -oohs -oomph -oops -ooze/MGDS -oozy/TR -op/SMDG -opacity/M -opal/MS -opalescence/M -opalescent -opaque/PYTGDRS -opaqueness/M -opcode/S -ope/S -open/ZTGJPMDRYS -opencast -opened/U -opener/M -openhanded/P -openhandedness/M -openhearted -opening/M -openness/M -openwork/M -opera/MS -operable/I -operand/S -operate/DSGNVX -operatic -operatically -operation/M -operational/Y -operative/SM -operator/SM -operetta/SM -ophthalmic -ophthalmologist/SM -ophthalmology/M -opiate/SM -opine/GNXDS -opinion/M -opinionated -opioid/SM -opium/M -opossum/MS -opp -opponent/SM -opportune/IY -opportunism/M -opportunist/SM -opportunistic -opportunistically -opportunity/SM -oppose/DSG -opposed/U -opposite/SMYNX -opposition/M -oppress/DSGV -oppression/M -oppressive/YP -oppressiveness/M -oppressor/MS -opprobrious/Y -opprobrium/M -opt/SGD -optic/MS -optical/Y -optician/SM -optics/M -optima -optimal/Y -optimism/SM -optimist/SM -optimistic -optimistically -optimization/MS -optimize/DRSG -optimum/SM -option/SMDG -optional/Y -optometrist/MS -optometry/M -opulence/M -opulent/Y -opus/MS -or -oracle/SM -oracular -oral/MYS -orality -orange/SMP -orangeade/MS -orangery/SM -orangutan/SM -orate/GNXDS -oration/M -orator/SM -oratorical/Y -oratorio/MS -oratory/SM -orb/SM -orbicular -orbit/MDRZGS -orbital/SM -orbiter/M -orc/SM -orchard/SM -orchestra/MS -orchestral -orchestrate/DSXGN -orchestration/M -orchid/SM -ordain/SDLG -ordainment/M -ordeal/SM -order/EAMDGS -ordered/U -orderings -orderliness/EM -orderly/PSM -ordinal/SM -ordinance/SM -ordinarily -ordinariness/M -ordinary/SMP -ordinate/MNSX -ordination/M -ordnance/M -ordure/M -ore/SM -oregano/M -org -organ/MS -organdy/M -organelle/MS -organic/SM -organically/I -organism/MS -organismic -organist/MS -organization/ASM -organizational/Y -organize/AESDG -organized/U -organizer/MS -organza/M -orgasm/SM -orgasmic -orgiastic -orgy/SM -oriel/MS -orient's -orient/AEDGS -oriental/MS -orientalist/S -orientate/EDSGN -orientation/AEM -orientations -orienteering -orifice/MS -orig -origami/M -origin/SM -original/MYS -originality/M -originate/DSGN -origination/M -originator/SM -oriole/SM -orison/SM -ormolu/M -ornament/SGMD -ornamental -ornamentation/M -ornate/YP -ornateness/M -orneriness/M -ornery/PRT -ornithological -ornithologist/MS -ornithology/M -orotund -orotundity/SM -orphan/SMDG -orphanage/MS -orris/MS -orthodontia/M -orthodontic/S -orthodontics/M -orthodontist/SM -orthodox/U -orthodoxy/SM -orthogonal -orthogonality -orthographic -orthographically -orthography/SM -orthopedic/S -orthopedics/M -orthopedist/MS -orzo/M -oscillate/GNDSX -oscillation/M -oscillator/SM -oscillatory -oscilloscope/MS -osculate/DSXGN -osculation/M -osier/MS -osmium/M -osmosis/M -osmotic -osprey/SM -ossicles -ossification/M -ossify/NGDS -ostensible -ostensibly -ostentation/M -ostentatious/Y -osteoarthritis/M -osteopath/M -osteopathic -osteopaths -osteopathy/M -osteoporosis/M -ostler/S -ostracism/M -ostracize/GDS -ostrich/MS -other/MSP -otherwise -otherworldly -otiose -otter/MS -ottoman/MS -oubliette/MS -ouch -ought -oughtn't -ounce/MS -our/S -ourselves -oust/ZGDRS -ouster/M -out/SJGMDR -outage/SM -outargue/GDS -outback/MS -outbalance/DSG -outbid/S -outbidding -outboard/MS -outboast/DSG -outbound -outbox/MS -outbreak/MS -outbuilding/MS -outburst/SM -outcast/MS -outclass/DSG -outcome/MS -outcrop/MS -outcropped -outcropping/SM -outcry/SM -outdated -outdid -outdistance/GDS -outdo/G -outdoes -outdone -outdoor/S -outdoors/M -outdoorsy -outdraw/GS -outdrawn -outdrew -outercourse -outermost -outerwear/M -outface/GDS -outfall/S -outfield/SMRZ -outfielder/M -outfight/SG -outfit/SM -outfitted -outfitter/MS -outfitting -outflank/GSD -outflow/MS -outfought -outfox/GDS -outgo/MJG -outgoes -outgrew -outgrow/HGS -outgrown -outgrowth/M -outgrowths -outguess/GDS -outgun/S -outgunned -outgunning -outhit/S -outhitting -outhouse/SM -outing/M -outlaid -outlandish/PY -outlandishness/M -outlast/DSG -outlaw/SGMD -outlay/SGM -outlet/SM -outlier/S -outline/MGDS -outlive/GDS -outlook/MS -outlying -outmaneuver/GDS -outmatch/GDS -outmoded -outnumber/DSG -outpace/GDS -outpatient/MS -outperform/GSD -outplace/L -outplacement/M -outplay/GDS -outpoint/DGS -outpost/MS -outpouring/MS -outproduce/DSG -output/SM -outputted -outputting -outrace/GDS -outrage/MGDS -outrageous/Y -outran -outrank/GDS -outre -outreach/MDSG -outrider/MS -outrigger/SM -outright -outrun/S -outrunning -outscore/GDS -outsell/GS -outset/SM -outshine/GS -outshone -outshout/GDS -outside/MZRS -outsider/M -outsize/MS -outskirt/MS -outsmart/GDS -outsold -outsource/DSG -outsourcing/M -outspend/SG -outspent -outspoken/YP -outspokenness/M -outspread/GS -outstanding/Y -outstation/MS -outstay/DGS -outstretch/DSG -outstrip/S -outstripped -outstripping -outta -outtake/MS -outvote/GDS -outward/YS -outwear/GS -outweigh/GD -outweighs -outwit/S -outwith -outwitted -outwitting -outwore -outwork/MDRSZG -outworn -ouzo/MS -ova -oval/MS -ovarian -ovary/SM -ovate/NX -ovation/M -oven/MS -ovenbird/SM -ovenproof -ovenware -over/MYS -overabundance/M -overabundant -overachieve/ZGDRS -overachiever/M -overact/GVSD -overage/SM -overaggressive -overall/SM -overalls/M -overambitious -overanxious -overarching -overarm/GSD -overate -overattentive -overawe/DSG -overbalance/MGDS -overbear/GS -overbearing/Y -overbid/SM -overbidding -overbite/MS -overblown -overboard -overbold -overbook/DGS -overbore -overborne -overbought -overbuild/SG -overbuilt -overburden/GSD -overbuy/GS -overcame -overcapacity/M -overcapitalize/DSG -overcareful -overcast/MGS -overcautious -overcharge/DSMG -overclock/GD -overcloud/SGD -overcoat/MS -overcome/GS -overcompensate/DSGN -overcompensation/M -overconfidence/M -overconfident -overconscientious -overcook/DGS -overcritical -overcrowd/SDG -overcrowding/M -overdecorate/DSG -overdependent -overdevelop/SDG -overdid -overdo/G -overdoes -overdone -overdose/MGDS -overdraft/SM -overdraw/GS -overdrawn -overdress/GMDS -overdrew -overdrive/SM -overdub/SM -overdubbed -overdubbing -overdue -overeager -overeat/GSN -overemotional -overemphasis/M -overemphasize/GDS -overenthusiastic -overestimate/MGNDS -overestimation/M -overexcite/DSG -overexercise/GDS -overexert/SDG -overexertion/M -overexpose/GDS -overexposure/M -overextend/DGS -overfed -overfeed/GS -overfill/DGS -overflew -overflight/MS -overflow/MDSG -overflown -overfly/GS -overfond -overfull -overgeneralize/DSG -overgenerous -overgraze/DSG -overgrew -overground -overgrow/HSG -overgrown -overgrowth/M -overhand/MDS -overhang/MSG -overhasty -overhaul/MDSG -overhead/MS -overhear/SG -overheard -overheat/DSG -overhung -overindulge/GDS -overindulgence/M -overindulgent -overinflated -overjoy/GSD -overkill/M -overladen -overlaid -overlain -overland -overlap/SM -overlapped -overlapping -overlarge -overlay/GSM -overleaf -overlie -overload/GMDS -overlong -overlook/GMDS -overlord/MS -overly/SG -overmanned -overmanning -overmaster/SDG -overmodest -overmuch/S -overnice -overnight/MS -overoptimism/M -overoptimistic -overpaid -overparticular -overpass/MS -overpay/GS -overplay/GDS -overpopulate/GNDS -overpopulation/M -overpower/SDG -overpowering/Y -overpraise/DSG -overprecise -overprice/DSG -overprint/SMDG -overproduce/GDS -overproduction/M -overprotect/SDGV -overqualified -overran -overrate/GDS -overreach/GDS -overreact/SDG -overreaction/SM -overrefined -overridden -override/MGS -overripe/M -overrode -overrule/GDS -overrun/SM -overrunning -oversampling -oversaw -oversea/S -oversee/RSZ -overseeing -overseen -overseer/M -oversell/GS -oversensitive/P -oversensitiveness/M -oversexed -overshadow/DSG -overshare/DSG -overshoe/MS -overshoot/GS -overshot -oversight/SM -oversimple -oversimplification/M -oversimplify/DSNGX -oversize -oversleep/GS -overslept -oversold -overspecialization/M -overspecialize/GDS -overspend/SG -overspent -overspread/GS -overstaffed -overstate/DSLG -overstatement/MS -overstay/DSG -overstep/S -overstepped -overstepping -overstimulate/DSG -overstock/GSD -overstretch/GDS -overstrict -overstrung -overstuffed -oversubscribe/DSG -oversubtle -oversupply/GDS -oversuspicious -overt/Y -overtake/GS -overtaken -overtax/GDS -overthink/SG -overthought -overthrew -overthrow/SMG -overthrown -overtime/MS -overtire/GDS -overtone/MS -overtook -overture/MS -overturn/DSG -overuse/DSMG -overvaluation/S -overvalue/DSG -overview/MS -overweening/Y -overweight/M -overwhelm/SGD -overwhelming/Y -overwinter/SDG -overwork/GMDS -overwrite/GS -overwritten -overwrote -overwrought -overzealous -oviduct/SM -oviparous -ovoid/MS -ovular -ovulate/DSGN -ovulation/M -ovule/MS -ovum/M -ow -owe/DSG -owl/SM -owlet/MS -owlish/Y -own/ESGD -owner/MS -ownership/M -ox/MN -oxalate -oxblood/M -oxbow/MS -oxcart/SM -oxford/SM -oxidant/MS -oxidase -oxidation/M -oxidative -oxide/MS -oxidization/M -oxidize/ZGDRS -oxidizer/M -oxtail/S -oxyacetylene/M -oxygen/M -oxygenate/DSGN -oxygenation/M -oxymora -oxymoron/M -oyster/SM -oz -ozone/M -p/NRXTGJ -pH -pa/SMH -pablum/M -pabulum/M -pace/MZGDRS -pacemaker/SM -pacer/M -pacesetter/SM -pacey -pachyderm/MS -pachysandra/MS -pacific -pacifically -pacification/M -pacifier/M -pacifism/M -pacifist/SM -pacifistic -pacify/ZGDRSN -pack's -pack/AUGSD -package's -package/AGDS -packager/SM -packaging/M -packer/MS -packet/MS -packing's -packinghouse/SM -packsaddle/MS -pact/MS -pacy/RT -pad/SM -padded -padding/M -paddle/MZGDRS -paddler/M -paddock/MDGS -paddy/SM -padlock/MDSG -padre/SM -paean/SM -paella/MS -pagan/SM -paganism/M -page/MZGDRS -pageant/MS -pageantry/M -pageboy/SM -pager/M -paginate/DSGN -pagination/M -pagoda/MS -pah -paid/AU -pail/MS -pailful/SM -pain/MDSG -painful/PY -painfuller -painfullest -painfulness/M -painkiller/MS -painkilling -painless/PY -painlessness/M -painstaking/MY -paint/SZGJMDR -paintball -paintbox/MS -paintbrush/MS -painted/U -painter/MY -painting/M -paintwork -pair/AMDSG -paired/U -pairing/S -pairwise -paisley/SM -pajama/S -pajamas/M -pal/SMY -palace/MS -paladin/SM -palanquin/SM -palatable/U -palatal/SM -palatalization/M -palatalize/GDS -palate/MBS -palatial/Y -palatinate/MS -palatine/MS -palaver/GSMD -palazzi -palazzo -pale/MYTGPDRSJ -paleface/MS -paleness/M -paleo -paleographer/MS -paleography/M -paleolithic -paleontologist/SM -paleontology/M -palette/SM -palfrey/SM -palimony/M -palimpsest/MS -palindrome/MS -palindromic -paling/M -palisade/SM -palish -pall/MDSG -palladium/M -pallbearer/MS -pallet/MS -palliate/DSGNV -palliation/M -palliative/SM -pallid/YP -pallidness/M -pallor/M -palm/MDSG -palmate -palmetto/SM -palmist/SM -palmistry/M -palmtop/SM -palmy/TR -palomino/MS -palpable -palpably -palpate/DSGN -palpation/M -palpitate/XGNDS -palpitation/M -palsy/GDSM -paltriness/M -paltry/RPT -pampas/M -pamper/DSG -pamphlet/MS -pamphleteer/MS -pan/SM -panacea/SM -panache/M -panama/MS -panatella/S -pancake/DSMG -panchromatic -pancreas/MS -pancreatic -pancreatitis -panda/SM -pandemic/SM -pandemonium/M -pander/MDRZGS -panderer/M -pane/KM -panegyric/SM -panel/SGJMD -paneling/M -panelist/MS -panes -pang/MS -panhandle/DRSMZG -panhandler/M -panic/SM -panicked -panicking -panicky -panned -pannier/SM -panning -panoply/SM -panorama/SM -panoramic -panpipes/M -pansy/SM -pant/MDSG -pantaloons/M -pantechnicon/S -pantheism/M -pantheist/SM -pantheistic -pantheon/SM -panther/MS -pantie/MS -panto/S -pantomime/MGDS -pantomimic -pantomimist/SM -pantry/SM -pantsuit/SM -pantyhose/M -pantyliner/M -pantywaist/SM -pap/SM -papa/MS -papacy/SM -papal -paparazzi/M -paparazzo -papaya/MS -paper/SZGMDR -paperback/SM -paperbark/S -paperboard/M -paperboy/SM -paperclip/S -paperer/M -papergirl/SM -paperhanger/SM -paperhanging/M -paperless -paperweight/MS -paperwork/M -papery -papilla/M -papillae -papillary -papist/MS -papoose/MS -pappy/SM -paprika/M -papyri -papyrus/M -par/SZGMDRBJ -para/MS -parable/MS -parabola/SM -parabolic -paracetamol/S -parachute/DSMG -parachutist/MS -parade/MZGDRS -parader/M -paradigm/SM -paradigmatic -paradisaical -paradise/SM -paradox/MS -paradoxical/Y -paraffin/M -paragliding -paragon/MS -paragraph/GMD -paragraphs -parakeet/SM -paralegal/MS -parallax/MS -parallel/SGMD -paralleled/U -parallelism/MS -parallelization -parallelized -parallelogram/SM -paralyses -paralysis/M -paralytic/SM -paralyze/DSG -paralyzing/Y -paramagnetic -paramecia -paramecium/M -paramedic/MS -paramedical/MS -parameter/MS -parameterize/D -parametric -paramilitary/SM -paramount -paramountcy -paramour/SM -paranoia/M -paranoiac/MS -paranoid/SM -paranormal -parapet/MS -paraphernalia/M -paraphrase/DSMG -paraplegia/M -paraplegic/SM -paraprofessional/MS -parapsychologist/MS -parapsychology/M -paraquat/M -parasailing -parascending -parasite/SM -parasitic -parasitical/Y -parasitism/M -parasol/MS -parasympathetic/S -parathion/M -parathyroid/MS -paratroop/RZS -paratrooper/M -paratroops/M -paratyphoid/M -parboil/DSG -parcel/GMDS -parch/LGDS -parchment/SM -pardner/S -pardon/ZGMDRBS -pardonable/U -pardonably/U -pardoner/M -pare/S -paregoric/M -parent/GMDS -parentage/M -parental -parentheses -parenthesis/M -parenthesize/DSG -parenthetic -parenthetical/Y -parenthood/M -parenting/M -parer/M -pares/S -paresis/M -parfait/MS -pariah/M -pariahs -paribus -parietal -parimutuel/MS -paring/M -parish/MS -parishioner/MS -parity/ESM -park/MDSG -parka/SM -parking/M -parkland -parkour -parkway/MS -parky -parlance/M -parlay/GMDS -parley/GMDS -parliament/SM -parliamentarian/SM -parliamentary -parlor/MS -parlous -parmigiana -parochial/Y -parochialism/M -parodist/SM -parody/GDSM -parole/MGDS -parolee/MS -parotid -paroxysm/SM -paroxysmal -parquet/MDSG -parquetry/M -parred -parricidal -parricide/MS -parring -parrot/GMDS -parry/GDSM -parse/DRSG -parsec/MS -parsimonious/Y -parsimony/M -parsley/M -parsnip/MS -parson/MS -parsonage/MS -part's -part/CDSG -partake/ZGRS -partaken -partaker/M -parterre/SM -parthenogenesis/M -partial/MYS -partiality/M -participant/SM -participate/DSGN -participation/M -participator/MS -participatory -participial/M -participle/MS -particle/SM -particleboard/M -particular/SMY -particularity/SM -particularization/M -particularize/DSG -particulate/SM -parting/MS -partisan/SM -partisanship/M -partition/GMDS -partitive/MS -partly -partner/MDSG -partnership/MS -partook -partridge/SM -parturition/M -partway -party/GDSM -parvenu/MS -pascal/MS -paschal -pasha/SM -pass/M -passably -passage/MS -passageway/MS -passbook/MS -passe/DRSBXZGNV -passel/MS -passenger/SM -passer/M -passerby/M -passersby -passim -passing/MY -passion/EM -passionate/EY -passionflower/SM -passionless -passive/PMYS -passiveness/M -passivity/M -passivization -passivize/DSG -passkey/MS -passphrase/S -passport/MS -password/MS -past/AMS -pasta/SM -paste/DSMG -pasteboard/M -pastel/MS -pastern/MS -pasteurization/M -pasteurize/ZGDRS -pasteurized/U -pasteurizer/M -pastiche/MS -pastie -pastille/MS -pastime/MS -pastiness/M -pastor/MS -pastoral/MS -pastorate/MS -pastrami/M -pastry/SM -pasturage/M -pasture/DSMG -pastureland/M -pasty/PTRSM -pat/SM -patch/EGMDS -patchily -patchiness/M -patchouli -patchwork/SM -patchy/TPR -pate/MS -patella/MS -patellae -patent/GMDYS -paterfamilias/MS -paternal/Y -paternalism/M -paternalist/S -paternalistic -paternity/M -paternoster/MS -path/M -pathetic -pathetically -pathfinder/SM -pathless -pathogen/SM -pathogenic -pathological/Y -pathologist/SM -pathology/M -pathos/M -paths -pathway/MS -patience/M -patient/IMST -patienter -patiently -patina/MS -patine -patio/SM -patisserie/S -patois/M -patresfamilias -patriarch/M -patriarchal -patriarchate/MS -patriarchs -patriarchy/SM -patrician/SM -patricidal -patricide/SM -patrimonial -patrimony/SM -patriot/SM -patriotic/U -patriotically -patriotism/M -patrol/MS -patrolled -patrolling -patrolman/M -patrolmen -patrolwoman/M -patrolwomen -patron/MS -patronage/MS -patroness/MS -patronize/ZGDRS -patronizer/M -patronizing/Y -patronymic/SM -patronymically -patroon/SM -patsy/SM -patted -patter/MDGS -pattern/SMDG -patting -patty/SM -paucity/M -paunch/MS -paunchy/RT -pauper/MS -pauperism/M -pauperize/DSG -pause/DSMG -pave/AGDS -paved/U -pavement/MS -pavilion/SM -paving/MS -pavlova/S -paw/SGMD -pawl/MS -pawn/MDSG -pawnbroker/MS -pawnbroking/M -pawnshop/MS -pawpaw/MS -pay's -pay/ASGBL -payback/SM -paycheck/MS -payday/MS -payed -payee/SM -payer/SM -payload/SM -paymaster/SM -payment/ASM -payoff/MS -payola/M -payout/MS -payphone/S -payroll/SM -payslip/SM -paywall/SM -payware -pct -pd -pea/SM -peace/SM -peaceable -peaceably -peaceful/PY -peacefulness/M -peacekeeper/SM -peacekeeping/M -peacemaker/MS -peacemaking/M -peacetime/M -peach/MS -peachy/TR -peacock/MS -peafowl/MS -peahen/MS -peak/MDSG -peaky -peal/AMDSG -peanut/MS -pear/MYS -pearl/SGMD -pearly/RT -peasant/SM -peasantry/M -peashooter/SM -peat/M -peaty/TR -pebble/MGDS -pebbly -pecan/SM -peccadillo/M -peccadilloes -peccary/SM -peck/MDRSZG -peckish -pecs -pectic -pectin/M -pectoral/MS -pectoralis -peculate/GNDS -peculation/M -peculator/SM -peculiar/Y -peculiarity/SM -pecuniary -pedagogic -pedagogical/Y -pedagogue/SM -pedagogy/M -pedal/SGMD -pedalo/S -pedant/MS -pedantic -pedantically -pedantry/M -peddle/ZGDRS -peddler/M -pederast/MS -pederasty/M -pedestal/MS -pedestrian/SM -pedestrianization -pedestrianize/GDS -pediatric/S -pediatrician/MS -pediatrics/M -pedicab/SM -pedicure/MGDS -pedicurist/MS -pedigree/MDS -pediment/MS -pedometer/MS -pedophile/S -pedophilia -peduncle/MS -pee/DRSMZ -peeing -peek/MDSG -peekaboo/M -peel/MDRSJZG -peeled/U -peeler/M -peeling/M -peen/MS -peep/MDRSZG -peepbo -peeper/M -peephole/MS -peepshow/MS -peer/MDG -peerage/SM -peeress/MS -peerless -peeve/DSMG -peevish/PY -peevishness/M -peewee/MS -peewit/S -peg/SM -pegboard/MS -pegged -pegging -peignoir/SM -pejoration/M -pejorative/SMY -peke/MS -pekineses -pekingese/SM -pekoe/M -pelagic -pelf/M -pelican/MS -pellagra/M -pellet/GMDS -pellucid -pelmet/S -pelt/MDSG -pelvic -pelvis/MS -pemmican/M -pen/M -penal -penalization/M -penalize/DSG -penalty/SM -penance/MS -pence -penchant/SM -pencil/GMDJS -pend/CDSG -pendant/MS -pendent/MS -pendulous -pendulum/MS -penetrability/M -penetrable -penetrate/DSGNVX -penetrating/Y -penetration/M -penfriend/S -penguin/MS -penicillin/M -penile -peninsula/SM -peninsular -penis/MS -penitence/M -penitent/SMY -penitential -penitentiary/SM -penknife/M -penknives -penlight/SM -penman/M -penmanship/M -penmen -pennant/MS -penned -penniless -penning -pennon/MS -penny/SM -pennyweight/MS -pennyworth -penologist/MS -penology/M -pension/BZGMDRS -pensioner/M -pensive/PY -pensiveness/M -pent -pentacle/MS -pentagon/MS -pentagonal -pentagram/SM -pentameter/SM -pentathlete/MS -pentathlon/MS -penthouse/SM -penuche/M -penultimate/SM -penumbra/MS -penumbrae -penurious/PY -penuriousness/M -penury/M -peon/MS -peonage/M -peony/SM -people/MGDS -pep/SM -pepped -pepper/GMDS -peppercorn/SM -peppermint/SM -pepperoni/MS -peppery -peppiness/M -pepping -peppy/TPR -pepsin/M -peptic/MS -peptide/S -peradventure/M -perambulate/XGNDS -perambulation/M -perambulator/MS -percale/MS -perceive/BGDS -perceived/U -percent/MS -percentage/SM -percentile/SM -perceptible -perceptibly -perception/SM -perceptional -perceptive/PY -perceptiveness/M -perceptual/Y -perch/GMDS -perchance -percipience/M -percipient -percolate/GNDS -percolation/M -percolator/SM -percussion/AM -percussionist/MS -percussive -perdition/M -perdurable -peregrinate/DSXGN -peregrination/M -peregrine/MS -peremptorily -peremptory -perennial/SMY -perestroika/M -perfect/PTGMDRYS -perfecta/MS -perfectibility/M -perfectible -perfection/SM -perfectionism/M -perfectionist/SM -perfectness/M -perfidious/Y -perfidy/SM -perforate/GNXDS -perforation/M -perforce -perform/SDRZG -performance/SM -performative -performed/U -performer/M -perfume/DRSMZG -perfumer/M -perfumery/SM -perfunctorily -perfunctory -perfusion -pergola/SM -perhaps -pericardia -pericardial -pericarditis -pericardium/M -perigee/SM -perihelia -perihelion/M -peril/SGMD -perilous/Y -perimeter/SM -perinatal -perinea -perineum/M -period/MS -periodic -periodical/SMY -periodicity/M -periodontal -periodontics/M -periodontist/SM -peripatetic/MS -peripheral/MYS -periphery/SM -periphrases -periphrasis/M -periphrastic -periscope/SM -perish/BDRSZG -perishable/MS -peristalses -peristalsis/M -peristaltic -peristyle/SM -peritoneal -peritoneum/MS -peritonitis/M -periwig/SM -periwinkle/SM -perjure/DRSZG -perjurer/M -perjury/SM -perk/MDSG -perkily -perkiness/M -perky/TPR -perm/MDSG -permafrost/M -permanence/M -permanency/M -permanent/SMY -permeability/M -permeable -permeate/GNDS -permeation/M -permissible -permissibly -permission/MS -permissive/PY -permissiveness/M -permit/MS -permitted -permitting -permittivity -permutation/SM -permute/DSG -pernicious/YP -perniciousness/M -peroration/MS -peroxide/MGDS -perpendicular/SMY -perpendicularity/M -perpetrate/DSGN -perpetration/M -perpetrator/MS -perpetual/SMY -perpetuate/DSGN -perpetuation/M -perpetuity/M -perplex/GDS -perplexed/Y -perplexing/Y -perplexity/SM -perquisite/SM -persecute/GNXDS -persecution/M -persecutor/SM -perseverance/M -persevere/DSG -persiflage/M -persimmon/SM -persist/SGD -persistence/M -persistent/Y -persnickety -person/UMS -persona/SM -personable -personae -personage/MS -personal/MYS -personality/SM -personalize/CDSG -personalty/M -personification/M -personify/GDSNX -personnel/M -perspective/MS -perspex -perspicacious/Y -perspicacity/M -perspicuity/M -perspicuous -perspiration/M -perspire/GDS -persuade/BZGDRS -persuaded/U -persuader/M -persuasion/SM -persuasive/PY -persuasiveness/M -pert/RYPT -pertain/GSD -pertinacious/Y -pertinacity/M -pertinence/M -pertinent/Y -pertness/M -perturb/DGS -perturbation/SM -perturbed/U -pertussis/M -peruke/MS -perusal/MS -peruse/GDS -perv/S -pervade/DSG -pervasive/PY -pervasiveness/M -perverse/PXYN -perverseness/M -perversion/M -perversity/M -pervert/SGMD -peseta/MS -peskily -peskiness/M -pesky/TPR -peso/MS -pessary/S -pessimal -pessimism/M -pessimist/SM -pessimistic -pessimistically -pest/MRSZ -pester/GD -pesticide/MS -pestiferous -pestilence/SM -pestilent -pestilential -pestle/MGDS -pesto/M -pet/SZMR -petabyte/MS -petajoule/S -petal/SMD -petard/MS -petawatt/S -petcock/SM -peter/GMD -petiole/SM -petite/MS -petition/ZGMDRS -petitionary -petitioner/M -petrel/MS -petrifaction/M -petrify/DSG -petrochemical/SM -petrodollar/MS -petrol/M -petrolatum/M -petroleum/M -petrologist/SM -petrology/M -petted -petticoat/MS -pettifog/S -pettifogged -pettifogger/SM -pettifoggery/M -pettifogging -pettily -pettiness/M -petting/M -pettish/Y -petty/PTR -petulance/M -petulant/Y -petunia/MS -pew/SM -pewee/SM -pewit/SM -pewter/MS -peyote/M -pf -pfennig/MS -pg -phaeton/MS -phage/S -phagocyte/SM -phalanger/SM -phalanges -phalanx/MS -phalli -phallic -phallocentric -phallocentrism -phallus/M -phantasm/MS -phantasmagoria/MS -phantasmagorical -phantasmal -phantom/SM -pharaoh/M -pharaohs -pharisaic -pharisee/SM -pharmaceutic/MS -pharmaceutical/SM -pharmaceutics/M -pharmacist/MS -pharmacologic -pharmacological -pharmacologist/SM -pharmacology/M -pharmacopoeia/MS -pharmacotherapy -pharmacy/SM -pharyngeal -pharynges -pharyngitis/M -pharynx/M -phase/DSMG -phaseout/SM -phat -pheasant/MS -phenacetin/M -phenobarbital/M -phenol/M -phenom/MS -phenomena -phenomenal/Y -phenomenological -phenomenology -phenomenon/MS -phenotype -phenytoin -pheromone/MS -phew -phi/SM -phial/SM -philander/ZGDRS -philanderer/M -philandering/M -philanthropic -philanthropically -philanthropist/MS -philanthropy/SM -philatelic -philatelist/MS -philately/M -philharmonic/SM -philippic/MS -philistine/MS -philistinism/M -philodendron/SM -philological -philologist/MS -philology/M -philosopher/MS -philosophic -philosophical/Y -philosophize/DRSZG -philosophizer/M -philosophy/SM -philter/MS -phish/ZGDR -phisher/M -phlebitis/M -phlegm/M -phlegmatic -phlegmatically -phloem/M -phlox/M -phobia/MS -phobic/MS -phoebe/MS -phoenix/MS -phone/DSMG -phonecard/S -phoneme/MS -phonemic -phonemically -phonetic/S -phonetically -phonetician/SM -phonetics/M -phoneyed -phoneying -phonic/S -phonically -phonics/M -phoniness/M -phonograph/M -phonographic -phonographs -phonological/Y -phonologist/MS -phonology/M -phonon -phony/PTGDRSM -phooey -phosphate/MS -phosphodiesterase -phosphor/MS -phosphorescence/M -phosphorescent/Y -phosphoric -phosphorous -phosphorus/M -phosphorylation -photo/SGMD -photocell/MS -photocopier/M -photocopy/DRSMZG -photoelectric -photoelectrically -photoengrave/DRSJZG -photoengraver/M -photoengraving/M -photofinishing/M -photogenic -photogenically -photograph/MDRZG -photographer/M -photographic -photographically -photographs/A -photography/M -photojournalism/M -photojournalist/SM -photometer/MS -photon/MS -photosensitive -photostat/SM -photostatic -photostatted -photostatting -photosynthesis/M -photosynthesize/GDS -photosynthetic -phototropic -phototropism -phototypesetter -phototypesetting -photovoltaic -phrasal -phrase's -phrase/AGDS -phrasebook/S -phraseology/M -phrasing/MS -phreaking -phrenologist/SM -phrenology/M -phyla -phylactery/SM -phylogeny/M -phylum/M -phys -physic/SM -physical/MYS -physicality -physician/SM -physicist/SM -physicked -physicking -physics/M -physio/S -physiognomy/SM -physiography/M -physiologic -physiological/Y -physiologist/MS -physiology/M -physiotherapist/MS -physiotherapy/M -physique/MS -phytoplankton -pi/SMDRHZG -pianissimo/SM -pianist/MS -piano/SM -pianoforte/SM -pianola/S -piaster/MS -piazza/MS -pibroch/M -pibrochs -pic/SM -pica/M -picador/MS -picante -picaresque -picayune -piccalilli/M -piccolo/MS -pick/MDRSJZG -pickax/GMDS -picker/M -pickerel/MS -picket/ZGMDRS -pickings/M -pickle/MGDS -pickpocket/SM -pickup/MS -picky/PTR -picnic/MS -picnicked -picnicker/SM -picnicking -picot/SM -pictogram/S -pictograph/M -pictographs -pictorial/MYS -picture/MGDS -picturesque/PY -picturesqueness/M -piddle/MGDS -piddly -pidgin/MS -pie/SM -piebald/MS -piece/DSMG -piecemeal -piecework/MRZ -pieceworker/M -piecrust/SM -pieing -pier/M -pierce/JGDS -piercing/MY -piety/M -piezoelectric -piffle/MG -pig/SML -pigeon/MS -pigeonhole/DSMG -pigged -piggery/S -pigging -piggish/PY -piggishness/M -piggy/TRSM -piggyback/MDSG -pigheaded/PY -pigheadedness/M -piglet/MS -pigment/MDS -pigmentation/M -pigpen/MS -pigskin/MS -pigsty/SM -pigswill -pigtail/MS -pike/MZGDRS -piker/M -pikestaff/SM -pilaf/SM -pilaster/MS -pilchard/MS -pile/MGDSJ -pileup/MS -pilfer/ZGDRS -pilferage/M -pilferer/M -pilgrim/MS -pilgrimage/MS -piling/M -pill/MDSG -pillage/MZGDRS -pillager/M -pillar/MDS -pillbox/MS -pillion/MS -pillock/S -pillory/GDSM -pillow/GMDS -pillowcase/MS -pillowslip/MS -pilot/DGSM -pilothouse/SM -pimento/MS -pimiento/MS -pimp/GMDYS -pimpernel/MS -pimple/DSM -pimply/RT -pin/SM -pinafore/MS -pinata/MS -pinball/M -pincer/MS -pinch/GMDS -pincushion/MS -pine's -pine/AGDS -pineapple/MS -pinewood/S -piney -pinfeather/SM -ping/GMD -pinhead/SM -pinhole/SM -pinier -piniest -pinion/SMDG -pink/TGPMDRS -pinkeye/M -pinkie/SM -pinkish -pinkness/M -pinko/MS -pinnacle/SM -pinnate -pinned/U -pinning/U -pinny/S -pinochle/M -pinon/MS -pinpoint/SGMD -pinprick/MS -pinsetter/SM -pinstripe/DSM -pint/MS -pinto/MS -pinup/MS -pinwheel/GSMD -pinyin/M -pinyon/SM -pioneer/SGMD -pious/YP -piousness/M -pip/SZGMDR -pipe/MS -pipeline/SM -piper/M -pipette/SM -pipework -piping/M -pipit/MS -pipped -pippin/SM -pipping -pipsqueak/SM -piquancy/M -piquant/Y -pique/MGDS -piracy/M -piranha/SM -pirate/DSMG -piratical/Y -pirogi/M -piroshki/M -pirouette/DSMG -piscatorial -pismire/SM -piss/ZGMDRS -pissoir/S -pistachio/SM -piste/S -pistil/SM -pistillate -pistol/SM -piston/SM -pit/SM -pita/MS -pitapat/SM -pitch/MDRSZG -pitchblende/M -pitcher/M -pitchfork/MDSG -pitchman/M -pitchmen -piteous/YP -piteousness/M -pitfall/SM -pith/M -pithead/S -pithily -pithiness/M -pithy/RTP -pitiable -pitiably -pitiful/Y -pitiless/PY -pitilessness/M -piton/MS -pitta/S -pittance/MS -pitted -pitting -pituitary/SM -pity/GDSM -pitying/Y -pivot/MDGS -pivotal -pix/M -pixel/MS -pixie/MS -pizza/MS -pizzazz/M -pizzeria/SM -pizzicati -pizzicato/M -pj's -pk -pkg -pkt -pkwy -pl -placard/SMDG -placate/DSGN -placation/M -placatory -place's -place/AESDLG -placebo/SM -placed/U -placeholder/MS -placekick/MDRZGS -placekicker/M -placement/EASM -placenta/SM -placental/S -placer/SM -placid/Y -placidity/M -placings -placket/SM -plagiarism/SM -plagiarist/SM -plagiarize/DRSZG -plagiarizer/M -plagiary/M -plague/DSMG -plaice -plaid/MS -plain/MRYTSP -plainchant -plainclothes -plainclothesman/M -plainclothesmen -plainness/M -plainsman/M -plainsmen -plainsong/M -plainspoken -plaint/SMV -plaintiff/SM -plaintive/Y -plait/MDGS -plan/ZMRS -planar -plane's -plane/CGDS -planeload/MS -planer/M -planet/SM -planetarium/SM -planetary -plangency/M -plangent -plank/MDGS -planking/M -plankton/M -planned/U -planner/SM -planning/S -plant/MDRZGSJ -plantain/SM -plantar -plantation/MS -planter/M -planting/M -plantlike -plaque/SM -plash/MDSG -plasma/M -plasmon -plaster/SZGMDR -plasterboard/M -plasterer/M -plastic/SM -plasticity/M -plasticize/DSG -plastique -plat/XGMDNS -plate/MS -plateau/SMDG -plateful/SM -platelet/SM -platen/M -platform/SGMD -plating/M -platinum/M -platitude/SM -platitudinous -platonic -platoon/SGMD -platted -platter/SM -platting -platy/M -platypus/MS -platys -plaudit/SM -plausibility/M -plausible -plausibly -play/AEGMDS -playable/EU -playact/SGD -playacting/M -playback/MS -playbill/MS -playbook/MS -playboy/SM -player/SM -playfellow/SM -playful/PY -playfulness/M -playgirl/MS -playgoer/MS -playground/SM -playgroup/S -playhouse/MS -playlist/MS -playmate/MS -playoff/SM -playpen/SM -playroom/SM -playschool/S -plaything/SM -playtime/M -playwright/SM -plaza/MS -plea/MS -plead/DRZGSJ -pleader/M -pleading/MY -pleasant/UTYP -pleasanter -pleasantness/UM -pleasantry/SM -please/EDSG -pleasing/YS -pleasurably -pleasure/MGDSB -pleasureful -pleat/MDGS -pleb/S -plebby -plebe/MS -plebeian/MS -plebiscite/MS -plectra -plectrum/MS -pledge/DSMG -plenary/SM -plenipotentiary/SM -plenitude/SM -plenteous -plentiful/Y -plenty/M -plenum/S -pleonasm/MS -plethora/M -pleura/M -pleurae -pleurisy/M -plexus/MS -pliability/M -pliable -pliancy/M -pliant/Y -pliers/M -plight/SMDG -plimsoll/S -plinth/M -plinths -plod/S -plodded -plodder/MS -plodding/S -plonk/DRSZG -plop/MS -plopped -plopping -plosive/S -plot/MS -plotted -plotter/SM -plotting -plover/SM -plow/GMDS -plowman/M -plowmen -plowshare/MS -ploy's -ploy/S -pluck/MDSG -pluckily -pluckiness/M -plucky/RPT -plug's -plug/US -plugged/U -plugging/U -plughole/S -plugin/SM -plum/GMDS -plumage/M -plumb/MDRSZGJ -plumbed/U -plumber/M -plumbing/M -plume/MS -plummet/SGMD -plummy -plump/MDRYSTGP -plumpness/M -plumy/RT -plunder/SZGMDR -plunderer/M -plunge/DRSMZG -plunger/M -plunk/MDSG -pluperfect/SM -plural/SM -pluralism/M -pluralist/MS -pluralistic -plurality/SM -pluralization/M -pluralize/GDS -plus/MS -plush/MRYTP -plushness/M -plushy/RT -plutocracy/SM -plutocrat/SM -plutocratic -plutonium/M -pluvial -ply/AGDSM -plywood/M -pm -pneumatic -pneumatically -pneumococcal -pneumococci -pneumococcus -pneumonia/M -poach/DRSZG -poacher/M -poaching/M -pock/GMDS -pocket/SMDG -pocketbook/SM -pocketful/SM -pocketknife/M -pocketknives -pockmark/MDGS -pod/SM -podcast/SMG -podded -podding -podiatrist/SM -podiatry/M -podium/SM -poem/MS -poesy/M -poet/MS -poetaster/MS -poetess/MS -poetic/S -poetical/Y -poetry/M -pogrom/SM -poi/M -poignancy/M -poignant/Y -poinciana/SM -poinsettia/SM -point/MDRSZG -pointblank -pointed/Y -pointer/M -pointillism/M -pointillist/SM -pointless/PY -pointlessness/M -pointy/TR -poise/MGDS -poison/SJZGMDR -poisoner/M -poisoning/M -poisonous/Y -poke/MZGDRS -poker/M -pokey/MS -poky/TR -pol/SGMD -polar -polarity/SM -polarization/CM -polarize/CDSG -pole/MS -poleaxe/GDS -polecat/MS -polemic/MS -polemical/Y -polemicist/SM -polemics/M -polestar/SM -police/DSMG -policeman/M -policemen -policewoman/M -policewomen -policy/SM -policyholder/MS -policymaker/S -polio/MS -poliomyelitis/M -polish/ZGMDRS -polished/U -polisher/M -politburo/MS -polite/RYTP -politeness/M -politesse/M -politic/S -political/Y -politician/SM -politicization/M -politicize/CDSG -politicking/M -politico/SM -politics/M -polity/SM -polka/MDSG -poll/GMDNS -pollack/MS -pollard/S -pollen/M -pollinate/GNDS -pollination/M -pollinator/SM -polling/M -polliwog/SM -pollster/SM -pollutant/MS -pollute/ZGNDRS -polluted/U -polluter/M -pollution/M -polo/M -polonaise/SM -polonium/M -poltergeist/MS -poltroon/SM -poly -polyacrylamide -polyamory/S -polyandrous -polyandry/M -polyclinic/SM -polyester/MS -polyethylene/M -polygamist/MS -polygamous -polygamy/M -polyglot/SM -polygon/SM -polygonal -polygraph/GMD -polygraphs -polyhedral -polyhedron/SM -polymath/M -polymaths -polymer/SM -polymeric -polymerization/M -polymerize/GDS -polymorphic -polymorphous -polynomial/MS -polyp/MS -polyphonic -polyphony/M -polypropylene/M -polys -polysemous -polystyrene/M -polysyllabic -polysyllable/MS -polytechnic/MS -polytheism/M -polytheist/SM -polytheistic -polythene -polyunsaturate/DS -polyurethane/MS -polyvinyl -pom/S -pomade/DSMG -pomander/SM -pomegranate/MS -pommel/SGMD -pommy/S -pomp/M -pompadour/SMD -pompano/MS -pompom/SM -pomposity/M -pompous/YP -pompousness/M -ponce/GDS -poncho/SM -poncy -pond/MS -ponder/SZGDR -ponderer/M -ponderous/YP -ponderousness/M -pone/MS -pong/GDS -pongee/M -poniard/MS -pontiff/SM -pontifical/Y -pontificate/DSMG -pontoon/SM -pony/GDSM -ponytail/MS -poo/SGD -pooch/MDSG -poodle/SM -poof/MS -poofter/S -pooh/GMD -poohs -pool/GMDS -poolroom/MS -poolside/S -poop/GMDS -poor/TRYP -poorboy/M -poorhouse/SM -poorness/M -pop/SM -popcorn/M -pope/MS -popgun/SM -popinjay/MS -poplar/SM -poplin/M -popover/SM -poppa/MS -poppadom/S -popped -popper/SM -poppet/S -popping -poppy/SM -poppycock/M -populace/MS -popular/Y -popularity/UM -popularization/M -popularize/DSG -populate/ACGDS -populated/U -population/CM -populations -populism/M -populist/MS -populous/P -populousness/M -popup/MS -porcelain/SM -porch/MS -porcine -porcupine/SM -pore/MGDS -porgy/SM -pork/ZMR -porker/M -porky/RSMT -porn/M -porno/M -pornographer/MS -pornographic -pornographically -pornography/M -porosity/M -porous/P -porousness/M -porphyritic -porphyry/M -porpoise/MGDS -porridge/M -porringer/SM -port's/A -port/CAEGDS -portability/M -portable/MS -portage/DSMG -portal/SM -portcullis/MS -portend/SGD -portent/SM -portentous/YP -porter/ASM -porterhouse/SM -portfolio/MS -porthole/MS -portico/M -porticoes -portiere/MS -portion/KSGMD -portliness/M -portly/RPT -portmanteau/MS -portrait/MS -portraitist/SM -portraiture/M -portray/SGD -portrayal/MS -portulaca/M -pose's/A -pose/CAKEGDS -poser/EKSM -poseur/SM -posh/TR -posit/DSGV -position/CKEMS -positional/KE -positioned/K -positioning/AK -positive/MYPS -positiveness/M -positivism -positivist/S -positron/MS -poss -posse/MS -possess/AEVGSD -possession/ASM -possessive/SMYP -possessiveness/M -possessor/SM -possibility/SM -possible/SM -possibly -possum/SM -post/ZGMDRSJ -postage/M -postal -postbag/S -postbox/S -postcard/SM -postcode/S -postcolonial -postconsonantal -postdate/DSG -postdoc/MS -postdoctoral -poster/M -posterior/SM -posterity/M -postgraduate/SM -posthaste -posthumous/Y -posthypnotic -postie/S -postilion/SM -postindustrial -posting/M -postlude/SM -postman/M -postmark/SMDG -postmaster/MS -postmen -postmenopausal -postmeridian -postmistress/MS -postmodern -postmodernism/M -postmodernist/MS -postmortem/SM -postnasal -postnatal -postoperative -postpaid -postpartum -postpone/DSGL -postponement/SM -postprandial -postscript/SM -postseason/SM -postsynaptic -postulate/XDSMGN -postulation/M -postural -posture/MGJDS -posturing/M -postwar -postwoman -postwomen -posy/SM -pot/CSM -potability/M -potable/SM -potash/M -potassium/M -potato/M -potatoes -potbelly/DSM -potboiler/SM -potency/M -potent/Y -potentate/MS -potential/MYS -potentiality/SM -potentiate/GDS -potful/SM -pothead/SM -pother/SMDG -potherb/SM -potholder/MS -pothole/DRSMZG -pothook/SM -potion/SM -potluck/MS -potpie/SM -potpourri/SM -potsherd/SM -potshot/MS -pottage/M -potted -potter/GSMD -pottery/SM -potting -potty/PRSMT -pouch/MDSG -pouf/S -pouffe/S -poulterer/MS -poultice/DSMG -poultry/M -pounce/DSMG -pound's -pound/KDSG -poundage/M -pounding/SM -pour/GDSJ -pout/ZGMDRS -pouter/M -poverty/M -pow -powder/GSMD -powdery -power/MDSG -powerboat/MS -powerful/Y -powerhouse/SM -powerless/PY -powerlessness/M -powwow/SGMD -pox/MS -pp -ppm -ppr -pr -practicability/M -practicably -practical/SMY -practicality/SM -practice/DSMGB -practiced/U -practicum/SM -practitioner/SM -praetor/SM -praetorian -pragmatic/MS -pragmatical/Y -pragmatism/M -pragmatist/MS -prairie/SM -praise/EDSMG -praiseworthiness/M -praiseworthy/P -praline/SM -pram/MS -prance/DRSMZG -prancer/M -prancing/Y -prang/DSG -prank/MS -prankster/SM -praseodymium/M -prat/S -prate/MZGDRS -prater/M -pratfall/SM -prattle/DRSMZG -prattler/M -prawn/MDSG -pray/ZGDRS -prayer/M -prayerful/Y -preach/DRSZGL -preacher/M -preachment/M -preachy/RT -preadolescence/SM -preadolescent -preamble/MGDS -prearrange/LGDS -prearrangement/M -preassigned -precancel/SMDG -precancerous -precarious/PY -precariousness/M -precast -precaution/MS -precautionary -precede/DSG -precedence/M -precedent/SM -precept/SM -preceptor/SM -precinct/MS -preciosity/M -precious/YP -preciousness/M -precipice/SM -precipitant/MS -precipitate/XMYGNDS -precipitation/M -precipitous/Y -precis/M -precise/DRSYTGNP -preciseness/M -precision/M -preclude/GDS -preclusion/M -precocious/YP -precociousness/M -precocity/M -precognition/M -precognitive -precolonial -preconceive/GDS -preconception/SM -precondition/MDGS -precook/GSD -precursor/SM -precursory -predate/DSG -predator/MS -predatory -predawn -predecease/GDS -predecessor/SM -predefined -predesignate/GDS -predestination/M -predestine/DSG -predetermination/M -predetermine/ZGDRS -predeterminer/M -predicable -predicament/MS -predicate/MGNVDS -predication/M -predicative/Y -predict/BGVSD -predictability/UM -predictable/U -predictably/U -prediction/SM -predictor/MS -predigest/GDS -predilection/SM -predispose/GDS -predisposition/MS -prednisone -predominance/M -predominant/Y -predominate/YGDS -preemie/SM -preeminence/M -preeminent/Y -preempt/GVSD -preemption/M -preemptive/Y -preen/DSG -preexist/DGS -preexistence/M -pref -prefab/SM -prefabbed -prefabbing -prefabricate/DSGN -prefabrication/M -preface/DSMG -prefatory -prefect/SM -prefecture/MS -prefer/SBL -preferably -preference/MS -preferential/Y -preferment/M -preferred -preferring -prefigure/GDS -prefix/MDSG -preform/GSD -prefrontal -pregame/SM -pregnancy/SM -pregnant -preheat/GSD -prehensile -prehistorian/S -prehistoric -prehistorical/Y -prehistory/M -prehuman -preinstalled -prejudge/GDS -prejudgment/SM -prejudice/MGDS -prejudiced/U -prejudicial -prekindergarten/SM -prelacy/M -prelate/SM -prelim/SM -preliminary/SM -preliterate -prelude/MS -premarital -premature/Y -premed/SM -premedical -premeditate/DSGN -premeditated/U -premeditation/M -premenstrual -premier/SGMD -premiere/MS -premiership/MS -premise/DSMG -premium/SM -premix/GDS -premolar/SM -premonition/MS -premonitory -prenatal/Y -prenup/SM -prenuptial -preoccupation/SM -preoccupy/DSG -preoperative -preordain/GDS -preowned -prep/MS -prepackage/DSG -prepacked -prepaid -preparation/SM -preparatory -prepare/GDS -prepared/UP -preparedness/UM -prepay/GSL -prepayment/MS -prepend -preponderance/SM -preponderant/Y -preponderate/GDS -preposition/SM -prepositional/Y -prepossess/GDS -prepossessing/U -prepossession/SM -preposterous/Y -prepped -prepping -preppy/TRSM -prepubescence/M -prepubescent/SM -prepuce/MS -prequel/MS -prerecord/GSD -preregister/SGD -preregistration/M -prerequisite/MS -prerogative/SM -pres -presage/MGDS -presbyopia/M -presbyter/SM -presbytery/SM -preschool/SZMR -preschooler/M -prescience/M -prescient/Y -prescribe/DSG -prescript/SVM -prescription/SM -prescriptive/Y -preseason/SM -presence/SM -present/LMDRYZGSB -presentably -presentation/ASM -presenter/M -presentiment/SM -presentment/SM -preservation/M -preservationist/SM -preservative/SM -preserve/BDRSMZG -preserver/M -preset/S -presetting -preshrank -preshrink/GS -preshrunk -preside/GDS -presidency/SM -president/MS -presidential -presidium/M -presort/DGS -press's -press/ACGSD -pressed/U -presser/MS -pressie/S -pressing/SMY -pressman/M -pressmen -pressure/DSMG -pressurization/M -pressurize/CGDS -pressurizer/SM -prestidigitation/M -prestige/M -prestigious -presto/SM -presumably -presume/GDSB -presumption/SM -presumptive -presumptuous/YP -presumptuousness/M -presuppose/DSG -presupposition/MS -pretax -preteen/MS -pretend/DRZGS -pretender/M -pretense/SXMN -pretension/M -pretentious/UY -pretentiousness/M -preterit/SM -preterm -preternatural/Y -pretest/DGS -pretext/MS -pretrial/S -prettify/GDS -prettily -prettiness/M -pretty/TGDRSMP -pretzel/MS -prevail/DGS -prevalence/M -prevalent -prevaricate/DSGNX -prevarication/M -prevaricator/SM -prevent/DBSGV -preventable/U -preventative/MS -prevention/M -preventive/SM -preview/MDRSZG -previous/Y -prevision/MS -prewar -prey/GMDS -prezzie/S -priapic -price's -price/AGDS -priceless -pricey -pricier -priciest -prick/MDRYSZG -pricker/M -prickle/MGDS -prickliness/M -prickly/PRT -pride/MGDS -prideful/Y -prier/M -priest/SMY -priestess/MS -priesthood/SM -priestliness/M -priestly/RTP -prig/MS -priggish/P -priggishness/M -prim/ZGDRYP -primacy/M -primal -primarily -primary/SM -primate/MS -prime/MS -primer/M -primeval -priming/M -primitive/SPMY -primitiveness/M -primmer -primmest -primness/M -primogenitor/SM -primogeniture/M -primordial/Y -primp/DSG -primrose/SM -primula/S -prince/SMY -princedom/SM -princeliness/M -princely/PRT -princess/MS -principal/SMY -principality/SM -principle/DSM -principled/U -print/AMDSG -printable/U -printer/MS -printing/SM -printmaking -printout/SM -prion/S -prior/MS -prioress/MS -prioritization -prioritize/DSG -priority/SM -priory/SM -prism/MS -prismatic -prison/SZMR -prisoner/M -prissily -prissiness/M -prissy/PTR -pristine -prithee -privacy/M -private/XMYTNRS -privateer/SM -privation/CSM -privatization/SM -privatize/DSG -privet/SM -privilege/DSMG -privileged/U -privily -privy/RSMT -prize/MGDS -prized/A -prizefight/ZGSMR -prizefighter/M -prizefighting/M -prizewinner/MS -prizewinning -pro/SM -probabilistic -probability/SM -probable/SM -probably -probate/MN -probation/ZMR -probational -probationary -probationer/M -probe/MGDSBJ -probity/M -problem/MS -problematic/U -problematical/Y -probosces -proboscis/MS -procaine/M -procedural -procedure/SM -proceed/GJDS -proceeding/M -proceeds/M -process's -process/AGDS -processable -processed/U -procession/GD -processional/MS -processor/SM -proclamation/MS -proclivity/SM -procrastinate/DSGN -procrastination/M -procrastinator/MS -procreate/V -proctor/GMDS -procurement/M -prod/MS -prodigal/MYS -prodigality/M -prodigious/Y -prodigy/SM -produce's -produce/AZGDRS -producer/AM -producible/A -production/ASM -productive/UY -productiveness/M -productivity/M -prof/MS -profanation/MS -profane/PYGDS -profaneness/M -profanity/SM -professed/Y -profession/SM -professional/MYS -professionalism/M -professionalization -professionalize/DSG -professor/SM -professorial/Y -professorship/SM -proffer/GMDS -proficiency/M -proficient/MYS -profit/BGD -profitability/M -profitable/U -profitably/U -profiteer/MDGS -profiteering/M -profiterole/SM -profitless -profligacy/M -profligate/SMY -proforma -profound/RYTP -profoundness/M -profundity/SM -profuse/PY -profuseness/M -progenitor/SM -progeny/M -progesterone/M -progestin/S -prognathous -prognoses -prognosis/M -prognostic/MS -prognosticate/XGNDS -prognostication/M -prognosticator/MS -program/CAS -programmable/MS -programmatic -programmed/AC -programmer/MS -programming/SM -progress/MDSGV -progression/MS -progressive/PMYS -progressiveness/M -prohibit/DGVS -prohibition/SM -prohibitionist/MS -prohibitive/Y -prohibitory -project/GMDS -projectile/SM -projection/SM -projectionist/SM -projector/MS -prokaryote/MS -prokaryotic -prole/S -proletarian/MS -proletariat/M -proliferate/DSGN -proliferation/M -prolific -prolifically -prolix/Y -prolixity/M -prologue/SM -prolongation/SM -prom/M -promenade/MGDS -promethium/M -prominence/M -prominent/Y -promiscuity/M -promiscuous/Y -promise/DSMG -promising/Y -promissory -promo/M -promontory/SM -promote/DRZG -promoter/M -promotional -prompt/JPSMDRYZTG -prompted/U -prompter/M -prompting/M -promptitude/M -promptness/M -promulgate/GNDS -promulgation/M -promulgator/MS -prone/P -proneness/M -prong/MDS -pronghorn/MS -pronominal/M -pronounce/DSLG -pronounceable/U -pronouncement/SM -pronto -pronunciation/MS -proof/ADGSM -proofread/SRZG -proofreader/M -prop/MS -propaganda/M -propagandist/MS -propagandize/GDS -propagate/DSGN -propagation/M -propagator/SM -propel/S -propellant/MS -propelled -propeller/SM -propelling -propensity/SM -proper/MRYT -property/DSM -prophecy/SM -prophesier/M -prophesy/DRSMZG -prophet/SM -prophetess/MS -prophetic -prophetical/Y -prophylactic/SM -prophylaxes -prophylaxis/M -propinquity/M -propitiate/DSGN -propitiation/M -propitiatory -propitious/Y -proponent/SM -proportion/ESM -proportional/YS -proportionality -proportionate/EY -proposal/MS -propped -propping -propranolol -proprietary/SM -proprieties/M -proprietor/SM -proprietorial/Y -proprietorship/M -proprietress/MS -propriety/SM -propulsion/M -propulsive -prorate/DSG -prorogation/M -prorogue/GD -prosaic -prosaically -proscenium/SM -prosciutto/M -proscribe/DG -proscription/MS -prose/M -prosecute/DSXGN -prosecution/M -prosecutor/MS -proselyte/DSMG -proselytism/M -proselytize/DRSZG -proselytizer/M -prosocial -prosody/SM -prospect/MDGVS -prospective/Y -prospector/SM -prospectus/MS -prosper/GSD -prosperity/M -prosperous/Y -prostate/MS -prostheses -prosthesis/M -prosthetic -prostitute/MGNDS -prostitution/M -prostrate/GNXDS -prostration/M -prosy/RT -protactinium/M -protagonist/SM -protean -protect/GVSD -protected/U -protection/SM -protectionism/M -protectionist/MS -protective/PY -protectiveness/M -protector/MS -protectorate/MS -protege/SM -protegee/S -protein/SM -protestant/S -protestation/MS -protocol/MS -proton/SM -protoplasm/M -protoplasmic -prototype/MGS -prototypical -protozoa -protozoan/MS -protozoic -protract/GD -protrude/GDS -protrusile -protrusion/MS -protuberance/MS -protuberant -proud/RYT -prov/NB -provability/M -provably -prove/EAGDS -proved/U -proven/U -provenance/SM -provender/M -provenience/M -proverbial/Y -provide/DRSZG -provided/U -providence/M -provident/Y -providential/Y -provider/M -province/MS -provincial/SMY -provincialism/M -provisional/Y -proviso/SM -provocateur/S -provocative/PY -provocativeness/M -provoke/DRSZG -provoked/U -provoker/M -provoking/Y -provolone/M -provost/SM -prow/MS -prowess/M -prowl/MDRSZG -prowler/M -proximal -proximate -proximity/M -proxy/SM -prude/MS -prudence/M -prudent/Y -prudential/Y -prudery/M -prudish/YP -prudishness/M -prune/MZGDRS -pruner/M -prurience/M -prurient/Y -pry/ZTGDRSM -psalm/MS -psalmist/SM -psaltery/SM -psephologist/S -psephology -pseud/S -pseudo/S -pseudonym/SM -pseudonymous -pseudoscience/MS -pseudy -pshaw/MS -psi/SM -psittacosis/M -psoriasis/M -psst -psych/MDSG -psyche/M -psychedelia -psychedelic/SM -psychedelically -psychiatric -psychiatrist/SM -psychiatry/M -psychic/MS -psychical/Y -psycho/SM -psychoactive -psychoanalyses -psychoanalysis/M -psychoanalyst/SM -psychoanalytic -psychoanalytical/Y -psychoanalyze/DSG -psychobabble/M -psychodrama/MS -psychogenic -psychokinesis -psychokinetic -psychological/Y -psychologist/MS -psychology/SM -psychometric -psychoneuroses -psychoneurosis/M -psychopath/M -psychopathic -psychopathology -psychopaths -psychopathy/M -psychopharmacology -psychophysiology -psychos/S -psychosis/M -psychosomatic -psychotherapist/MS -psychotherapy/SM -psychotic/SM -psychotically -psychotropic/MS -psychs -pt/C -ptarmigan/MS -pterodactyl/MS -ptomaine/SM -pub/SM -pubertal -puberty/M -pubes/M -pubescence/M -pubescent -pubic -pubis/M -public/AM -publican/AMS -publication/ASM -publicist/MS -publicity/M -publicize/GDS -publicly -publish/AGDS -publishable -published/U -publisher/MS -publishing/M -puce/M -puck/ZMRS -pucker/MDG -puckish/YP -puckishness/M -pud/S -pudding/SM -puddle/DSMG -puddling/M -pudenda -pudendum/M -pudginess/M -pudgy/PRT -pueblo/SM -puerile -puerility/M -puerperal -puff/ZGMDRS -puffball/SM -puffer/M -puffin/SM -puffiness/M -puffy/PRT -pug/SM -pugilism/M -pugilist/SM -pugilistic -pugnacious/YP -pugnaciousness/M -pugnacity/M -puke/MGDS -pukka -pulchritude/M -pulchritudinous -pule/GDS -pull/ZGMDRS -pullback/MS -puller/M -pullet/SM -pulley/SM -pullout/MS -pullover/SM -pulmonary -pulp/GMDS -pulpiness/M -pulpit/SM -pulpwood/M -pulpy/RPT -pulsar/SM -pulsate/XGNDS -pulsation/M -pulse/AMGDS -pulverization/M -pulverize/DSG -puma/MS -pumice/SM -pummel/SGD -pump/ZGMDRS -pumper/M -pumpernickel/M -pumpkin/MS -pun/SM -punch/MDRSZG -punchbag/S -puncheon/MS -puncher/M -punchline/S -punchy/TR -punctilio/M -punctilious/PY -punctiliousness/M -punctual/Y -punctuality/M -punctuate/GNDS -punctuation/M -puncture/DSMG -pundit/SM -punditry/M -pungency/M -pungent/Y -puniness/M -punish/BLGDS -punished/U -punishing/Y -punishment/MS -punitive/Y -punk/TMRS -punned -punnet/S -punning -punster/SM -punt/ZGMDRS -punter/M -puny/TRP -pup/SM -pupa/M -pupae -pupal -pupate/DSG -pupil/MS -pupped -puppet/MS -puppeteer/SM -puppetry/M -pupping -puppy/SM -purblind -purchase/DRSMZGB -purchaser/M -purdah/M -pure/PYTR -purebred/SM -puree/MDS -pureeing -pureness/M -purgative/SM -purgatorial -purgatory/SM -purge/MZGDRS -purger/M -purification/M -purifier/M -purify/NDRSZG -purine/MS -purism/M -purist/MS -puristic -puritan/SM -puritanical/Y -puritanism/M -purity/M -purl/GMDS -purlieu/SM -purloin/SGD -purple/MTRS -purplish -purport/SMDG -purported/Y -purpose/DSMYG -purposed/A -purposeful/YP -purposefulness/M -purposeless/PY -purr/GMDS -purse/MZGDRS -purser/M -pursuance/M -pursuant -pursue/ZGDRS -pursuer/M -pursuit/SM -purulence/M -purulent -purvey/DSG -purveyance/M -purveyor/SM -purview/M -pus/M -push/ZGMDRS -pushbike/S -pushcart/SM -pushchair/S -pusher/M -pushily -pushiness/M -pushover/MS -pushpin/S -pushy/TRP -pusillanimity/M -pusillanimous/Y -puss/MS -pussy/TRSM -pussycat/MS -pussyfoot/DSG -pustular -pustule/SM -put/ISM -putative -putout/MS -putrefaction/M -putrefactive -putrefy/GDS -putrescence/M -putrescent -putrid -putsch/MS -putt/ZGMDRS -putted/I -puttee/MS -putter/MDRZG -putterer/M -putting/I -putty/GDSM -putz/S -puzzle/MZGDRSL -puzzlement/M -puzzler/M -pvt -pwn/SGD -pyelonephritis -pygmy/SM -pylon/SM -pylori -pyloric -pylorus/M -pyorrhea/M -pyramid/GSMD -pyramidal -pyre/MS -pyrimidine/MS -pyrite/SM -pyrites/M -pyromania/M -pyromaniac/SM -pyrotechnic/S -pyrotechnical -pyrotechnics/M -pyruvate -python/SM -pyx/MS -pzazz -q -qr -qt/S -qty -qua -quack/GMDS -quackery/M -quad/MS -quadrangle/SM -quadrangular -quadrant/MS -quadraphonic -quadratic/MS -quadrature -quadrennial -quadrennium/MS -quadriceps/MS -quadrilateral/SM -quadrille/XMNS -quadrillion/M -quadriplegia/M -quadriplegic/SM -quadrivium/M -quadruped/MS -quadrupedal -quadruple/MGDS -quadruplet/MS -quadruplicate/MGNDS -quadruplication/M -quaff/GMDS -quagmire/SM -quahog/MS -quail/GMDS -quaint/PRYT -quaintness/M -quake/MGDS -quaky -qualification/EM -qualified/U -qualifier/SM -qualify/EGXNDS -qualitative/Y -quality/SM -qualm/MS -qualmish -quandary/SM -quango/S -quanta -quantifiable -quantification/M -quantifier/M -quantify/NDRSZG -quantitation -quantitative/Y -quantity/SM -quantization -quantize -quantum/M -quarantine/MGDS -quark/MS -quarrel/SZGMDR -quarreler/M -quarrelsome/P -quarrelsomeness/M -quarry/DSMG -quart/MS -quarter/SGMDY -quarterback/GMDS -quarterdeck/MS -quarterfinal/SM -quarterly/SM -quartermaster/MS -quarterstaff/M -quarterstaves -quartet/SM -quarto/MS -quartz/M -quasar/MS -quash/GDS -quasi -quatrain/MS -quaver/MDSG -quavery -quay/MS -quayside/S -queasily -queasiness/M -queasy/TPR -queen/GMDYS -queenly/RT -queer/PTGMDRYS -queerness/M -quell/GDS -quench/ZGDRSB -quenchable/U -quencher/M -quenchless -querulous/YP -querulousness/M -query/DSMG -ques -quesadilla/MS -quest/IFAMS -quested -questing -question/SMDRZGBJ -questionable/U -questionably/U -questioned/U -questioner/M -questioning/MY -questionnaire/SM -queue's -queue/CDS -queuing -quibble/DRSMZG -quibbler/M -quiche/SM -quick/MNRYXTP -quicken/DG -quickfire -quickie/SM -quicklime/M -quickness/M -quicksand/MS -quicksilver/M -quickstep/MS -quid/MS -quiescence/M -quiescent/Y -quiet/SMDNRYXTGP -quieten/DG -quietism -quietness/M -quietude/IEM -quietus/MS -quiff/S -quill/SM -quilt/SMDRZG -quilter/M -quilting/M -quin/S -quince/SM -quine/S -quinidine -quinine/M -quinoa -quinsy/M -quint/SM -quintessence/SM -quintessential/Y -quintet/SM -quintuple/MGDS -quintuplet/MS -quip/MS -quipped -quipping -quipster/SM -quire's -quire/IAS -quirk/SMDG -quirkiness/M -quirky/RTP -quirt/SM -quisling/SM -quit/S -quitclaim/MS -quite -quittance/M -quitter/SM -quitting -quiver/SMDG -quivery -quixotic -quixotically -quiz/M -quizzed -quizzer/SM -quizzes -quizzical/Y -quizzing -quo/H -quoin/SM -quoit/SMDG -quondam -quorate/I -quorum/SM -quot/B -quota/SM -quotability/M -quotation/SM -quote's -quote/UDSG -quotidian -quotient/SM -qwerty -r/S -rabbet/GMDS -rabbi/SM -rabbinate/M -rabbinic -rabbinical -rabbit/GMDS -rabble/MS -rabid/PY -rabidness/M -rabies/M -raccoon/MS -race/MZGDRS -racecourse/SM -racegoer/S -racehorse/MS -raceme/MS -racer/M -racetrack/MS -raceway/MS -racial/Y -racialism/M -racialist/MS -racily -raciness/M -racing/M -racism/M -racist/SM -rack/GMDS -racket/SMDG -racketeer/SMDG -racketeering/M -raconteur/SM -racquetball/SM -racy/PRT -rad/SM -radar/SM -radarscope/SM -raddled -radial/SMY -radian/S -radiance/M -radiant/Y -radiate/DSGNX -radiation/M -radiator/SM -radical/SMY -radicalism/M -radicalization/M -radicalize/DSG -radicchio/M -radii -radio/MDGS -radioactive/Y -radioactivity/M -radiocarbon/M -radiogram/MS -radiographer/SM -radiography/M -radioisotope/MS -radiologist/SM -radiology/M -radioman/M -radiomen -radiometer/MS -radiometric -radiometry/M -radiophone/SM -radioscopy/M -radiosonde/SM -radiosurgery -radiotelegraph/M -radiotelegraphs -radiotelegraphy/M -radiotelephone/MS -radiotherapist/MS -radiotherapy/M -radish/MS -radium/M -radius/M -radon/M -raffia/M -raffish/YP -raffishness/M -raffle/DSMG -raft/ZGMDRS -rafter/M -rafting/M -rag/SGMD -raga/MS -ragamuffin/MS -ragbag/M -rage/MS -ragga -ragged/RYTP -raggedness/M -raggedy/RT -ragging -raging/Y -raglan/SM -ragout/SM -ragtag/S -ragtime/M -ragweed/M -ragwort -rah -raid/ZGMDRS -raider/M -rail's -rail/CGDS -railcard/S -railing/SM -raillery/SM -railroad/SZGMDR -railroader/M -railroading/M -railway/SM -railwayman -railwaymen -raiment/M -rain/GMDS -rainbow/SM -raincoat/SM -raindrop/SM -rainfall/SM -rainmaker/SM -rainmaking/M -rainproof -rainstorm/MS -rainwater/M -rainy/RT -raise/MZGDRS -raiser/M -raisin/SM -rajah/M -rajahs -rake/MGDS -rakish/YP -rakishness/M -rally/DSMG -ram/SM -ramble/DRSMZGJ -rambler/M -rambunctious/PY -rambunctiousness/M -ramekin/SM -ramie/M -ramification/M -ramify/DSXNG -ramjet/SM -rammed -ramming -ramp/GMS -rampage/DSMG -rampancy/M -rampant/Y -rampart/SM -ramrod/SM -ramrodded -ramrodding -ramshackle -ran/A -ranch/MDRSZG -rancher/M -ranching/M -rancid/P -rancidity/M -rancidness/M -rancor/M -rancorous/Y -rand/M -randiness/M -random/PSY -randomization/M -randomize/DSG -randomness/MS -randy/RTP -ranee/MS -rang/ZR -range's -range/CGDS -rangefinder/S -ranger/M -ranginess/M -rangy/RTP -rank/TGJPMDRYS -ranking/M -rankle/DSG -rankness/M -ransack/SGD -ransom/SZGMDR -ransomer/M -ransomware -rant/ZGMDJRS -ranter/M -rap/SZGMDR -rapacious/PY -rapaciousness/M -rapacity/M -rape/MS -raper/M -rapeseed/M -rapid/PMRYTS -rapidity/M -rapidness/M -rapier/SM -rapine/M -rapist/SM -rapped -rappel/SM -rappelled -rappelling -rapper/SM -rapping -rapport/MS -rapporteur/S -rapprochement/SM -rapscallion/MS -rapt/YP -raptness/M -raptor/S -rapture/MS -rapturous/Y -rare/YTGPDRS -rarebit/MS -rarefaction/M -rarefy/GDS -rareness/M -rarity/SM -rascal/SMY -rash/ZTMRSYP -rasher/M -rashness/M -rasp/GMDS -raspberry/SM -raspy/RT -raster -rat/SM -ratatouille/M -ratbag/S -ratchet/GMDS -rate/JXMZGNDRS -rated/U -ratepayer/S -rater/M -rather -rathskeller/SM -ratification/M -ratifier/M -ratify/NDRSZG -rating/M -ratio/MS -ratiocinate/GNDS -ratiocination/M -ration/MDG -rational/SMY -rationale/MS -rationalism/M -rationalist/SM -rationalistic -rationality/M -rationalization/MS -rationalize/DSG -ratlike -ratline/SM -rattan/SM -ratted -ratter/SM -ratting -rattle/DRSMZGJ -rattlebrain/SMD -rattler/M -rattlesnake/SM -rattletrap/SM -rattly -rattrap/SM -ratty/RT -raucous/YP -raucousness/M -raunchily -raunchiness/M -raunchy/TRP -ravage/DRSMZG -ravager/M -ravages/M -rave/JMZGDRS -ravel's -ravel/UDSG -raveling/S -raven/MDSG -ravenous/Y -ravine/SM -raving/M -ravioli/SM -ravish/DRSZGL -ravisher/M -ravishing/Y -ravishment/M -raw/PTMR -rawboned -rawhide/M -rawness/M -ray/SM -rayon/M -raze/GDS -razor/MS -razorback/MS -razz/GMDS -razzmatazz/M -rcpt -rd -re/DSMYTGVJ -reach/MDSGB -reachable/U -reacquire/DSG -react/V -reactance -reactant/SM -reactionary/SM -reactivity -read/ZGMRBJS -readability/SM -reader/M -readership/SM -readily -readiness/M -reading/M -readmitted -readout/SM -ready/DRSTGP -reafforestation -real/TMRYPS -realism/M -realist/SM -realistic/U -realistically/U -realities -reality/UM -realization/MS -realize/DSBG -realized/U -realm/MS -realness/M -realpolitik/M -realty/M -ream/ZGMDRS -reamer/M -reap/ZGDRS -reaper/M -rear/GMDS -rearguard/MS -rearmost -rearward/S -reason/SMDRZGB -reasonable/UP -reasonableness/UM -reasonably/U -reasoner/M -reasoning/M -reassuring/Y -rebate/M -rebel/MS -rebellion/MS -rebellious/YP -rebelliousness/M -rebid/S -rebidding -rebirth/M -reboil/SDG -rebuild/SG -rebuke/DSMG -rebuking/Y -rebuttal/MS -rec'd -rec/M -recalcitrance/M -recalcitrant -recant/SDG -recantation/SM -recap/MS -recapitalization -recce/S -recd -receipt/SMDG -receivables/M -receive/DRSZGB -receiver/M -receivership/M -recent/RYTP -recentness/M -receptacle/SM -reception/MS -receptionist/SM -receptive/PY -receptiveness/M -receptivity/M -receptor/SM -recess/MDSGV -recessional/SM -recessionary -recessive/SM -recherche -recidivism/M -recidivist/SM -recipe/SM -recipient/SM -reciprocal/SMY -reciprocate/GNDS -reciprocation/M -reciprocity/M -recital/SM -recitalist/MS -recitative/MS -reciter/SM -reckless/YP -recklessness/M -reckon/SJDG -reckoning/M -reclamation/M -recline/DRSZG -recliner/M -recluse/SMV -recognizable/U -recognizably/U -recognize/DRSGB -recognized/U -recombination -recompense/DSMG -recompilation -recompile/GD -recon/S -reconcile/GDSB -reconciliation/S -recondite -reconfiguration -reconfigure/D -reconnaissance/MS -reconnoiter/DGS -reconstruct/V -reconstructed/U -recorded/U -recorder/MS -recording/MS -recoup/DG -recourse/M -recoverable/U -recovery/SM -recreant/MS -recreational -recriminate/DSGNX -recrimination/M -recriminatory -recrudesce/GDS -recrudescence/M -recrudescent -recruit/LSMDRZG -recruiter/M -recruitment/M -rectal/Y -rectangle/MS -rectangular -rectifiable -rectification/M -rectifier/M -rectify/XNDRSZG -rectilinear -rectitude/M -recto/MS -rector/SM -rectory/SM -rectum/SM -recumbent -recuperate/GNVDS -recuperation/M -recur/S -recurred -recurrence/SM -recurring -recursion/S -recuse/DSG -recyclable/SM -recycling/M -red/PSM -redact/SDG -redaction/M -redactor/SM -redbird/SM -redbreast/MS -redbrick -redcap/SM -redcoat/SM -redcurrant/S -redden/SDG -redder -reddest -reddish -redeem/RZB -redeemer/M -redemption/M -redemptive -redhead/SMD -redirection -redistrict/GD -redivide/GDS -redlining/M -redneck/SM -redness/M -redo/G -redolence/M -redolent -redoubt/SBM -redoubtably -redound/SDG -redraw/SG -redskin/SM -reduce/DRSZG -reducer/M -reducible -reductase/M -reduction/SM -reductionist -reductive -redundancy/SM -redundant/Y -redwood/SM -redye/DS -reediness/M -reedy/RTP -reef/ZGMDRS -reefer/M -reek/GMDS -reel's -reel/UGDS -reeve/G -reexport/SDG -ref/SZM -refashion/DGS -refection/M -refectory/SM -refer/B -referee/DSM -refereeing -reference/MGDS -referendum/MS -referent/SM -referential -referral/SM -referred -referrer/SM -referring -reffed -reffing -refill/BM -refined/U -refinement/SM -refiner/SM -refinery/S -refitting -reflate/XDSGN -reflationary -reflect/GVSD -reflection/MS -reflective/Y -reflectivity -reflector/MS -reflexive/SMY -reflexivity -reflexology -reforge/DSG -reform/MZ -reformat/V -reformatory/SM -reformatting -reformed/U -reformist/S -refortify/GDS -refract/SGVD -refraction/M -refractory/SM -refrain/SGMD -refresh/ZGLDRS -refresher/M -refreshing/Y -refreshment/SM -refreshments/M -refrigerant/SM -refrigerate/DSGN -refrigeration/M -refrigerator/MS -refuge/SM -refugee/SM -refulgence/M -refulgent -refund/B -refurbishment/MS -refusal/MS -refutation/MS -refute/BDRSZG -refuter/M -reg -regal/DYG -regalement/M -regalia/M -regard/ESMDG -regardless -regards/M -regather/DGS -regatta/SM -regency/SM -regeneracy/M -regenerate/V -regex/M -regexp/S -reggae/M -regicidal -regicide/MS -regime/SM -regimen/SM -regiment/MDGS -regimental -regimentation/M -region/SM -regional/Y -regionalism/MS -register/GMDS -registered/U -registrant/MS -registrar/MS -registration/SM -registry/SM -regnant -regress/MDSGV -regression/MS -regret/SM -regretful/Y -regrettable -regrettably -regretted -regretting -regrind/GS -reground -regroup/DGS -regular/MYS -regularity/SM -regularization/M -regularize/DSG -regulate/CDSGNV -regulated/U -regulation/CM -regulations -regulator/MS -regulatory -regurgitate/DSGN -regurgitation/M -rehab/MS -rehabbed -rehabbing -rehabilitate/GNVDS -rehabilitation/M -rehang/SDG -rehears/GD -rehearsal/MS -rehearsed/U -rehi -rehung -reify/NDSG -reign/MDSG -reimburse/BDSGL -reimbursement/MS -rein/GD -reindeer/M -reinforce/LGDS -reinforcement/SM -reinitialize -reinstall/DG -reinstatement/M -reinsurance -reiterate/V -reject/GSMD -rejection/SM -rejoice/JGDS -rejoicing/M -rejoinder/SM -rejuvenate/DSGN -rejuvenation/M -rel -relate/DRSBXZGNV -relatedness/M -relater/M -relation/M -relational -relationship/MS -relative/MYS -relativism/M -relativist/S -relativistic -relativity/M -relax/DRSZG -relaxant/MS -relaxation/SM -relaxer/M -relay/D -release/B -released/U -relegate/GNDS -relent/SGD -relentless/PY -relentlessness/M -relevance/M -relevancy/M -relevant/Y -reliability/UM -reliable/U -reliably/U -reliance/M -reliant -relic/MS -relief/SM -relieve/ZGDRS -reliever/M -religion/SM -religiosity -religious/MYP -religiousness/M -reline/DSG -relinquish/LDSG -relinquishment/M -reliquary/SM -relish/GMDS -relist/SGD -relocate/B -reluctance/M -reluctant/Y -rely/GDS -rem/M -remain/SGD -remainder/GMDS -remand/SGD -remapping -remark/B -remarkableness/M -remarkably -remarked/U -remediable -remedy/GDSM -remember/DG -remembered/U -remembrance/MS -reminder/M -reminisce/GDS -reminiscence/MS -reminiscent/Y -remiss/PY -remissness/M -remit/S -remittance/SM -remitted -remitting/U -remix/DSG -remnant/MS -remodel/GDS -remold/SGD -remonstrant/SM -remonstrate/DSG -remorse/M -remorseful/Y -remorseless/PY -remorselessness/M -remote/RSMYTP -remoteness/M -removal/SM -remunerate/GNVXDS -remuneration/M -renaissance/MS -renal -renascence/S -rend/GS -render/SGMDJ -rendering/M -rendezvous/GMDS -rendition/MS -renegade/DSMG -renege/DRSZG -reneger/M -renew/DSBG -renewal/MS -rennet/M -rennin/M -renounce/LDSG -renouncement/M -renovate/DSXGN -renovation/M -renovator/MS -renown/MD -rent/ZGMDRS -rental/SM -renter/M -renunciation/SM -reopen/SDG -reorg/MDSG -rep/SM -repaint/GDS -repair/BZR -repairer/M -repairman/M -repairmen -reparable -reparation/MS -reparations/M -repartee/M -repatriate/XDSMGN -repatriation/M -repeat/SMDRZGB -repeatability -repeatable/U -repeatably -repeated/Y -repeater/M -repeating/M -repel/S -repelled -repellent/SM -repelling -repent/SDG -repentance/M -repentant/Y -repercussion/S -repertoire/MS -repertory/SM -repetition/MS -repetitious/YP -repetitiousness/M -repetitive/YP -repetitiveness/M -rephotograph/DG -replaceable -replant/GSD -replenish/LGDS -replenishment/M -replete/PDSGN -repleteness/M -repletion/M -replica/SM -replicate/DSGNX -replication/M -replicator/S -reportage/M -reported/Y -reportorial -reposeful -reposition -repository/SM -reprehend/DGS -reprehensibility/M -reprehensible -reprehensibly -reprehension/M -represent/GDS -representational -representative/MS -represented/U -repression/MS -repressive/PY -reprieve/DSMG -reprimand/GSMD -reprisal/SM -reprise/SMG -reproach/GMDSB -reproachful/Y -reprobate/MS -reproductive -reprogramming -reproving/Y -reptile/SM -reptilian/MS -republic/S -republicanism/M -repudiate/XGNDS -repudiation/M -repudiator/MS -repugnance/M -repugnant -repulsion/M -repulsive/YP -repulsiveness/M -repurchase/GDS -reputability/M -reputably/E -reputation/MS -repute/DSMGB -reputed/Y -request/GDR -requiem/SM -require/LDG -requirement/MS -requisite/XMNS -requisition/GMD -requital/M -requite/DRSZG -requited/U -requiter/M -reread/SG -rerecord/GDS -rerunning -resample/GDS -resat -rescind/SDG -rescission/M -rescue/DRSMZG -rescuer/M -reseal/B -resemble/DSG -resend -resent/LSDG -resentful/YP -resentfulness/M -resentment/MS -reserpine/M -reservation/MS -reserved/UY -reservedness/M -reservist/SM -reservoir/SM -resetting -reshipping -residence/SM -residency/SM -resident/MS -residential -residua -residual/MS -residue/SM -residuum/M -resignation/SM -resigned/Y -resilience/M -resiliency/M -resilient/Y -resinous -resist/SMDRZG -resistance/SM -resistant/U -resistible -resistivity -resistless -resistor/MS -resit/S -resitting -resold -resole/DSG -resolute/PY -resoluteness/M -resolve/RBM -resolved/U -resonance/SM -resonant/Y -resonate/GDS -resonator/SM -resorption/M -resound/SGD -resounding/Y -resourceful/YP -resourcefulness/M -resp -respect/ESGVMD -respectability/M -respectable -respectably -respectful/EY -respectfulness/M -respective/Y -respell/SGD -respiration/M -respirator/SM -respiratory -respire/DG -resplendence/M -resplendent/Y -respond/SGD -respondent/SM -response/MS -responsibility/SM -responsible -responsibly -responsive/UYP -responsiveness/UM -rest/GVMDS -restate/GDS -restaurant/SM -restaurateur/MS -restful/YP -restfuller -restfullest -restfulness/M -restitution/M -restive/YP -restiveness/M -restless/PY -restlessness/M -restoration/SM -restorative/SM -restorer/SM -restrained/U -restraint/MS -restrict/SDGV -restricted/U -restriction/MS -restrictive/YP -restrictiveness/M -restring/SG -restroom/SM -restructuring/SM -result/GSMD -resultant/SM -resume/DSMG -resumption/MS -resupply/DSG -resurgence/MS -resurgent -resurrect/GSD -resurrection/MS -resuscitate/GNDS -resuscitation/M -resuscitator/SM -retailer/MS -retain/SDRZG -retainer/M -retake/G -retaliate/DSGNVX -retaliation/M -retaliatory -retard/SMDRZG -retardant/SM -retardation/M -retarder/M -retch/DSG -reteach/GS -retention/M -retentive/YP -retentiveness/M -rethink/SGM -rethought -reticence/M -reticent/Y -reticulated -reticulation/MS -reticulum -retina/SM -retinal -retinoblastoma -retinue/SM -retiree/SM -retirement/MS -retort/GMD -retrace/GDS -retract/DBG -retractile -retraction/S -retrain/DGS -retread/D -retrenchment/MS -retribution/MS -retributive -retrieval/SM -retrieve/DRSMZGB -retriever/M -retro/MS -retroactive/Y -retrofire/GDS -retrofit/SM -retrofitted -retrofitting -retrograde/DSG -retrogress/GVDS -retrogression/M -retrorocket/MS -retrospect/MDSGV -retrospection/M -retrospective/MYS -retrovirus/MS -retsina/M -returnable/SM -returnee/SM -rev/ZVM -revamping/M -reveal/GJSD -revealed/U -revealing/Y -reveille/M -revel/JMDRSZG -revelation/SM -revelatory -reveler/M -revelry/SM -revenge/MGDS -revenuer/SM -reverb -reverberate/DSGNX -reverberation/M -revere/DSG -reverence/DSMG -reverend/SM -reverent/Y -reverential/Y -reverie/MS -revers/M -reversal/SM -reverse/Y -reversibility -reversible -reversibly -revert/GSD -revertible -revetment/SM -revile/DRSLZG -revilement/M -reviler/M -reviser/MS -revision/SM -revisionism/M -revisionist/SM -revival/MS -revivalism/M -revivalist/SM -revive/DSG -revivification/M -revocable -revoke/DSG -revolt/GD -revolting/Y -revolution/SM -revolutionary/SM -revolutionist/SM -revolutionize/DSG -revolve/BZGDRS -revolver/M -revue/MS -revulsion/M -revved -revving -rewarded/U -rewarding/U -rewarm/GSD -rewash/GDS -reweave/GS -rewedding -rewind/MB -rewound -rewrite/MGS -rhapsodic -rhapsodical -rhapsodize/GDS -rhapsody/SM -rhea/MS -rhenium/M -rheostat/SM -rhesus/MS -rhetoric/M -rhetorical/Y -rhetorician/SM -rheum/M -rheumatic/MS -rheumatically -rheumatism/M -rheumatoid -rheumy -rhinestone/SM -rhinitis/M -rhino/MS -rhinoceros/MS -rhinoplasty -rhinovirus/MS -rhizome/MS -rho/SM -rhodium/M -rhododendron/SM -rhomboid/SM -rhomboidal -rhombus/MS -rhubarb/MS -rhyme/MZGDRS -rhymer/M -rhymester/MS -rhythm/SM -rhythmic -rhythmical/Y -rial/MS -rib/SM -ribald -ribaldry/M -ribbed -ribber/SM -ribbing -ribbon/SM -riboflavin/M -rice/MZGDRS -ricer/M -rich/TMRSYP -richness/M -rick/GMDS -rickets/M -rickety/RT -rickrack/M -rickshaw/MS -ricochet/GMDS -ricotta/M -rid/S -riddance/M -ridden -ridding -riddle/DSMG -ride/MZGRS -rider/M -riderless -ridership/M -ridge/MGDS -ridgepole/SM -ridgy -ridicule/MGDS -ridiculous/YP -ridiculousness/M -riding/M -rife/TR -riff/GMDS -riffle/DSMG -riffraff/M -rifle/MZGDRS -rifleman/M -riflemen -rifler/M -rifling/M -rift/GMDS -rig/SM -rigatoni/M -rigged -rigger/SM -rigging/M -right/MDRYSPTG -righteous/UP -righteously -righteousness/UM -rightful/PY -rightfulness/M -rightism/M -rightist/SM -rightmost -rightness/M -righto -rightsize/DSG -rightward/S -rigid/YP -rigidity/M -rigidness/M -rigmarole/MS -rigor/MS -rigorous/YP -rigorousness/M -rile/GDS -rill/MS -rim/SGMD -rime/MS -rimless -rimmed -rimming -rind/MS -ring/ZGMDRJ -ringer/M -ringgit/MS -ringleader/MS -ringlet/MS -ringlike -ringmaster/MS -ringside/M -ringtone/SM -ringworm/M -rink/MS -rinse/MGDS -riot/ZGMDRS -rioter/M -rioting/M -riotous/PY -rip/SXTMNR -riparian -ripcord/MS -ripe/YP -ripen/DG -ripened/U -ripeness/M -ripoff/SM -riposte/MGDS -ripped -ripper/SM -ripping -ripple/DSMG -ripply -ripsaw/SM -riptide/MS -rise/JMZGRS -risen -riser/M -risibility/M -risible -rising/M -risk/GMDS -riskily -riskiness/M -risky/RPT -risotto/MS -risque -rissole/S -rite/MS -ritual/SMY -ritualism/M -ritualistic -ritualistically -ritualized -ritzy/RT -riv/ZNR -rival/MDSG -rivaled/U -rivalry/SM -rive/CGDS -river/M -riverbank/SM -riverbed/MS -riverboat/SM -riverfront -riverside/MS -rivet/MDRSZG -riveter/M -riviera/S -rivulet/MS -riyal/MS -rm -roach/GMDS -road/IMS -roadbed/SM -roadblock/MDSG -roadhouse/SM -roadie/MS -roadkill/M -roadrunner/SM -roadshow/SM -roadside/SM -roadster/SM -roadway/SM -roadwork/SM -roadworthy -roam/ZGDRS -roamer/M -roaming/M -roan/MS -roar/ZGMDRS -roarer/M -roaring/M -roast/ZGMDRSJ -roaster/M -roasting/M -rob/S -robbed -robber/MS -robbery/SM -robbing -robe's -robe/EGDS -robin/MS -robocall/SGMD -robot/MS -robotic/S -robotics/M -robotize/GDS -robust/RYPT -robustness/M -rock/ZGMDRS -rockabilly/M -rockbound -rocker/M -rockery/S -rocket/MDSG -rocketry/M -rockfall/SM -rockiness/M -rocky/TRP -rococo/M -rod/SM -rode -rodent/MS -rodeo/MS -roe/SM -roebuck/SM -roentgen/MS -roger/GDS -rogue's -rogue/KS -roguery/M -roguish/YP -roguishness/M -roil/GDS -roister/ZGDRS -roisterer/M -role/MS -roll/MDRZGJS -rollback/SM -roller/M -rollerblading -rollerskating/M -rollick/SDG -rollicking/M -rollmop/S -rollover/SM -romaine/MS -roman/M -romance/MZGDRS -romancer/M -romantic/MS -romantically -romanticism/M -romanticist/SM -romanticize/DSG -romeo/MS -romp/MDRZGS -romper/M -rondo/SM -rood/MS -roof/MDRZGS -roofer/M -roofing/M -roofless -rooftop/SM -rook/MDGS -rookery/SM -rookie/SM -room/MDRZGS -roomer/M -roomette/SM -roomful/SM -roominess/M -roommate/SM -roomy/RTP -roost/SMDRZG -rooster/M -root/MDRZGS -rooter/M -rootkit/SM -rootless/P -rootlet/SM -rope/MZGDRS -roper/M -ropy/RT -rosary/SM -rose/MS -roseate -rosebud/SM -rosebush/MS -rosemary/M -rosette/SM -rosewater/M -rosewood/MS -rosily -rosin/SMDG -rosiness/M -roster/SM -rostrum/MS -rosy/RTP -rot/SM -rota/S -rotary/SM -rotate/DSGNX -rotation/M -rotational -rotatory -rote/M -rotgut/M -rotisserie/SM -rotogravure/MS -rotor/SM -rototiller/MS -rotted -rotten/TPRY -rottenness/M -rotter/S -rotting -rottweiler/S -rotund/P -rotunda/MS -rotundity/M -rotundness/M -roue/MS -rouge/DSMG -rough/MDNRYXTGP -roughage/M -roughcast -roughen/GD -roughhouse/MGDS -roughneck/GMDS -roughness/M -roughs -roughshod -roulette/M -round/PSMDRYZTG -roundabout/SM -roundel/S -roundelay/MS -roundhouse/SM -roundish -roundness/M -roundup/MS -roundworm/SM -rouse/DSG -roust/SDG -roustabout/SM -rout/MRZS -route's -route/ADSG -routeing -router/M -routine/MYS -routinize/GDS -roux -rove/ZGDRS -rover/M -row/SZGMDR -rowan/S -rowboat/MS -rowdily -rowdiness/M -rowdy/PRSMT -rowdyism/M -rowel/SMDG -rower/M -rowing/M -rowlock/S -royal/SMY -royalist/SM -royalties/M -royalty/SM -rpm -rps -rt -rte -rub/SM -rubato/SM -rubbed -rubber/SM -rubberize/GDS -rubberneck/MDRSZG -rubbernecker/M -rubbery -rubbing/S -rubbish/MDSG -rubbishy -rubble/M -rubdown/SM -rube/MS -rubella/M -rubicund -rubidium/M -ruble/SM -rubric/SM -ruby/RSMT -ruched -ruck/DGS -rucksack/MS -ruckus/MS -ructions -rudder/SM -rudderless -ruddiness/M -ruddy/RTP -rude/YTRP -rudeness/M -rudiment/SM -rudimentary -rue/DSMG -rueful/PY -ruefulness/M -ruff/MDYGS -ruffian/MYS -ruffle/DSMG -ruffled/U -rug/SM -rugby/M -rugged/PTRY -ruggedness/M -rugger -rugrat/SM -ruin/MDGS -ruination/M -ruinous/Y -rule/MZGJDRS -ruler/M -ruling/M -rum/SM -rumba/SMDG -rumble/DSJMG -rumbling/M -rumbustious -ruminant/MS -ruminate/XGNVDS -rumination/M -ruminative/Y -rummage/DSMG -rummer -rummest -rummy/M -rumor/SMDG -rumormonger/SM -rump/MYS -rumple/DSMG -rumpus/MS -run/ASM -runabout/MS -runaround/SM -runaway/MS -rundown/SM -rune/MS -rung/MS -runic -runlet/SM -runnel/SM -runner/SM -running/M -runny/RT -runoff/SM -runt/MS -runtime -runty/RT -runway/SM -rupee/SM -rupiah/M -rupiahs -rupture/MGDS -rural -ruse/MS -rush/MDRSZG -rusher/M -rushy -rusk/MS -russet/SM -rust/MDGS -rustic/SM -rustically -rusticate/GDS -rustication/M -rusticity/M -rustiness/M -rustle/DRSJMZG -rustler/M -rustproof/SDG -rusty/RPNT -rut/SM -rutabaga/SM -ruthenium/M -rutherfordium/M -ruthless/YP -ruthlessness/M -rutted -rutting -rutty/RT -rye/M -s/NYXB -sabbath/M -sabbaths -sabbatical/SM -saber/MS -sable/MS -sabot/MS -sabotage/DSMG -saboteur/SM -sabra/MS -sac/SM -saccharin/M -saccharine -sacerdotal -sachem/SM -sachet/SM -sack/ZGMDRJS -sackcloth/M -sacker/M -sackful/MS -sacking/M -sacra -sacrament/MS -sacramental -sacred/YP -sacredness/M -sacrifice/DSMG -sacrificial/Y -sacrilege/MS -sacrilegious/Y -sacristan/MS -sacristy/SM -sacroiliac/MS -sacrosanct/P -sacrosanctness/M -sacrum/M -sad/PY -sadden/SDG -sadder -saddest -saddle's -saddle/UDSG -saddlebag/MS -saddler/S -saddlery -sades -sadhu/S -sadism/M -sadist/SM -sadistic -sadistically -sadness/M -sadomasochism/M -sadomasochist/MS -sadomasochistic -safari/SGMD -safe/MYTPRS -safeguard/SMDG -safekeeping/M -safeness/M -safety/SM -safflower/MS -saffron/MS -sag/SM -saga/MS -sagacious/Y -sagacity/M -sage/MYTRS -sagebrush/M -sagged -sagging -saggy/RT -sago/M -saguaro/MS -sahib/MS -said/U -sail/GMDSJ -sailboard/MRZGS -sailboarder/M -sailboarding/M -sailboat/MS -sailcloth/M -sailfish/MS -sailing/M -sailor/SM -sailplane/MS -saint/MDYS -sainthood/M -saintlike -saintliness/M -saintly/PRT -saith -sake/M -salaam/SMDG -salable/U -salacious/PY -salaciousness/M -salacity/M -salad/MS -salamander/SM -salami/SM -salary/DSM -sale/ABMS -saleroom/S -salesclerk/SM -salesgirl/SM -saleslady/SM -salesman/M -salesmanship/M -salesmen -salespeople/M -salesperson/MS -salesroom/S -saleswoman/M -saleswomen -salience/M -salient/SMY -saline/SM -salinity/M -saliva/M -salivary -salivate/GNDS -salivation/M -sallow/RTP -sallowness/M -sally/DSMG -salmon/SM -salmonella/M -salmonellae -salon/MS -saloon/SM -salsa/MS -salt's -salt/CTGDS -saltbox/MS -saltcellar/SM -salted/U -salter -saltine/SM -saltiness/M -saltpeter/M -saltshaker/SM -saltwater/M -salty/RTP -salubrious/I -salutary -salutation/MS -salutatorian/MS -salutatory -salute/DSMG -salvage/DSMG -salvageable -salvation/M -salve/MZGDRS -salver/M -salvo/MS -samarium/M -samba/MDSG -same/SP -sameness/M -samey -samizdat/S -samosa/S -samovar/SM -sampan/SM -sample/DRSMZGJ -sampler/M -sampling/M -samurai/SM -sanatorium/SM -sanctification/M -sanctify/GDSN -sanctimonious/YP -sanctimoniousness/M -sanctimony/M -sanction/GSMD -sanctioned/U -sanctity/M -sanctuary/SM -sanctum/SM -sand/ZGMDRS -sandal/SM -sandalwood/M -sandbag/SM -sandbagged -sandbagger/SM -sandbagging -sandbank/MS -sandbar/SM -sandblast/ZGMDRS -sandblaster/M -sandbox/MS -sandcastle/MS -sander/M -sandhog/SM -sandiness/M -sandlot/SM -sandlotter/MS -sandman/M -sandmen -sandpaper/GMDS -sandpiper/MS -sandpit/S -sandstone/M -sandstorm/SM -sandwich/MDSG -sandy/RTP -sane/IYTR -saneness/M -sang/S -sangfroid/M -sangria/M -sanguinary -sanguine/Y -sanitarian/SM -sanitarium/SM -sanitary/IU -sanitation/M -sanitize/ZGDRS -sanity/IM -sank -sans -sanserif -sap/SM -sapience/M -sapiens -sapient -sapless -sapling/MS -sapped -sapper/S -sapphire/SM -sappiness/M -sapping -sappy/PRT -saprophyte/SM -saprophytic -sapsucker/SM -sapwood/M -saran/M -sarcasm/MS -sarcastic -sarcastically -sarcoma/MS -sarcophagi -sarcophagus/M -sardine/MS -sardonic -sardonically -sarge/MS -sari/MS -sarky -sarnie/S -sarong/SM -sarsaparilla/MS -sartorial/Y -sash/MS -sashay/SGMD -sass/GMDS -sassafras/MS -sassy/RT -sat -satanic -satanical/Y -satanism/M -satanist/MS -satay -satchel/MS -sate/GDS -sateen/M -satellite/DSMG -satiable/I -satiate/GNDS -satiation/M -satiety/M -satin/M -satinwood/SM -satiny -satire/SM -satiric -satirical/Y -satirist/SM -satirize/DSG -satisfaction/EM -satisfactions -satisfactorily/U -satisfactory/U -satisfied/U -satisfy/EDSG -satisfying/U -satisfyingly -satori/M -satrap/SM -satsuma/S -saturate/DSGN -saturated/U -saturation/M -saturnine -satyr/MS -satyriasis/M -satyric -sauce/MZGDRS -saucepan/SM -saucer/M -saucily -sauciness/M -saucy/RPT -sauerkraut/M -sauna/MDSG -saunter/MDGS -saurian -sauropod/SM -sausage/MS -saute/MS -sauteed -sauteing -savage/DRSMYTGP -savageness/M -savagery/SM -savanna/MS -savant/SM -save/BJMZGDRS -saved/U -saver/M -saving/M -savings/M -savior/SM -savor/MDSG -savoriness/M -savory/PTRSM -savoy/MS -savvy/DRSMTG -saw/SGMD -sawbones/M -sawbuck/MS -sawdust/M -sawfly/SM -sawhorse/SM -sawmill/MS -sawyer/SM -sax/MS -saxifrage/SM -saxophone/MS -saxophonist/SM -say's -say/USG -saying/SM -scab/MS -scabbard/MS -scabbed -scabbiness/M -scabbing -scabby/PTR -scabies/M -scabrous -scad/MS -scaffold/SMG -scaffolding/M -scag/S -scagged -scalability -scalar/S -scalawag/MS -scald/MDSG -scale's -scale/CGDS -scaleless -scalene -scaliness/M -scallion/MS -scallop/GSMD -scalp/MDRSZG -scalpel/SM -scalper/M -scaly/RTP -scam/MS -scammed -scammer/S -scamming -scamp/MRSZ -scamper/GMD -scampi/M -scan/MS -scandal/SM -scandalize/DSG -scandalmonger/SM -scandalous/Y -scandium/M -scanned -scanner/SM -scanning -scansion/M -scant/CDSTG -scanter -scantily -scantiness/M -scantly -scantness/M -scanty/RSPT -scapegoat/SGMD -scapegrace/MS -scapula/M -scapulae -scapular/SM -scar/GMDS -scarab/SM -scarce/RYTP -scarceness/M -scarcity/SM -scare/MS -scarecrow/MS -scaremonger/SMG -scarf/MDSG -scarification/M -scarify/NDSG -scarily -scariness/M -scarlatina/M -scarlet/M -scarp/MDRSZG -scarper/DG -scarred -scarring -scarves -scary/RTP -scat/MS -scathing/Y -scatological -scatology/M -scatted -scatter/GJSMD -scatterbrain/SMD -scattering/M -scattershot -scatting -scatty -scavenge/ZGDRS -scavenger/M -scenario/MS -scenarist/MS -scene/MS -scenery/M -scenic -scenically -scent/CMS -scented/U -scenting -scentless -scepter/MS -sch -schadenfreude -schedule's -schedule/ADSG -scheduled/U -scheduler/S -schema -schemata -schematic/SM -schematically -schematize/GDS -scheme/DRSMZG -schemer/M -scherzo/MS -schilling/MS -schism/SM -schismatic/SM -schist/M -schistosomiasis -schizo/SM -schizoid/MS -schizophrenia/M -schizophrenic/SM -schlemiel/SM -schlep/SM -schlepped -schlepping -schlock/M -schmaltz/M -schmaltzy/TR -schmo/M -schmoes -schmooze/DRSZG -schmuck/MS -schnapps/M -schnauzer/SM -schnitzel/SM -schnook/MS -schnoz/MS -schnozzle/SM -scholar/MYS -scholarship/MS -scholastic -scholastically -scholasticism -school/SGMD -schoolbag/MS -schoolbook/SM -schoolboy/MS -schoolchild/M -schoolchildren/M -schooldays -schooled/U -schoolfellow/SM -schoolgirl/SM -schoolhouse/SM -schooling/M -schoolkid/S -schoolmarm/SM -schoolmarmish -schoolmaster/MS -schoolmate/SM -schoolmistress/MS -schoolroom/SM -schoolteacher/MS -schoolwork/M -schoolyard/SM -schooner/SM -schuss/GMDS -schussboomer/MS -schwa/MS -sci -sciatic -sciatica/M -science/FMS -scientific/U -scientifically/U -scientist/SM -scimitar/SM -scintilla/MS -scintillate/DSGN -scintillation/M -scion/MS -scissor/GDS -scleroses -sclerosis/M -sclerotic -scoff/MDRSZG -scoffer/M -scofflaw/MS -scold/MDSGJ -scolding/M -scoliosis/M -sconce/SM -scone/MS -scoop/MDSG -scoopful/MS -scoot/DRSZG -scooter/M -scope/MGDS -scorbutic -scorch/MDRSZG -scorcher/M -score/MZGDRS -scoreboard/SM -scorecard/MS -scorekeeper/MS -scoreless -scoreline/S -scorer/M -scorn/MDRSZG -scorner/M -scornful/Y -scorpion/MS -scotch/MDSG -scotchs -scoundrel/MS -scour/DRSZG -scourer/M -scourge/DSMG -scout/MDRSZG -scouting/M -scoutmaster/MS -scow/MS -scowl/MDSG -scrabble/MZGDRS -scrabbler/M -scrag/MS -scraggly/RT -scraggy/TR -scram/S -scramble's -scramble/UGDS -scrambler/MS -scrammed -scramming -scrap/MDRSZGJ -scrapbook/SM -scrape/SM -scraper/M -scrapheap/SM -scrapie -scrapped -scrapper/MS -scrapping -scrappy/TR -scrapyard/SM -scratch/GMDS -scratchcard/S -scratched/U -scratchily -scratchiness/M -scratchpad/S -scratchy/PRT -scrawl/SMDG -scrawly -scrawniness/M -scrawny/PTR -scream/SMDRZG -screamer/M -screaming/Y -scree/MDS -screech/GMDS -screechy/TR -screed/S -screen/SJMDG -screening/M -screenplay/SM -screensaver/SM -screenshot/S -screenwriter/SM -screenwriting/M -screw's -screw/UDSG -screwball/MS -screwdriver/MS -screwiness/M -screwworm/SM -screwy/PRT -scribal -scribble/MZGDRS -scribbler/M -scribe's -scribe/CKIS -scrim/MS -scrimmage/MGDS -scrimp/SDG -scrimshaw/MDGS -scrip/MS -script/FSMDG -scripted/U -scriptural -scripture/MS -scriptwriter/SM -scrivener/SM -scrod/M -scrofula/M -scrofulous -scrog/S -scroll/GSMD -scrooge/MS -scrota -scrotal -scrotum/M -scrounge/DRSZG -scrounger/M -scroungy/TR -scrub/MS -scrubbed -scrubber/SM -scrubbing -scrubby/RT -scruff/SM -scruffily -scruffiness/M -scruffy/RPT -scrum/S -scrumhalf -scrumhalves -scrummage/S -scrummed -scrumming -scrump/SGD -scrumptious/Y -scrumpy -scrunch/MDSG -scrunchy/SM -scruple/MGDS -scrupulosity/M -scrupulous/UPY -scrupulousness/UM -scrutineer/S -scrutinize/GDS -scrutiny/M -scuba/MDSG -scud/MS -scudded -scudding -scuff/MDSG -scuffle/MGDS -scull/MDRSZG -sculler/M -scullery/SM -scullion/SM -sculpt/SGD -sculptor/SM -sculptress/MS -sculptural -sculpture/DSMG -scum/MS -scumbag/MS -scummed -scumming -scummy/TR -scupper/MDGS -scurf/M -scurfy -scurrility/M -scurrilous/PY -scurrilousness/M -scurry/GDSM -scurvily -scurvy/TRM -scutcheon/SM -scuttle/MGDS -scuttlebutt/M -scuzzy/TR -scythe/DSMG -sea/SM -seabed/SM -seabird/MS -seaboard/SM -seaborne -seacoast/SM -seafarer/SM -seafaring/M -seafloor/SM -seafood/M -seafront/SM -seagoing -seagull/MS -seahorse/MS -seal's -seal/AUSDG -sealant/MS -sealer/SM -sealskin/M -seam/GMDNS -seaman/M -seamanship/M -seamless/Y -seamount/MS -seamstress/MS -seamy/RT -seance/SM -seaplane/SM -seaport/MS -sear/GMDS -search/AZGMDRS -searchable/U -searcher/AM -searching/Y -searchlight/MS -searing/Y -seascape/SM -seashell/SM -seashore/SM -seasick/P -seasickness/M -seaside/MS -season/SGMDBJ -seasonable/U -seasonably/U -seasonal/Y -seasonality -seasoned/U -seasoning/M -seat's -seat/UGDS -seating/M -seatmate/SM -seawall/MS -seaward/MS -seawater/M -seaway/SM -seaweed/MS -seaworthiness/M -seaworthy/P -sebaceous -seborrhea/M -sebum -sec'y -sec/SM -secant/SM -secateurs -secede/DSG -secession/M -secessionist/MS -seclude/GDS -seclusion/M -seclusive -second/SLZGMDRY -secondarily -secondary/SM -seconder/M -secondhand -secondment/S -secrecy/M -secret/SGVMDY -secretarial -secretariat/MS -secretary/SM -secretaryship/M -secrete/XNS -secretion/M -secretive/PY -secretiveness/M -secretory -sect/IMS -sectarian/MS -sectarianism/M -sectary/SM -section/AESM -sectional/MS -sectionalism/M -sectioned -sectioning -sector/ESM -secular -secularism/M -secularist/SM -secularization/M -secularize/DSG -secure/DRSYTG -secured/U -security/ISM -secy -sedan/MS -sedate/DRSYTGNVP -sedateness/M -sedation/M -sedative/SM -sedentary -sedge/M -sedgy -sediment/MS -sedimentary -sedimentation/M -sedition/M -seditious -seduce/DRSZG -seducer/M -seduction/SM -seductive/YP -seductiveness/M -seductress/MS -sedulous/Y -see/RSMZ -seed's -seed/AGDS -seedbed/MS -seedcase/MS -seeded/U -seeder/SM -seediness/M -seedless -seedling/MS -seedpod/MS -seedy/RPT -seeing/S -seek/ZGRS -seeker/M -seem/GDS -seeming/Y -seemliness/UM -seemly/URTP -seen/U -seep/GDS -seepage/M -seer/M -seersucker/M -seesaw/SMDG -seethe/DSG -segfault/S -segment/GSMD -segmentation/M -segmented/U -segregate/CDSGN -segregated/U -segregation/CM -segregationist/MS -segue/MGDS -segueing -seigneur/SM -seignior/SM -seine/MZGDRS -seiner/M -seismic -seismically -seismograph/ZMR -seismographer/M -seismographic -seismographs -seismography/M -seismologic -seismological -seismologist/MS -seismology/M -seize/GDS -seizure/MS -seldom -select/CSGVD -selection/SM -selective/Y -selectivity/M -selectman/M -selectmen -selectness/M -selector/MS -selenium/M -selenographer/MS -selenography/M -self/M -selfie/SM -selfish/UYP -selfishness/UM -selfless/PY -selflessness/M -selfsame -sell's -sell/AZGRS -seller's -selloff/MS -sellotape/DSG -sellout/MS -seltzer/MS -selvage/MS -selves -semantic/S -semantically -semanticist/MS -semantics/M -semaphore/DSMG -semblance/ASM -semen/M -semester/SM -semi/MS -semiannual/Y -semiarid -semiautomatic/MS -semibreve/S -semicircle/SM -semicircular -semicolon/MS -semiconducting -semiconductor/MS -semiconscious -semidarkness/M -semidetached -semifinal/SM -semifinalist/MS -semigloss/S -semimonthly/SM -seminal -seminar/MS -seminarian/SM -seminary/SM -semiofficial -semiotic/S -semiotics/M -semipermeable -semiprecious -semiprivate -semipro/S -semiprofessional/SM -semiquaver/S -semiretired -semiskilled -semisolid -semisweet -semitone/SM -semitrailer/MS -semitransparent -semitropical -semivowel/SM -semiweekly/SM -semiyearly -semolina/M -sempstress/MS -senate/SM -senator/MS -senatorial -send/ZGRS -sender/M -sendoff/MS -senescence/M -senescent -senile -senility/M -senior/SM -seniority/M -senna/M -senor/MS -senora/SM -senorita/SM -sensation/MS -sensational/Y -sensationalism/M -sensationalist/MS -sensationalize/GDS -sense/MGDS -senseless/PY -senselessness/M -sensibilities -sensibility/IM -sensible/P -sensibleness/M -sensibly/I -sensitive/SMYP -sensitiveness/M -sensitivities -sensitivity/IM -sensitization/CM -sensitize/CDSG -sensor/SM -sensory -sensual/Y -sensualist/SM -sensuality/M -sensuous/YP -sensuousness/M -sent/FAU -sentence/MGDS -sententious/Y -sentience/IM -sentient/I -sentiment/SM -sentimental/Y -sentimentalism/M -sentimentalist/MS -sentimentality/M -sentimentalization/M -sentimentalize/GDS -sentinel/MS -sentry/SM -sepal/MS -separability/IM -separable -separably/I -separate/XMYGNVDSP -separateness/M -separation/M -separatism/M -separatist/MS -separator/MS -sepia/M -sepsis/M -septa -septal -septet/SM -septic -septicemia/M -septicemic -septuagenarian/MS -septum/M -sepulcher/GMDS -sepulchral -seq -sequel/SM -sequence/MZGDRS -sequencing/M -sequential/FY -sequester/SDG -sequestrate/XGNDS -sequestration/M -sequin/SMD -sequinned -sequitur -sequoia/MS -seraglio/MS -serape/SM -seraph/M -seraphic -seraphs -sere/TR -serenade/MGDS -serendipitous -serendipity/M -serene/RPYT -sereneness/M -serenity/M -serf/MS -serfdom/M -serge/M -sergeant/MS -serial/SMY -serialization/SM -serialize/GDSB -series/M -serif/MS -serigraph/M -serigraphs -serine -serious/PY -seriousness/M -sermon/SM -sermonize/GDS -serology/M -serotonin -serous -serpent/MS -serpentine/M -serrate/XND -serration/M -serried -serum/MS -servant/MS -serve's/AF -serve/FACGDS -server/SM -servery/S -service/EMS -serviceability/M -serviceable -serviced -serviceman/M -servicemen -servicewoman/M -servicewomen -servicing -serviette/MS -servile -servility/M -serving's -servings -servitor/MS -servitude/M -servo/MS -servomechanism/SM -servomotor/MS -sesame/SM -sesquicentennial/MS -session/MS -set/AISM -setback/MS -setscrew/SM -setsquare/S -sett/BJZGRS -settee/MS -setter/M -setting/M -settle's -settle/AUGDS -settlement/AM -settlements -settler/SM -setup/MS -seven/MHS -seventeen/SMH -seventeenth/M -seventeenths -seventh/M -sevenths -seventieth/M -seventieths -seventy/SMH -sever/ETGDS -several/MY -severance/SM -severe/YPR -severeness/M -severity/M -sew/ASGD -sewage/M -sewer/MS -sewerage/M -sewing/M -sewn/A -sex/GMDS -sexagenarian/SM -sexily -sexiness/M -sexism/M -sexist/MS -sexless -sexologist/SM -sexology/M -sexpot/MS -sextant/SM -sextet/MS -sexting -sexton/MS -sextuplet/SM -sexual/Y -sexuality/M -sexy/PTR -sf -sh -shabbily -shabbiness/M -shabby/PTR -shack/MDSG -shackle's -shackle/UGDS -shad/GMDSJ -shade/MS -shadily -shadiness/M -shading/M -shadow/SGMD -shadowbox/GDS -shadowy/RT -shady/RPT -shaft/MDSG -shag/MS -shagged -shagginess/M -shagging -shaggy/TPR -shah/M -shahs -shake/MZGRS -shakedown/SM -shaken/U -shakeout/MS -shaker/M -shakeup/MS -shakily -shakiness/M -shaky/RPT -shale/M -shall -shallot/MS -shallow/TPMRYS -shallowness/M -shalom -shalt -sham/GMDS -shaman/SM -shamanic -shamanism -shamanistic -shamble/MGDS -shambles/M -shambolic -shame/MS -shamefaced/Y -shameful/PY -shamefulness/M -shameless/YP -shamelessness/M -shammed -shamming -shampoo/ZGMDRS -shampooer/M -shamrock/MS -shan't -shandy/S -shanghai/DSG -shank/MS -shantung/M -shanty/SM -shantytown/SM -shape's -shape/AGDS -shaped/U -shapeless/YP -shapelessness/M -shapeliness/M -shapely/PTR -shard/MS -share/MZGDRS -shareable -sharecrop/S -sharecropped -sharecropper/MS -sharecropping -shareholder/SM -shareholding/S -sharer/M -shareware/M -sharia/M -shariah -shark/MDSG -sharkskin/M -sharp/MDNRYSPXZTG -sharpen/ADGS -sharpener/MS -sharper/M -sharpie/MS -sharpish -sharpness/M -sharpshooter/SM -sharpshooting/M -shatter/GMDS -shatterproof -shave/MZGDRSJ -shaven/U -shaver/M -shaving/M -shawl/MS -shay/MS -she'd -she'll -she/DSM -sheaf/M -shear/MDRSZG -shearer/M -sheath/JM -sheathe/UGDS -sheathing/M -sheaths -sheave/DSMG -shebang/MS -shebeen/S -shed/MS -shedding -sheen/M -sheeny/TR -sheep/M -sheepdog/MS -sheepfold/SM -sheepherder/MS -sheepish/YP -sheepishness/M -sheepskin/MS -sheer/MDRSPTG -sheerness/M -sheet/MSG -sheeting/M -sheetlike -sheikdom/MS -sheikh/M -sheikhs -sheila/S -shekel/SM -shelf/M -shell/MDRSG -shellac/MS -shellacked -shellacking/MS -shellfire/M -shellfish/MS -shelter/GMDS -shelve/GDS -shelving/M -shenanigan/SM -shepherd/SMDG -shepherdess/MS -sherbet/SM -sheriff/SM -sherry/SM -shew/GDS -shewn -shh -shiatsu/M -shibboleth/M -shibboleths -shield/MDGS -shift/GMDS -shiftily -shiftiness/M -shiftless/PY -shiftlessness/M -shifty/RPT -shiitake/SM -shill/GMDSJ -shillelagh/M -shillelaghs -shilling/M -shim/MS -shimmed -shimmer/SMDG -shimmery -shimming -shimmy/DSMG -shin/ZGMDRS -shinbone/SM -shindig/SM -shine/MS -shiner/M -shingle/DSMG -shinguard/M -shininess/M -shinned -shinning -shinny/DSG -shinsplints/M -shiny/TRP -ship's -ship/ALS -shipboard/MS -shipbuilder/SM -shipbuilding/M -shipload/SM -shipmate/SM -shipment/AM -shipments -shipowner/MS -shipped/A -shipper/SM -shipping/M -shipshape -shipwreck/GMDS -shipwright/MS -shipyard/SM -shire/MS -shirk/ZGDRS -shirker/M -shirr/GMDSJ -shirring/M -shirt/GMDS -shirtfront/SM -shirting/M -shirtless -shirtsleeve/SM -shirttail/SM -shirtwaist/MS -shirty -shit/SM! -shitfaced/! -shithead/S! -shitload/! -shitted/! -shitting/! -shitty/RT! -shiv/ZMRS -shiver/MDG -shivery -shoal/GMDS -shoat/MS -shock/ZGMDRS -shocker/M -shocking/Y -shockproof -shod/U -shoddily -shoddiness/M -shoddy/PRMT -shoe/MS -shoehorn/GMDS -shoeing -shoelace/MS -shoemaker/SM -shoeshine/SM -shoestring/SM -shoetree/MS -shogun/MS -shogunate/M -shone -shoo/GDS -shook -shoot/ZGMRSJ -shooter/M -shooting/M -shootout/MS -shop/MS -shopaholic/MS -shopfitter/S -shopfitting -shopfront/S -shopkeeper/MS -shoplift/DRZGS -shoplifter/M -shoplifting/M -shoppe/MZGDRS -shopper/M -shopping/M -shoptalk/M -shopworn -shore/MGDS -shorebird/SM -shoreline/MS -shoring/M -short/XTGMDNRYSP -shortage/MS -shortbread/M -shortcake/MS -shortchange/DSG -shortcoming/MS -shortcrust -shortcut/MS -shorten/JGD -shortening/M -shortfall/MS -shorthand/MD -shorthorn/MS -shortish -shortlist/DGS -shortness/M -shortsighted/PY -shortsightedness/M -shortstop/MS -shortwave/MS -shorty/SM -shot/MS -shotgun/SM -shotgunned -shotgunning -should -should've -shoulder/MDGS -shouldn't -shout/ZGMDRS -shouter/M -shove/MGDS -shovel/MDSG -shovelful/SM -show/JZGMDRS -showbiz/M -showboat/MDGS -showcase/MGDS -showdown/MS -shower/MDG -showerproof -showery -showgirl/MS -showground/S -showily -showiness/M -showing/M -showjumping -showman/M -showmanship/M -showmen -shown -showoff/SM -showpiece/SM -showplace/SM -showroom/MS -showstopper/MS -showstopping -showtime -showy/TRP -shpt -shrank -shrapnel/M -shred/MS -shredded -shredder/MS -shredding -shrew/MS -shrewd/RYPT -shrewdness/M -shrewish -shriek/MDSG -shrift/M -shrike/MS -shrill/DRSPTG -shrillness/M -shrilly -shrimp/MDRSZG -shrine/MS -shrink/MSBG -shrinkage/M -shrive/GDS -shrivel/SGD -shriven -shroud/GMDS -shrub/MS -shrubbery/SM -shrubby/RT -shrug/MS -shrugged -shrugging -shrunk/N -shtick/MS -shuck/GMDS -shucks/S -shudder/MDSG -shuffle/AMGDS -shuffleboard/SM -shuffler/SM -shun/S -shunned -shunning -shunt/MSDG -shush/DSG -shut/S -shutdown/SM -shuteye/M -shutoff/SM -shutout/SM -shutter/SMDG -shutterbug/MS -shutting -shuttle/DSMG -shuttlecock/GMDS -shy/TGDRSMY -shyer -shyest -shyness/M -shyster/SM -sibilant/SM -sibling/SM -sibyl/MS -sibylline -sic/S -sicced -siccing -sick/PXTGDNRYS -sickbay/S -sickbed/SM -sicken/DG -sickening/Y -sickie/MS -sickish -sickle/MS -sickly/RT -sickness/MS -sicko/MS -sickout/SM -sickroom/MS -side's -side/AGDS -sidearm/SM -sidebar/SM -sideboard/SM -sideburns/M -sidecar/SM -sidekick/SM -sidelight/MS -sideline/DSMG -sidelong -sideman/M -sidemen -sidepiece/MS -sidereal -sidesaddle/MS -sideshow/MS -sidesplitting -sidestep/MS -sidestepped -sidestepping -sidestroke/DSMG -sideswipe/DSMG -sidetrack/SMDG -sidewalk/MS -sidewall/MS -sideways -sidewinder/SM -siding/MS -sidle/MGDS -siege/MS -sienna/M -sierra/MS -siesta/MS -sieve/MGDS -sift/ZGDRS -sifted/U -sifter/M -sigh/GMD -sighs -sight/GMDYSJ -sighting/M -sightless -sightly/UTR -sightread -sightseeing/M -sightseer/MS -sigma/MS -sign's/C -sign/AFCGDS -signage/M -signal/MDRYSZG -signaler/M -signalization/M -signalize/GDS -signalman/M -signalmen -signatory/SM -signature/MS -signboard/MS -signed/U -signer/CMS -signet/MS -significance/IM -significant/IY -signification/M -signify/XDSNG -signing's/C -signings -signor/FMS -signora/SM -signore -signori -signorina/MS -signorine -signpost/GSMD -silage/M -silence/DRSMZG -silencer/M -silent/MRYST -silhouette/DSMG -silica/M -silicate/MS -siliceous -silicon/SM -silicone/M -silicosis/M -silk/MNS -silkily -silkiness/M -silkscreen/SM -silkworm/MS -silky/TRP -sill/MS -silliness/M -silly/TRSMP -silo/MS -silt/GMDS -silty/TR -silver/GMDS -silverfish/MS -silversmith/M -silversmiths -silverware/M -silvery -sim/SM -simian/MS -similar/Y -similarity/ESM -simile/MS -similitude/EM -simmer/GMDS -simonize/DSG -simony/M -simpatico -simper/GMDS -simpering/Y -simple/TRP -simpleminded -simpleness/M -simpleton/SM -simplex -simplicity/M -simplification/M -simplify/DSXNG -simplistic -simplistically -simply -simulacra -simulacrum/S -simulate/EDSGN -simulation/EM -simulations -simulator/EMS -simulcast/GMDS -simultaneity/M -simultaneous/Y -sin/ASM -since -sincere/IYT -sincerer -sincerity/IM -sine/MS -sinecure/MS -sinew/MS -sinewy -sinful/PY -sinfulness/M -sing/BZGMDRYS -singalong/S -singe/MS -singeing -singer/M -singing/M -single/PMGDS -singleness/M -singles/M -singlet/S -singleton/SM -singletree/SM -singsong/SMDG -singular/SMY -singularity/SM -sinister -sink/BZGMRS -sinkable/U -sinker/M -sinkhole/SM -sinless -sinned -sinner/MS -sinning -sinology -sinuosity/M -sinuous/Y -sinus/MS -sinusitis/M -sinusoidal -sip/SM -siphon/GMDS -sipped -sipper/SM -sipping -sir/SXMN -sire/CMGDS -siren/M -sirloin/SM -sirocco/SM -sirrah -sirree/M -sis/MS -sisal/M -sissified -sissy/RSMT -sister/ASM -sisterhood/MS -sisterliness/M -sisterly/P -sit/S -sitar/SM -sitarist/MS -sitcom/SM -site/MGDS -sitemap/SM -sitter/SM -sitting/SM -situ -situate/DSXGN -situation/M -situational -six/MSH -sixfold -sixpence/MS -sixshooter/M -sixteen/SMH -sixteenth/M -sixteenths -sixth/M -sixths -sixtieth/M -sixtieths -sixty/SMH -sizable -size's -size/AGDS -sizer -sizing/M -sizzle/DRSMZG -ska/M -skate/MZGDRS -skateboard/MDRSZG -skateboarder/M -skateboarding/M -skater/M -skating/M -skedaddle/MGDS -skeet/ZMR -skein/MS -skeletal -skeleton/SM -skeptic/SM -skeptical/Y -skepticism/M -sketch/MDRSZG -sketchbook/S -sketcher/M -sketchily -sketchiness/M -sketchpad/S -sketchy/RTP -skew/MDRZGS -skewbald/S -skewer/MDG -ski/SZGMDR -skibob/S -skid/MS -skidded -skidding -skidpan/S -skier/M -skiff/SM -skiffle -skiing/M -skill's -skill/CSD -skilled/U -skillet/SM -skillful/UY -skillfulness/M -skim/MS -skimmed -skimmer/SM -skimming -skimp/SDG -skimpily -skimpiness/M -skimpy/RTP -skin/MS -skincare/M -skinflint/MS -skinful -skinhead/MS -skinless -skinned -skinniness/M -skinning -skinny/RMTP -skint -skintight -skip/MS -skipped -skipper/SMDG -skipping -skirmish/ZGMDRS -skirt/SMDG -skit/MS -skitter/GSD -skittish/YP -skittishness/M -skittle/S -skive/DRSZG -skivvy/DSMG -skoal/SM -skua/S -skulduggery/M -skulk/SDRZG -skulker/M -skull/SM -skullcap/MS -skunk/SMDG -sky/GSM -skycap/SM -skydive/DRSZG -skydiver/M -skydiving/M -skyjack/JZGSDR -skyjacker/M -skyjacking/M -skylark/SGMD -skylight/MS -skyline/SM -skyrocket/GSMD -skyscraper/SM -skyward/S -skywriter/SM -skywriting/M -slab/MS -slabbed -slabbing -slack/PXZTGMDNRYS -slacken/DG -slacker/M -slackness/M -slacks/M -slag/MS -slagged -slagging -slagheap/S -slain -slake/GDS -slalom/MSDG -slam/MS -slammed -slammer/SM -slamming -slander/MZGDRS -slanderer/M -slanderous -slang/M -slangy/RT -slant/MSDG -slanting/Y -slantwise -slap/MS -slapdash -slaphappy -slapped -slapper/S -slapping -slapstick/M -slash/MDRSZG -slasher/M -slat/MDGS -slate/SM -slather/SDG -slatted -slattern/SMY -slaughter/MDRZGS -slaughterer/M -slaughterhouse/MS -slave/DRSMZG -slaveholder/MS -slaver/MDG -slavery/M -slavish/PY -slavishness/M -slaw/M -slay/DRZGJS -slayer/M -slaying/M -sleaze/SM -sleazebag/S -sleazeball/S -sleazily -sleaziness/M -sleazy/PRT -sled/MS -sledded -sledder/SM -sledding -sledge/DSMG -sledgehammer/GSMD -sleek/SDRYTGP -sleekness/M -sleep/SMRZG -sleeper/M -sleepily -sleepiness/M -sleepless/PY -sleeplessness/M -sleepover/SM -sleepwalk/ZGSDR -sleepwalker/M -sleepwalking/M -sleepwear/M -sleepy/RPT -sleepyhead/MS -sleet/SMDG -sleety -sleeve/DSM -sleeveless -sleigh/MDG -sleighs -sleight/SM -slender/PRT -slenderize/DSG -slenderness/M -slept -sleuth/MG -sleuths -slew/MDGS -slice/DRSMZG -slicer/M -slick/SMDRYZTGP -slicker/M -slickness/M -slid -slide/RSMZG -slider/M -slideshow/MS -slight/SMDRYTGP -slightness/M -slim/PS -slime/M -sliminess/M -slimline -slimmed -slimmer/S -slimmest -slimming/M -slimness/M -slimy/RTP -sling/SMG -slingback/S -slingshot/SM -slink/SG -slinky/RT -slip/MS -slipcase/MS -slipcover/MS -slipknot/MS -slippage/MS -slipped -slipper/SM -slipperiness/M -slippery/PRT -slipping -slippy -slipshod -slipstream/SM -slipway/SM -slit/MS -slither/SGMD -slithery -slitter -slitting -sliver/GSMD -slob/MS -slobbed -slobber/MDSG -slobbery -slobbing -sloe/MS -slog/MS -slogan/SM -sloganeering -slogged -slogging -sloop/SM -slop/MDGS -slope/SM -slopped -sloppily -sloppiness/M -slopping -sloppy/PTR -slops/M -slosh/DSG -slot/MS -sloth/M -slothful/YP -slothfulness/M -sloths -slotted -slotting -slouch/ZGMDRS -sloucher/M -slouchy/TR -slough/GMD -sloughs -sloven/SMY -slovenliness/M -slovenly/PTR -slow/DRYTGSP -slowcoach/S -slowdown/SM -slowness/M -slowpoke/SM -sludge/M -sludgy/RT -slue/MGDS -slug/MS -sluggard/MS -slugged -slugger/SM -slugging -sluggish/PY -sluggishness/M -sluice/DSMG -slum/MS -slumber/GSMD -slumberous -slumdog/SM -slumlord/MS -slummed -slummer -slumming -slummy/RT -slump/SMDG -slung -slunk -slur/MS -slurp/SMDG -slurred -slurring -slurry/M -slush/M -slushiness/M -slushy/RPT -slut/MS -sluttish -slutty/RT -sly/TRY -slyness/M -smack/SMDRZG -smacker/M -small/SMRTP -smallholder/S -smallholding/S -smallish -smallness/M -smallpox/M -smarmy/RT -smart/SMDNRYXTGP -smarten/DG -smartness/M -smartphone/SM -smarts/M -smartwatch/MS -smarty/SM -smartypants/M -smash/MDRSZG -smasher/M -smashup/SM -smattering/MS -smear/SMDG -smeary/RT -smell/SMDG -smelliness/M -smelly/RPT -smelt/SMDRZG -smelter/M -smidgen/MS -smilax/M -smile/DSMG -smiley/SM -smiling/Y -smirch/GMDS -smirk/SMDG -smite/SG -smith/M -smithereens/M -smiths -smithy/SM -smitten -smock/SMDG -smocking/M -smog/MS -smoggy/RT -smoke/DRSMZG -smokehouse/MS -smokeless -smoker/M -smokescreen/SM -smokestack/SM -smokey -smokiness/M -smoking/M -smoky/RTP -smolder/SGMD -smooch/MDSG -smoochy -smooth/PDRYTG -smoothie/MS -smoothness/M -smooths -smorgasbord/SM -smote -smother/GSMD -smudge/DSMG -smudgy/TR -smug/YP -smugger -smuggest -smuggle/ZGDRS -smuggler/M -smuggling/M -smugness/M -smurf/S -smut/MS -smuttiness/M -smutty/TRP -snack/SMDG -snaffle/DSMG -snafu/SM -snag/MS -snagged -snagging -snail/SMDG -snake/DSMG -snakebite/MS -snakelike -snakeskin -snaky/RT -snap's -snap/US -snapdragon/SM -snapped/U -snapper/MS -snappily -snappiness/M -snapping/U -snappish/YP -snappishness/M -snappy/TRP -snapshot/SM -snare/DSMG -snarf/SDG -snark/S -snarky/TR -snarl's -snarl/USDG -snarling/Y -snarly/TR -snatch/ZGMDRS -snatcher/M -snazzily -snazzy/TR -sneak/SMDRZG -sneaker/M -sneakily -sneakiness/M -sneaking/Y -sneaky/TRP -sneer/SJMDG -sneering/Y -sneeze/DSMG -snick/SDRZG -snicker/MDG -snide/RYT -sniff/SMDRZG -sniffer/M -sniffle/DSMG -sniffy/RT -snifter/SM -snip/MDRZGS -snipe/SM -sniper/M -snipped -snippet/SM -snipping -snippy/RT -snips/M -snit/MS -snitch/MDSG -snivel/SMDRZG -sniveler/M -snob/MS -snobbery/M -snobbish/PY -snobbishness/M -snobby/RT -snog/S -snogged -snogging -snood/SM -snooker/MDSG -snoop/SMDRZG -snooper/M -snoopy/TR -snoot/SM -snootily -snootiness/M -snooty/PTR -snooze/DSMG -snore/DRSMZG -snorer/M -snorkel/ZGMDRS -snorkeler/M -snorkeling/M -snort/SMDRZG -snorter/M -snot/MS -snottily -snottiness/M -snotty/TPR -snout/SM -snow/MDGS -snowball/GSMD -snowbank/SM -snowbird/SM -snowblower/MS -snowboard/ZGMDRS -snowboarder/M -snowboarding/M -snowbound -snowdrift/SM -snowdrop/SM -snowfall/SM -snowfield/SM -snowflake/SM -snowiness/M -snowline -snowman/M -snowmen -snowmobile/DSMG -snowplow/SGMD -snowshed -snowshoe/SM -snowshoeing -snowstorm/SM -snowsuit/SM -snowy/PRT -snub/MS -snubbed -snubbing -snuff/SMDRYZG -snuffbox/MS -snuffer/M -snuffle/MGDS -snug/MYSP -snugged -snugger -snuggest -snugging -snuggle/MGDS -snugness/M -so -soak/MDGSJ -soaking/M -soap/MDGS -soapbox/MS -soapiness/M -soapstone/M -soapsuds/M -soapy/RPT -soar/MDGS -sob/SM -sobbed -sobbing/Y -sober/SDRYPTG -soberness/M -sobriety/IM -sobriquet/SM -soc -soccer/M -sociability/M -sociable/SM -sociably -social/SMY -socialism/M -socialist/SM -socialistic -socialite/SM -socialization/M -socialize/DSG -societal -society/SM -socioeconomic -socioeconomically -sociological/Y -sociologist/SM -sociology/M -sociopath/M -sociopaths -sociopolitical -sock/MDGS -socket/SM -sockeye/SM -sod/SM -soda/MS -sodded -sodden/Y -sodding -sodium/M -sodomite/MS -sodomize/GDS -sodomy/M -soever -sofa/MS -soft/NRYXTP -softback -softball/MS -softbound -softcover -soften/DRZG -softener/M -softhearted -softness/M -software/M -softwood/SM -softy/SM -soggily -sogginess/M -soggy/RTP -soigne -soignee -soil/MDGS -soiled/U -soiree/SM -sojourn/ZGMDRS -sojourner/M -sol/SM -solace/DSMG -solar -solaria -solarium/M -sold -solder/ZGSMDR -solderer/M -soldier/MDYSG -soldiery/M -sole/FSDGM -solecism/SM -solely -solemn/PTRY -solemness/M -solemnify/DSG -solemnity/SM -solemnization/M -solemnize/DSG -solemnness/M -solenoid/MS -solicit/GDS -solicitation/SM -solicited/U -solicitor/SM -solicitous/PY -solicitousness/M -solicitude/M -solid/PSMRYT -solidarity/M -solidi -solidification/M -solidify/DSNG -solidity/M -solidness/M -solidus/M -soliloquies -soliloquize/DSG -soliloquy/M -solipsism/M -solipsistic -solitaire/MS -solitariness/M -solitary/SMP -solitude/M -solo/MDGS -soloist/MS -solstice/MS -solubility/IM -soluble/MS -solute's -solute/AXN -solutes -solution's/AE -solvable/IU -solve/EADSG -solved/U -solvency/IM -solvent/IMS -solver/SM -somatic -somatosensory -somber/PY -somberness/M -sombrero/MS -some -somebody/SM -someday -somehow -someone/MS -someplace -somersault/MDGS -somerset/SM -somersetted -somersetting -something/SM -sometime/S -someway/S -somewhat/S -somewhere -somnambulism/M -somnambulist/SM -somnolence/M -somnolent -son/SM -sonar/SM -sonata/SM -sonatina/SM -song/MS -songbird/SM -songbook/SM -songfest/SM -songster/MS -songstress/MS -songwriter/SM -songwriting -sonic -sonnet/SM -sonny/SM -sonogram/SM -sonority/M -sonorous/YP -sonorousness/M -sonsofbitches -soon/RT -soot/M -sooth/MDRSZG -soothe -soother/M -soothing/Y -soothsayer/MS -soothsaying/M -sooty/RT -sop/SM -soph -sophism/M -sophist/MS -sophistic -sophistical -sophisticate/DSMGN -sophisticated/U -sophistication/M -sophistry/SM -sophomore/MS -sophomoric -soporific/MS -soporifically -sopped -sopping -soppy/RT -soprano/MS -sorbet/SM -sorcerer/MS -sorceress/MS -sorcery/M -sordid/PY -sordidness/M -sore/MYTRSP -sorehead/MS -soreness/M -sorghum/M -sorority/SM -sorrel/SM -sorrily -sorriness/M -sorrow/SMDG -sorrowful/YP -sorrowfulness/M -sorry/RTP -sort/FASGDM -sorta -sorted/U -sorter/SM -sortie/DSM -sortieing -sot/SM -sottish -sou'wester -sou/SMH -souffle/SM -sough/MDG -soughs -sought/U -souk/S -soul/MS -soulful/YP -soulfulness/M -soulless/YP -soulmate/SM -sound/JPSMDRYZTG -soundalike/S -soundbar/S -soundbite/S -soundboard/MS -soundcheck/S -sounder/M -sounding/M -soundless/Y -soundness/UM -soundproof/GDS -soundproofing/M -soundscape/S -soundtrack/SM -soup/MDGS -soupcon/MS -soupy/RT -sour/MDRYTGSP -source/ADSMG -sourdough/M -sourdoughs -sourish -sourness/M -sourpuss/MS -sousaphone/MS -souse/DSMG -south/M -southbound -southeast/ZMR -southeaster/MY -southeastern -southeastward/S -southerly/SM -southern/SZMR -southerner/M -southernmost -southpaw/SM -southward/MS -southwest/ZMR -southwester/MY -southwestern -southwestward/S -souvenir/SM -sovereign/SM -sovereignty/M -soviet/SM -sow's -sow/ASGD -sower/SM -sown/A -soy/M -soybean/MS -sozzled -spa/SM -space/DRSMZG -spacecraft/MS -spaceflight/MS -spaceman/M -spacemen -spaceport/SM -spacer/M -spaceship/SM -spacesuit/SM -spacetime -spacewalk/SGMD -spacewoman/M -spacewomen -spacey -spacial -spacier -spaciest -spaciness/M -spacing/M -spacious/YP -spaciousness/M -spade/DSMG -spadeful/MS -spadework/M -spadices -spadix/M -spaghetti/M -spake -spam/MS -spammed -spammer/SM -spamming -span/MS -spandex/M -spangle/DSMG -spangly -spaniel/SM -spank/SMDGJ -spanking/M -spanned -spanner/SM -spanning -spar/MS -spare/DRSMYTGP -spareness/M -spareribs/M -sparing/UY -spark/SMDYG -sparkle/DRSMZG -sparkler/M -sparky/RT -sparred -sparring -sparrow/SM -sparrowhawk/S -sparse/RYTP -sparseness/M -sparsity/M -spartan -spasm/SM -spasmodic -spasmodically -spastic/SM -spat/MS -spate/SM -spathe/SM -spatial/Y -spatted -spatter/SGMD -spatting -spatula/SM -spavin/MD -spawn/SMDG -spay/DGS -speak/SRZGJ -speakeasy/SM -speaker/M -speakerphone/S -spear/SMDG -spearfish/GMDS -speargun -spearhead/GMDS -spearmint/M -spec/MS -special/SMY -specialism/S -specialist/MS -specialization/MS -specialize/GDS -specialty/SM -specie/SM -species/M -specif -specifiable -specific/MS -specifically -specification/M -specificity/M -specified/U -specify/XNZDRSG -specimen/SM -specious/YP -speciousness/M -speck/SMDG -speckle/MGDS -specs/M -spectacle/SM -spectacles/M -spectacular/MYS -spectate/DSG -spectator/SM -specter/AMS -spectra -spectral -spectrometer/MS -spectroscope/MS -spectroscopic -spectroscopy/M -spectrum/M -speculate/DSXGNV -speculation/M -speculative/Y -speculator/MS -sped -speech/MS -speechify/DSG -speechless/YP -speechlessness/M -speechwriter/S -speed/SMRZG -speedboat/SM -speeder/M -speedily -speediness/M -speeding/M -speedometer/MS -speedster/SM -speedup/MS -speedway/SM -speedwell/M -speedy/TPR -speleological -speleologist/MS -speleology/M -spell/JSMDRZG -spellbind/ZGRS -spellbinder/M -spellbound -spellcheck/MDRZGS -spellchecker/M -spelldown/SM -speller/M -spelling/M -spelunker/MS -spelunking/M -spend/BSRZG -spender/M -spending/M -spendthrift/MS -spent/U -sperm/SM -spermatozoa -spermatozoon/M -spermicidal -spermicide/MS -spew/MDRZGS -spewer/M -sphagnum/MS -sphere/SM -spherical/Y -spheroid/SM -spheroidal -sphincter/MS -sphinx/MS -spic/S -spice/DSMG -spicily -spiciness/M -spicule/MS -spicy/PRT -spider/SM -spiderweb/MS -spidery -spiel/SMDG -spiff/SDG -spiffy/TR -spigot/SM -spike/DSMG -spikiness/M -spiky/RPT -spill/SMDG -spillage/MS -spillover/SM -spillway/MS -spin/MS -spinach/M -spinal/SMY -spindle/MGDS -spindly/TR -spine/SM -spineless/YP -spinet/SM -spinless -spinnaker/SM -spinner/MS -spinneret/SM -spinney/S -spinning/M -spinster/SM -spinsterhood/M -spinsterish -spiny/RT -spiracle/SM -spiral/SGMDY -spire's -spire/IFAS -spirea/SM -spirit's -spirit/ISGD -spirited/Y -spiritless -spiritual/MYS -spiritualism/M -spiritualist/MS -spiritualistic -spirituality/M -spirituous -spirochete/SM -spiry -spit/MDGS -spitball/SM -spite/ASM -spiteful/PY -spitefuller -spitefullest -spitefulness/M -spitfire/SM -spitted -spitting -spittle/M -spittoon/MS -spiv/S -splanchnic -splash/GMDS -splashdown/MS -splashily -splashiness/M -splashy/RTP -splat/SM -splatted -splatter/GSMD -splatting -splay/SMDG -splayfeet -splayfoot/MD -spleen/SM -splendid/RYT -splendor/MS -splendorous -splenectomy -splenetic -splice/DRSMZG -splicer/M -spliff/S -spline/S -splint/SZGMDR -splinter/MDG -splintery -split/SM -splitting/MS -splodge/S -splosh/DSG -splotch/MDSG -splotchy/TR -splurge/DSMG -splutter/GMDS -spoil's -spoil/CSDRZG -spoilage/M -spoiled/U -spoiler/CM -spoilsport/MS -spoke/SM -spoken/U -spokesman/M -spokesmen -spokespeople -spokesperson/MS -spokeswoman/M -spokeswomen -spoliation/CM -sponge/DRSMZG -sponger/M -sponginess/M -spongy/RPT -sponsor/MDGS -sponsorship/M -spontaneity/M -spontaneous/Y -spoof/SMDG -spook/SMDG -spookiness/M -spooky/RPT -spool/SMDG -spoon/SMDG -spoonbill/MS -spoonerism/MS -spoonful/SM -spoor/SMDG -sporadic -sporadically -spore/DSMG -sporran/S -sport/SMDGV -sportiness/M -sporting/Y -sportive/Y -sportscast/MRZGS -sportscaster/M -sportsman/M -sportsmanlike/U -sportsmanship/M -sportsmen -sportspeople -sportsperson -sportswear/M -sportswoman/M -sportswomen -sportswriter/SM -sporty/TPR -spot/CMS -spotless/PY -spotlessness/M -spotlight/GSMD -spotlit -spotted -spotter/MS -spottily -spottiness/M -spotting -spotty/TPR -spousal/MS -spouse/SM -spout/SMDG -sprain/GSMD -sprang -sprat/SM -sprawl/GSMD -spray's -spray/ASDG -sprayer/MS -spread/ZGBSMR -spreadeagled -spreader/M -spreadsheet/MS -spree/DSM -spreeing -sprig/SM -sprigged -sprightliness/M -sprightly/RTP -spring/GSM -springboard/MS -springbok/MS -springily -springiness/M -springlike -springtime/M -springy/RPT -sprinkle/DRSJMZG -sprinkler/M -sprinkling/M -sprint/ZGSMDR -sprinter/M -sprite/SM -spritz/ZGMDRS -spritzer/M -sprocket/MS -sprog/S -sprout/GSMD -spruce/DRSPMYTG -spruceness/M -sprung -spry/RYT -spryness/M -spud/MS -spume/DSMG -spumoni/M -spumy -spun -spunk/SM -spunky/TR -spur/MS -spurge/M -spurious/PY -spuriousness/M -spurn/SDG -spurred -spurring -spurt/SMDG -sputa -sputnik/MS -sputter/MDGS -sputum/M -spy/GDSM -spyglass/MS -spymaster/S -spyware/M -sq -sqq -squab/SM -squabble/MZGDRS -squabbler/M -squad/SM -squadron/MS -squalid/PTRY -squalidness/M -squall/SGMD -squally -squalor/M -squamous -squander/GDS -square/PDRSMYTG -squareness/M -squarish -squash/GMDS -squashy/TR -squat/SMP -squatness/M -squatted -squatter/MS -squattest -squatting -squaw/SM -squawk/SZGMDR -squawker/M -squeak/SZGMDR -squeaker/M -squeakily -squeakiness/M -squeaky/TRP -squeal/SZGMDR -squealer/M -squeamish/PY -squeamishness/M -squeegee/MDS -squeegeeing -squeeze/BMZGDRS -squeezebox/S -squeezer/M -squelch/GMDS -squelchy -squib/SM -squid/SM -squidgy -squiffy -squiggle/DSMG -squiggly -squint/STGMDR -squire/DSMG -squirm/SGMD -squirmy/RT -squirrel/SGMD -squirt/SGMD -squish/GMDS -squishy/RT -sriracha -ssh -st -stab/MYS -stabbed -stabber/MS -stabbing/MS -stability/IM -stabilization/CM -stabilize/CDSG -stabilizer/MS -stable/DRSMTG -stableman/M -stablemate/S -stablemen -stably/U -staccato/MS -stack/SMDG -stadium/MS -staff's -staff/ASDG -staffer/MS -staffing/M -stag/MDGSJ -stage/SM -stagecoach/MS -stagecraft/M -stagehand/MS -stagestruck -stagflation/M -stagger/MDGS -staggering/Y -staging/M -stagnancy/M -stagnant/Y -stagnate/DSGN -stagnation/M -stagy/RT -staid/PRYT -staidness/M -stain/SMDG -stained/U -stainless/M -stair/SM -staircase/MS -stairway/MS -stairwell/SM -stake/DSMG -stakeholder/MS -stakeout/SM -stalactite/MS -stalagmite/MS -stale/DRSTGP -stalemate/DSMG -staleness/M -stalk/SMDRJZG -stalker/M -stalking/M -stall's -stall/SDG -stallholder/S -stallion/MS -stalwart/MYS -stamen/SM -stamina/M -stammer/ZGMDRS -stammerer/M -stammering/Y -stamp/SMDRZG -stampede/MGDS -stamper/M -stance/ISM -stanch/TGDRS -stanchion/SM -stand/SMRJZG -standalone -standard/MS -standardization/M -standardize/DSG -standby/M -standbys -standee/MS -stander/M -standing/M -standoff/MS -standoffish -standout/MS -standpipe/SM -standpoint/MS -standstill/MS -stank -stanza/SM -staph/M -staphylococcal -staphylococci -staphylococcus/M -staple/DRSMZG -stapler/M -star/MDRZGS -starboard/M -starburst/S -starch/GMDS -starchily -starchiness/M -starchy/PTR -stardom/M -stardust/M -stare/SM -starer/M -starfish/MS -starfruit -stargaze/DRSZG -stargazer/M -stark/RYPZT -starkness/M -starless -starlet/MS -starlight/M -starling/SM -starlit -starred -starring -starry/TR -starstruck -start/ASMDG -starter/MS -startle/GDS -startling/Y -startup/MS -starvation/M -starve/DSJG -starveling/MS -stash/MDSG -stasis -stat/MS -state/DRSMYGNLX -statecraft/M -stated/U -statehood/M -statehouse/MS -stateless/P -statelessness/M -stateliness/M -stately/PRT -statement/AMS -statemented -statementing -stateroom/MS -stateside -statesman/M -statesmanlike -statesmanship/M -statesmen -stateswoman/M -stateswomen -statewide -static/SM -statically -station/MDRZG -stationary -stationer/M -stationery/M -stationmaster/S -statistic/MS -statistical/Y -statistician/SM -statuary/M -statue/SM -statuesque -statuette/MS -stature/MS -status/MS -statute/MS -statutorily -statutory -staunch/PDRSYTG -staunchness/M -stave/DSMG -stay/MDRZGS -std -stdio -stead/SM -steadfast/YP -steadfastness/M -steadily/U -steadiness/UM -steady/TGPDRSM -steak/SM -steakhouse/SM -steal/SMHG -stealth/M -stealthily -stealthiness/M -stealthy/TPR -steam/SMDRZG -steamboat/MS -steamer/M -steamfitter/SM -steamfitting/M -steaminess/M -steampunk -steamroll/ZGDRS -steamroller/MDG -steamship/MS -steamy/TPR -steed/SM -steel/SMDG -steeliness/M -steelmaker/S -steelworker/SM -steelworks/M -steely/PTR -steelyard/SM -steep/SMDNRYPXTG -steepen/GD -steeple/MS -steeplechase/MS -steeplejack/SM -steepness/M -steer/SMDBG -steerage/M -steering/M -steersman/M -steersmen -stegosauri -stegosaurus/MS -stein/SM -stellar -stem/MS -stemless -stemmed -stemming -stemware/M -stench/MS -stencil/GMDS -steno/SM -stenographer/SM -stenographic -stenography/M -stenosis -stent/SM -stentorian -step/IMS -stepbrother/SM -stepchild/M -stepchildren/M -stepdad/MS -stepdaughter/SM -stepfather/SM -stepladder/MS -stepmom/MS -stepmother/SM -stepparent/SM -steppe/DRSMZG -stepper/M -steppingstone/SM -stepsister/MS -stepson/MS -stereo/SM -stereophonic -stereoscope/MS -stereoscopic -stereotype/DSMG -stereotypical -sterile -sterility/M -sterilization/SM -sterilize/DRSZG -sterilizer/M -sterling/M -stern/SMRYPT -sternness/M -sternum/MS -steroid/MS -steroidal -stertorous -stet/S -stethoscope/MS -stetson/MS -stetted -stetting -stevedore/SM -stew/MDGS -steward/GMDS -stewardess/MS -stewardship/M -stick/SMRZG -sticker/M -stickily -stickiness/M -stickleback/SM -stickler/MS -stickpin/MS -stickup/MS -sticky/PTRSM -stiff/SMDNRYPXTG -stiffen/ZGDR -stiffener/M -stiffening/M -stiffness/M -stifle/DSJG -stifling/Y -stigma/SM -stigmata -stigmatic -stigmatization/M -stigmatize/GDS -stile/SM -stiletto/SM -still's -still/ITGSD -stillbirth/M -stillbirths -stillborn -stiller -stillness/M -stilt/SMD -stilted/Y -stimulant/SM -stimulate/DSGNV -stimulation/M -stimuli -stimulus/M -sting/ZGSMR -stinger/M -stingily -stinginess/M -stingray/SM -stingy/RTP -stink/ZGSMR -stinkbug/SM -stinker/M -stinky/RT -stint/GSMD -stipend/SM -stipendiary/S -stipple/DSMG -stippling/M -stipulate/XDSGN -stipulation/M -stir/MS -stirred -stirrer/SM -stirring/SY -stirrup/SM -stitch's -stitch/ADSG -stitchery/M -stitching/M -stoat/SM -stochastic -stock's -stock/AGSD -stockade/DSMG -stockbreeder/MS -stockbroker/SM -stockbroking/M -stockholder/SM -stockily -stockiness/M -stockinette/M -stocking/SM -stockist/S -stockpile/MGDS -stockpot/SM -stockroom/MS -stocktaking/M -stocky/RTP -stockyard/MS -stodge -stodgily -stodginess/M -stodgy/RTP -stogie/MS -stoic/SM -stoical/Y -stoicism/M -stoke/DRSZG -stoker/M -stole/SM -stolen -stolid/RYTP -stolidity/M -stolidness/M -stolon/MS -stomach/MDRZG -stomachache/SM -stomacher/M -stomachs -stomp/GSMD -stone/DRSMZG -stonemason/MS -stoner/M -stonewall/GSD -stoneware/M -stonewashed -stonework/M -stonily -stoniness/M -stonkered -stonking -stony/TRP -stood -stooge/MS -stool/SM -stoop/GSMD -stop's -stop/US -stopcock/SM -stopgap/SM -stoplight/MS -stopover/MS -stoppable/U -stoppage/MS -stopped/U -stopper/GSMD -stopping/U -stopple/DSMG -stopwatch/MS -storage/M -store's -store/ADSG -storefront/MS -storehouse/MS -storekeeper/SM -storeroom/SM -stork/SM -storm/GSMD -stormily -storminess/M -stormy/RPT -story/DSM -storyboard/MS -storybook/SM -storyteller/MS -storytelling/M -stoup/SM -stout/TSMRYP -stouthearted -stoutness/M -stove/SM -stovepipe/SM -stow/DGS -stowage/M -stowaway/MS -straddle/DRSMZG -straddler/M -strafe/MGDS -straggle/DRSZG -straggler/M -straggly/TR -straight/SPXTMNRY -straightaway/SM -straightedge/SM -straighten/ZGDR -straightener/M -straightforward/YPS -straightforwardness/M -straightness/M -straightway -strain's -strain/FADSG -strainer/ASM -strait/MNSX -straiten/GD -straitjacket/SGMD -straitlaced -strand/MDSG -strange/PRYZT -strangeness/M -stranger/M -strangle/ZGDRS -stranglehold/SM -strangler/M -strangulate/GNDS -strangulation/M -strap's -strap/US -strapless/MS -strapped/U -strapping/M -strata -stratagem/SM -strategic/S -strategical/Y -strategics/M -strategist/SM -strategy/SM -strati -stratification/M -stratify/DSGN -stratosphere/SM -stratospheric -stratum/M -stratus/M -straw/GSMD -strawberry/SM -stray/GSMD -streak/MDRSZG -streaker/M -streaky/TR -stream/MDRSZG -streamer/M -streamline/DSG -street/MS -streetcar/MS -streetlamp/S -streetlight/SM -streetwalker/SM -streetwise -strength/M -strengthen/AGDS -strengthener/MS -strengths -strenuous/PY -strenuousness/M -strep/M -streptococcal -streptococci -streptococcus/M -streptomycin/M -stress/MDSG -stressed/U -stressful -stressors -stretch/BZGMDRS -stretcher/MDG -stretchmarks -stretchy/TR -strew/GSDH -strewn -stria/M -striae -striated -striation/MS -stricken -strict/RYPT -strictness/M -stricture/SM -stridden -stride/MGS -stridency/M -strident/Y -strife/M -strike/MZGRSJ -strikebound -strikebreaker/SM -strikebreaking -strikeout/MS -striker/M -striking/Y -string/MDRSZG -stringency/M -stringent/Y -stringer/M -stringiness/M -stringy/PTR -strip/GSMD -stripe/MS -stripey -stripling/MS -stripped -stripper/MS -stripping -striptease/MZGDRS -stripteaser/M -stripy -strive/GS -striven -strobe/MS -stroboscope/MS -stroboscopic -strode -stroke/MGDS -stroll/MDRSZG -stroller/M -strong/RYT -strongbox/MS -stronghold/MS -strongman/M -strongmen -strongroom/S -strontium/M -strop/SM -strophe/SM -strophic -stropped -stroppily -stropping -stroppy/TRP -strove -struck -structural/Y -structuralism -structuralist/S -structure's -structure/AGDS -structured/U -strudel/SM -struggle/MGDS -strum/SM -strummed -strumming -strumpet/MS -strung/UA -strut/SM -strutted -strutting -strychnine/M -stub/MS -stubbed -stubbing -stubble/M -stubbly -stubborn/RYPT -stubbornness/M -stubby/RT -stucco/MDG -stuccoes -stuck/U -stud/MYS -studbook/MS -studded -studding/M -student/SM -studentship/S -studied/U -studiedly -studio/MS -studious/PY -studiousness/M -studly/RT -study's -study/AGDS -stuff/GSMDJ -stuffily -stuffiness/M -stuffing/M -stuffy/RPT -stultification/M -stultify/DSNG -stumble/DRSMZG -stumbler/M -stump/GSMD -stumpy/TR -stun/S -stung -stunk -stunned -stunner/S -stunning/Y -stunt/GSMD -stuntman -stuntmen -stupefaction/M -stupefy/DSG -stupendous/Y -stupid/TMRYS -stupidity/SM -stupor/MS -sturdily -sturdiness/M -sturdy/TRP -sturgeon/SM -stutter/MDRSZG -stutterer/M -sty/SM -style's -style/ADSG -styli -stylish/PY -stylishness/M -stylist/SM -stylistic/S -stylistically -stylize/DSG -stylus/MS -stymie/MDS -stymieing -styptic/SM -suasion/EM -suave/RYTP -suaveness/M -suavity/M -sub/SM -subaltern/MS -subaqua -subarctic -subarea/MS -subatomic -subbasement/SM -subbed -subbing -subbranch/MS -subcategory/SM -subclass -subcommittee/SM -subcompact/SM -subconscious/PMY -subconsciousness/M -subcontinent/SM -subcontinental -subcontract/MDSG -subcontractor/MS -subculture/MS -subcutaneous/Y -subdivide/GDS -subdivision/SM -subdomain/MS -subdominant -subdue/DSG -subeditor/S -subfamily/SM -subfreezing -subgroup/MS -subhead/GJMS -subheading/M -subhuman/MS -subj -subject/GVMDS -subjection/M -subjective/Y -subjectivity/M -subjoin/GDS -subjugate/GNDS -subjugation/M -subjunctive/SM -sublease/MGDS -sublet/SM -subletting -sublieutenant/S -sublimate/GNDS -sublimation/M -sublime/YTGDRS -subliminal/Y -sublimity/M -sublingual -submarginal -submarine/MZRS -submariner/M -submerge/GDS -submergence/M -submerse/GNDS -submersible/MS -submersion/M -submicroscopic -submission/MS -submissive/PY -submissiveness/M -submit/AS -submitted/A -submitter -submitting/A -subnormal -suborbital -suborder/MS -subordinate/DSMGN -subordination/IM -suborn/SGD -subornation/M -subpar -subparagraph -subpart -subplot/MS -subpoena/GMDS -subprime -subprofessional/SM -subprogram/S -subroutine/SM -subscribe/UASDG -subscriber/MS -subscript/MS -subscription/MS -subsection/MS -subsequent/Y -subservience/M -subservient/Y -subset/SM -subside/GDS -subsidence/M -subsidiarity -subsidiary/SM -subsidization/M -subsidize/ZGDRS -subsidizer/M -subsidy/SM -subsist/SDG -subsistence/M -subsoil/M -subsonic -subspace -subspecies/M -substance/SM -substandard -substantial/IY -substantiate/GNDSX -substantiated/U -substantiation/FM -substantive/SMY -substation/MS -substituent -substitute/XMGNDS -substitution/M -substrata -substrate/MS -substratum/M -substructure/SM -subsume/DSG -subsumption -subsurface/M -subsystem/SM -subteen/SM -subtenancy/M -subtenant/SM -subtend/SDG -subterfuge/SM -subterranean -subtext/SM -subtitle/DSMG -subtle/TR -subtlety/SM -subtly -subtopic/SM -subtotal/SGMD -subtract/GSD -subtraction/SM -subtrahend/SM -subtropic/S -subtropical -subtropics/M -suburb/MS -suburban/SM -suburbanite/SM -suburbia/M -subvention/SM -subversion/M -subversive/SPMY -subversiveness/M -subvert/SDG -subway/MS -subzero -succeed/GDS -success/VMS -successful/UY -succession/SM -successive/Y -successor/SM -succinct/RYTP -succinctness/M -succor/SGMD -succotash/M -succubi -succubus -succulence/M -succulency/M -succulent/SM -succumb/GDS -such -suchlike -suck/MDRZGS -sucker/GMD -suckle/DSJG -suckling/M -sucrose/M -suction/SMDG -sudden/PY -suddenness/M -suds/M -sudsy/TR -sue/DSG -suede/M -suet/M -suety -suffer/DRZGSJ -sufferance/M -sufferer/M -suffering/M -suffice/DSG -sufficiency/IM -sufficient/IY -suffix/MDSG -suffixation/M -suffocate/GNDS -suffocation/M -suffragan/MS -suffrage/M -suffragette/SM -suffragist/MS -suffuse/DSGN -suffusion/M -sugar/GSMD -sugarcane/M -sugarcoat/GDS -sugarless -sugarplum/MS -sugary/RT -suggest/GVSDR -suggestibility/M -suggestible -suggestion/SM -suggestive/YP -suggestiveness/M -suicidal -suicide/SM -suit/BMDGS -suitability/UM -suitableness/M -suitably/U -suitcase/SM -suite/SM -suited/U -suiting/M -suitor/MS -sukiyaki/M -sulfa/M -sulfate/SM -sulfide/SM -sulfonamides -sulfur/MDSG -sulfuric -sulfurous -sulk/MDGS -sulkily -sulkiness/M -sulky/TRSMP -sullen/RYPT -sullenness/M -sullied/U -sully/GDS -sultan/MS -sultana/SM -sultanate/MS -sultrily -sultriness/M -sultry/RPT -sum/SM -sumac/M -summarily -summarize/GDS -summary/SM -summat -summation/FMS -summed -summer/MDSG -summerhouse/SM -summertime/M -summery -summing -summit/MS -summitry/M -summon/DRSZG -summoner/M -summons/GMDS -sumo/M -sump/MS -sumptuous/PY -sumptuousness/M -sun/SM -sunbath/ZGMDRS -sunbathe -sunbather/M -sunbathing/M -sunbaths -sunbeam/SM -sunbed/S -sunbelt/SM -sunblock/MS -sunbonnet/SM -sunburn/SGMD -sunburst/MS -sundae/MS -sundeck/S -sunder/DSG -sundial/SM -sundown/SM -sundress/S -sundries/M -sundry/S -sunfish/MS -sunflower/MS -sung/U -sunglasses/M -sunhat/S -sunk/N -sunlamp/SM -sunless -sunlight/M -sunlit -sunned -sunniness/M -sunning -sunny/TRP -sunrise/SM -sunroof/SM -sunscreen/MS -sunset/MS -sunshade/MS -sunshine/M -sunshiny -sunspot/SM -sunstroke/M -suntan/MS -suntanned -suntanning -suntrap/S -sunup/M -sup/SZMR -super/M -superabundance/MS -superabundant -superannuate/GNDS -superannuation/M -superb/RYT -supercargo/M -supercargoes -supercharge/ZGDRS -supercharger/M -supercilious/PY -superciliousness/M -supercity/SM -supercomputer/MS -superconducting -superconductive -superconductivity/M -superconductor/SM -supercritical -superego/MS -supererogation/M -supererogatory -superficial/Y -superficiality/M -superfine -superfluity/M -superfluous/YP -superfluousness/M -superglue -supergrass/S -superhero/MS -superheroes -superhighway/SM -superhuman -superimpose/GDS -superimposition/M -superintend/DSG -superintendence/M -superintendency/M -superintendent/SM -superior/MS -superiority/M -superlative/SMY -superman/M -supermarket/SM -supermassive -supermen -supermodel/SM -supermom/MS -supernal -supernatural/SY -supernova/MS -supernovae -supernumerary/SM -superpose/GDS -superposition/M -superpower/SM -supersaturate/GNDS -supersaturation/M -superscribe/GDS -superscript/MS -superscription/M -supersede/GDS -supersize/GDS -supersonic -superspreader/SM -superstar/MS -superstardom -superstate/S -superstition/MS -superstitious/Y -superstore/MS -superstructure/MS -supertanker/MS -superuser/S -supervene/GDS -supervention/M -supervise/XGNDS -supervised/U -supervision/M -supervisor/MS -supervisory -superwoman/M -superwomen -supine/Y -supp/DRZG -supper/M -suppertime -suppl -supplant/SDG -supple/TLPR -supplement/MDGS -supplemental -supplementary -supplementation/M -suppleness/M -suppliant/SM -supplicant/MS -supplicate/GDS -supplication/M -supplier/M -supply/ZGDRSMXN -support/MDRSBZGV -supportable/UI -supported/U -supporter/M -suppose/GDS -supposed/Y -supposition/MS -suppository/SM -suppress/GVDS -suppressant/MS -suppressible -suppression/M -suppressor/SM -suppurate/DSGN -suppuration/M -supra -supranational -supremacist/MS -supremacy/M -supreme/Y -supremo/S -supt -surcease/DSMG -surcharge/DSMG -surcingle/SM -sure/PYTR -surefire -surefooted -sureness/M -surety/SM -surf/MDRZGS -surface's -surface/AGDS -surfboard/MDSG -surfeit/MDSG -surfer/M -surfing/M -surge/DSMG -surgeon/MS -surgery/SM -surgical/Y -surliness/M -surly/PTR -surmise/MGDS -surmount/DGSB -surmountable/I -surname/MS -surpass/GDS -surpassed/U -surplice/MS -surplus/MS -surplussed -surplussing -surprise/DSMGJ -surprising/UY -surreal -surrealism/M -surrealist/SM -surrealistic -surrealistically -surrender/MDSG -surreptitious/PY -surreptitiousness/M -surrey/MS -surrogacy/M -surrogate/SM -surround/GSDJ -surrounding/M -surroundings/M -surtax/MDSG -surtitle/S -surveillance/M -survey's -survey/ADGS -surveying/M -surveyor/SM -survival/SM -survivalist/SM -survive/DSGB -survivor/SM -susceptibility/SM -susceptible/I -sushi/M -suspect/SMDG -suspected/U -suspend/SDRZG -suspender/M -suspense/XMN -suspenseful -suspension/M -suspicion/SM -suspicious/Y -suss/DSG -sustain/SDBG -sustainability -sustainable/U -sustainably -sustenance/M -sutler/MS -suttee -suture/MGDS -suzerain/MS -suzerainty/M -svelte/TR -swab/MS -swabbed -swabbing -swaddle/DSG -swag/MS -swagged -swagger/SMDRG -swagging -swain/SM -swallow/GSMD -swallowtail/MS -swam -swami/SM -swamp/GSMD -swampland/M -swampy/RT -swan/MS -swank/TGSMDR -swankily -swankiness/M -swanky/RPT -swanned -swanning -swansong/S -swap/MS -swapped -swapping -sward/SM -swarm/GSMD -swarthy/TR -swash/GMDS -swashbuckler/SM -swashbuckling/M -swastika/SM -swat/MS -swatch/MS -swath/GMDS -swathe/M -swaths -swatted -swatter/SMDG -swatting -sway/MDGS -swayback/MD -swayed/U -swear/ZGSR -swearer/M -swearword/MS -sweat/ZGSMDR -sweatband/MS -sweater/M -sweatpants/M -sweats/M -sweatshirt/SM -sweatshop/MS -sweatsuit/S -sweaty/RT -swede/SM -sweep/ZGSMRJ -sweeper/M -sweeping/MY -sweepings/M -sweepstakes/M -sweet/XTSMNRYP -sweetbread/SM -sweetbrier/SM -sweetcorn -sweetened/U -sweetener/MS -sweetening/M -sweetheart/SM -sweetie/SM -sweetish -sweetmeat/MS -sweetness/M -swell/TGSMDRJ -swellhead/MDS -swelling/M -swelter/SGMD -swept -sweptback -swerve/MGDS -swerving/U -swift/PTSMRY -swiftness/M -swig/MS -swigged -swigging -swill/GSMD -swim/MS -swimmer/SM -swimming/MY -swimsuit/SM -swimwear -swindle/DRSMZG -swindler/M -swine/SM -swineherd/SM -swing/ZGSMR -swingeing -swinger/M -swinish -swipe/DSMG -swirl/GSMD -swirly -swish/TGMDRS -switch/MDRSZGB -switchback/MS -switchblade/SM -switchboard/SM -switcher/M -switchover -swivel/MDGS -swiz -swizz -swizzle/DSG -swollen -swoon/SGMD -swoop/SGMD -swoosh/MDSG -sword/SM -swordfish/MS -swordplay/M -swordsman/M -swordsmanship/M -swordsmen -swore -sworn -swot/S -swotted -swotting -swum -swung -sybarite/SM -sybaritic -sycamore/MS -sycophancy/M -sycophant/SM -sycophantic -syllabic -syllabicate/GNDS -syllabication/M -syllabification/M -syllabify/DSNG -syllable/MS -syllabub/S -syllabus/MS -syllogism/MS -syllogistic -sylph/M -sylphic -sylphlike -sylphs -sylvan -symbioses -symbiosis/M -symbiotic -symbiotically -symbol/MS -symbolic -symbolical/Y -symbolism/M -symbolization/M -symbolize/DSG -symbology -symmetric -symmetrical/Y -symmetry/SM -sympathetic/U -sympathetically/U -sympathies/M -sympathize/ZGDRS -sympathizer/M -sympathy/SM -symphonic -symphony/SM -symposium/MS -symptom/MS -symptomatic -symptomatically -syn/H -synagogal -synagogue/SM -synapse/MS -synaptic -sync/MDSG -synchronicity -synchronization/SM -synchronize/GDS -synchronous/Y -synchrony -syncopate/DSGN -syncopation/M -syncope/M -syndicalism -syndicalist/S -syndicate/DSMGN -syndication/M -syndrome/SM -synergism/M -synergistic -synergy/SM -synfuel/MS -synod/SM -synonym/SM -synonymous -synonymy/M -synopses -synopsis/M -synoptic -synovial -syntactic -syntactical/Y -syntax/M -syntheses -synthesis/M -synthesize/ZGDRS -synthesizer/M -synthetic/SM -synthetically -synths -syphilis/M -syphilitic/SM -syringe/DSMG -syrup/SM -syrupy -sysadmin/S -sysop/S -system/SM -systematic/U -systematical/Y -systematization/M -systematize/GDS -systemic/MS -systemically -systole/SM -systolic -t/SDNXGBJ -ta -tab/SM -tabbed -tabbing -tabbouleh/M -tabby/SM -tabernacle/SM -tabla/MS -table/MGDS -tableau/M -tableaux -tablecloth/M -tablecloths -tableland/SM -tablespoon/SM -tablespoonful/SM -tablet/SM -tabletop/MS -tableware/M -tabloid/SM -taboo/MDSG -tabor/MS -tabular -tabulate/DSGNX -tabulation/M -tabulator/SM -tachograph -tachographs -tachometer/SM -tachycardia/M -tachyon -tacit/PY -tacitness/M -taciturn/Y -taciturnity/M -tack/ZGMDRS -tacker/M -tackiness/M -tackle/DRSMZG -tackler/M -tacky/RTP -taco/MS -tact/FM -tactful/YP -tactfulness/M -tactic/SM -tactical/Y -tactician/MS -tactile -tactility/M -tactless/PY -tactlessness/M -tad/SM -tadpole/MS -taffeta/M -taffrail/SM -taffy/SM -tag/SM -tagged -tagger/SM -tagging -tagliatelle -tagline/MS -taiga/MS -tail/ACSDMG -tailback/MS -tailboard/S -tailbone/S -tailcoat/MS -tailgate/MZGDRS -tailgater/M -tailless -taillight/MS -tailor/SGMD -tailoring/M -tailpiece/S -tailpipe/SM -tailspin/SM -tailwind/SM -taint/MDSG -tainted/U -take/AIMS -takeaway/S -taken/A -takeoff/MS -takeout/MS -takeover/SM -taker/MS -taking/SM -takings/M -talc/M -talcum/M -tale/MS -talebearer/MS -talent/SMD -talented/U -tali -talisman/MS -talk/ZGMDRS -talkative/PY -talkativeness/M -talker/M -talkie/RSMT -talky -tall/TRP -tallboy/MS -tallier/M -tallish -tallness/M -tallow/M -tallowy -tally/DRSMZG -tallyho/MDGS -talon/MS -talus/MS -tam/SM -tamale/SM -tamarack/MS -tamarind/MS -tambourine/MS -tame/BYZTGDRSP -tamed/U -tameness/M -tamer/M -tamoxifen -tamp/ZGDRS -tamper/ZGDR -tamperer/M -tampon/SM -tan/SM -tanager/MS -tanbark/M -tandem/SM -tandoori/M -tang/MS -tangelo/MS -tangent/MS -tangential/Y -tangerine/MS -tangibility/IM -tangible/IMS -tangibleness/M -tangibly/I -tangle's -tangle/UDSG -tango/MDSG -tangy/RT -tank/ZGMDRS -tankard/MS -tanker/M -tankful/MS -tanned/U -tanner/SM -tannery/SM -tannest -tannin/M -tanning/M -tansy/M -tantalization/M -tantalize/ZGDRS -tantalizer/M -tantalizing/Y -tantalum/M -tantamount -tantra/M -tantrum/SM -tap/SZGMDR -tapas -tape/MS -tapeline/MS -taper/MDG -tapestry/SM -tapeworm/MS -tapioca/M -tapir/MS -tapped/U -tapper/MS -tappet/MS -tapping -taproom/SM -taproot/SM -tar/SGMD -taramasalata -tarantella/MS -tarantula/SM -tarball/S -tardily -tardiness/M -tardy/TPR -tare/MS -target/MDGS -tariff/MS -tarmac/MS -tarmacadam -tarmacked -tarmacking -tarn/MS -tarnish/GMDS -tarnished/U -taro/MS -tarot/MS -tarp/MS -tarpaulin/MS -tarpon/MS -tarragon/SM -tarred -tarring -tarry/TGDRS -tarsal/MS -tarsi -tarsus/M -tart/PTGMDRYS -tartan/MS -tartar/MS -tartaric -tartness/M -tarty/T -taser/GMDS -task/GMDS -taskbar -taskmaster/MS -taskmistress/MS -tassel/MDSG -taste/JMZGDRS -tasted/U -tasteful/EPY -tastefulness/EM -tasteless/PY -tastelessness/M -taster/M -tastily -tastiness/M -tasting/M -tasty/TRP -tat/SZR -tatami/MS -tater/M -tatted -tatter/MDSG -tatterdemalion/MS -tattie -tatting/M -tattle/MZGDRS -tattler/M -tattletale/MS -tattoo/MDRSZG -tattooer/M -tattooist/SM -tatty/TRS -tau/SM -taught/UA -taunt/ZGMDRS -taunter/M -taunting/Y -taupe/M -taut/PXTNRY -tauten/DG -tautness/M -tautological/Y -tautologous -tautology/SM -tavern/MS -tawdrily -tawdriness/M -tawdry/RTP -tawny/TRM -tax/BZGMDRS -taxa -taxation/M -taxer/M -taxi/GMDS -taxicab/SM -taxidermist/SM -taxidermy/M -taximeter/MS -taxiway/S -taxman -taxmen -taxon -taxonomic -taxonomist/MS -taxonomy/SM -taxpayer/MS -taxpaying -tb/S -tbsp -tea/SM -teabag/S -teacake/SM -teach/ZGRSBJ -teachable/U -teacher/M -teaching/M -teacup/MS -teacupful/MS -teak/MS -teakettle/SM -teal/MS -tealight/MS -team/GMDS -teammate/MS -teamster/MS -teamwork/M -teapot/MS -tear/GMDS -tearaway/S -teardrop/SM -tearful/Y -teargas/MS -teargassed -teargassing -tearjerker/MS -tearoom/SM -teary/TR -tease/MZGDRS -teasel/MS -teaser/M -teasing/Y -teaspoon/SM -teaspoonful/SM -teat/MS -teatime/S -tech/M -techie/S -technetium/M -technical/Y -technicality/SM -technician/SM -technicolor -technique/SM -techno -technobabble -technocracy/SM -technocrat/MS -technocratic -technological/Y -technologist/MS -technology/SM -technophobe/S -techs -tectonic/S -tectonics/M -ted/S -teddy/S -tedious/PY -tediousness/M -tedium/M -tee/DSMH -teeing -teem/GDS -teen/MS -teenage/RZ -teenager/M -teeny/TR -teenybopper/MS -teeter/MDSG -teethe/GDS -teething/M -teetotal/RZ -teetotaler/M -teetotalism/M -tektite/SM -tel -telecast/SZGMR -telecaster/M -telecommunication/MS -telecommunications/M -telecommute/ZGDRS -telecommuter/M -telecommuting/M -teleconference/MGDS -teleconferencing/M -telegenic -telegram/MS -telegraph/MDRZG -telegrapher/M -telegraphese -telegraphic -telegraphically -telegraphist/SM -telegraphs -telegraphy/M -telekinesis/M -telekinetic -telemarketer/SM -telemarketing/M -telemeter/SM -telemetry/SM -teleological -teleology -telepathic -telepathically -telepathy/M -telephone/DRSMZG -telephoner/M -telephonic -telephonist/S -telephony/M -telephoto/SM -telephotography/M -teleplay/MS -teleport -teleportation -teleprinter/MS -teleprocessing/M -teleprompter/SM -telesales -telescope/DSMG -telescopic -telescopically -teletext/MS -telethon/MS -teletype/S -teletypewriter/MS -televangelism/M -televangelist/MS -televise/XGNDS -television/M -teleworker/S -teleworking -telex/MDSG -tell/AGS -teller/SM -telling/Y -telltale/SM -tellurium/M -telly/SM -telnet -temblor/MS -temerity/M -temp/MDRZTGS -temper/MDG -tempera/LSM -temperament/MS -temperamental/Y -temperance/IM -temperate/IY -temperateness/M -temperature/SM -tempest/SM -tempestuous/YP -tempestuousness/M -template's -template/S -temple/SM -tempo/SM -temporal/Y -temporarily -temporariness/M -temporary/FSM -temporize/ZGDRS -temporizer/M -tempt/SDRZG -temptation/MS -tempter/M -tempting/Y -temptress/MS -tempura/M -ten/BMH -tenability/M -tenable/U -tenably -tenacious/YP -tenaciousness/M -tenacity/M -tenancy/SM -tenant/SMDG -tenanted/U -tenantry/M -tench -tend/IEFDGS -tended/U -tendency/SM -tendentious/YP -tendentiousness/M -tender/SMDRYTGP -tenderfoot/MS -tenderhearted/P -tenderheartedness/M -tenderize/ZGDRS -tenderizer/M -tenderloin/SM -tenderness/M -tendinitis/M -tendon/SM -tendril/SM -tenement/SM -tenet/SM -tenfold -tenner/S -tennis/M -tenon/SMDG -tenor/SM -tenpin/SM -tenpins/M -tense/DRSMYTGNXP -tenseness/M -tensile -tension/ESM -tensity/IM -tensor/S -tent/DGSM -tentacle/DSM -tentative/PY -tentativeness/M -tenterhook/MS -tenth/MY -tenths -tenuity/M -tenuous/PY -tenuousness/M -tenure/DSMG -tepee/SM -tepid/YP -tepidity/M -tepidness/M -tequila/SM -terabit/SM -terabyte/MS -terahertz/M -terajoule/S -terapixel/MS -terawatt/S -terbium/M -tercentenary/SM -tercentennial/SM -teriyaki -term/MDYGS -termagant/MS -terminable/IC -terminal/MYS -terminate/DSGNX -termination/CSM -terminator/S -termini -terminological/Y -terminology/SM -terminus/M -termite/SM -tern/IMS -ternary/SM -terr -terrace/DSMG -terracotta/M -terrain/SM -terrapin/MS -terrarium/SM -terrazzo/MS -terrestrial/SMY -terrible/P -terribleness/M -terribly -terrier/M -terrific -terrifically -terrify/GDS -terrifying/Y -terrine/S -territorial/MS -territoriality -territory/SM -terror/SM -terrorism/M -terrorist/SM -terrorize/DSG -terry/RMZ -terrycloth/M -terse/RYTP -terseness/M -tertiary -tessellate/DSXGN -tessellation/M -test's/AFK -test/AKFCDGS -testable/CF -testament/MS -testamentary -testate/S -testator/MS -testatrices -testatrix/M -tested/U -tester/KSM -testes -testicle/MS -testicular -testifier/M -testify/ZGDRS -testily -testimonial/MS -testimony/SM -testiness/M -testings -testis/M -testosterone/M -testy/PRT -tetanus/M -tetchily -tetchy/PRT -tether/SMDG -tetra/SM -tetracycline/M -tetrahedral -tetrahedron/MS -tetrameter/SM -text/FMS -textbook/SM -texted -textile/MS -texting -textual/FY -textural -texture/MGDS -thalami -thalamus/M -thalidomide/M -thallium/M -than -thane/SM -thank/SDG -thankful/YP -thankfulness/M -thankless/PY -thanklessness/M -thanksgiving/SM -that'd -that'll -that/M -thatch/MDRSZG -thatcher/M -thatching/M -thaw/MDGS -the/JG -theater/SM -theatergoer/SM -theatrical/YS -theatricality/M -theatricals/M -theatrics/M -thee/S -theft/SM -their/S -theism/M -theist/SM -theistic -them -thematic -thematically -theme/DSM -themselves -then/M -thence -thenceforth -thenceforward -theocracy/SM -theocratic -theodolite/S -theologian/SM -theological/Y -theology/SM -theorem/MS -theoretic -theoretical/Y -theoretician/SM -theorist/SM -theorize/DSG -theory/SM -theosophic -theosophical -theosophist/SM -theosophy/M -therapeutic/S -therapeutically -therapeutics/M -therapist/SM -therapy/SM -there/M -thereabout/S -thereafter -thereat -thereby -therefor -therefore -therefrom -therein -theremin/SM -thereof -thereon -thereto -theretofore -thereunder -thereunto -thereupon -therewith -therm/SM -thermal/MYS -thermionic -thermodynamic/S -thermodynamics/M -thermometer/MS -thermometric -thermonuclear -thermoplastic/SM -thermos/MS -thermostat/MS -thermostatic -thermostatically -thesauri -thesaurus/MS -these/S -thesis/M -thespian/SM -theta/SM -thew/MS -they -they'd -they'll -they're -they've -thiamine/M -thick/PMNRYXT -thicken/DRJZG -thickener/M -thickening/M -thicket/MS -thickheaded/M -thickness/MS -thicko/S -thickset -thief/M -thieve/DSG -thievery/M -thieving/M -thievish -thigh/M -thighbone/MS -thighs -thimble/MS -thimbleful/SM -thin/YSP -thine -thing/M -thingamabob/SM -thingamajig/SM -thingumabob/S -thingummy/S -thingy/S -think/SRBZG -thinkable/U -thinker/M -thinking's -thinned -thinner/MS -thinness/M -thinnest -thinning -third/SMY -thirst/SGMD -thirstily -thirstiness/M -thirsty/TPR -thirteen/SMH -thirteenth/M -thirteenths -thirtieth/M -thirtieths -thirty/HSM -this -thistle/MS -thistledown/M -thither -tho -thole/SM -thong/SM -thoracic -thorax/MS -thorium/M -thorn/SM -thorniness/M -thorny/PRT -thorough/RYPT -thoroughbred/MS -thoroughfare/MS -thoroughgoing -thoroughness/M -those -thou/MS -though -thought/SM -thoughtful/YP -thoughtfulness/M -thoughtless/PY -thoughtlessness/M -thousand/MHS -thousandfold -thousandth/M -thousandths -thrall/SMDG -thralldom/M -thrash/JMDRSZG -thrasher/M -thrashing/M -thread/SMDRZG -threadbare -threader/M -threadlike -thready/TR -threat/SMNX -threaten/DG -threatening/Y -three/SM -threefold -threepence/M -threescore/MS -threesome/SM -threnody/SM -thresh/MDRSZG -thresher/M -threshold/SM -threw -thrice -thrift/SM -thriftily -thriftiness/M -thriftless -thrifty/PTR -thrill/SMDRZG -thriller/M -thrilling/Y -thrive/DSG -throat/SM -throatily -throatiness/M -throaty/RTP -throb/SM -throbbed -throbbing -throe/SM -thrombi -thrombolytic -thromboses -thrombosis/M -thrombotic -thrombus/M -throne's -throne/S -throng/GSMD -throttle/DRSMZG -throttler/M -through -throughout -throughput/M -throw/SMRZG -throwaway/SM -throwback/SM -thrower/M -thrown -thru -thrum/SM -thrummed -thrumming -thrush/MS -thrust/GSM -thruway/MS -thud/MS -thudded -thudding -thug/MS -thuggery/M -thuggish -thulium/M -thumb/SMDG -thumbnail/SM -thumbprint/SM -thumbscrew/SM -thumbtack/SM -thump/SMDG -thumping/M -thunder/ZGMDRS -thunderbolt/SM -thunderclap/SM -thundercloud/MS -thunderer/M -thunderhead/SM -thunderous/Y -thundershower/SM -thunderstorm/SM -thunderstruck -thundery -thunk/S -thus -thwack/ZGSMDR -thwacker/M -thwart/GSMD -thy -thyme/M -thymine/M -thymus/MS -thyroid/MS -thyroidal -thyself -ti/MRZ -tiara/SM -tibia/M -tibiae -tibial -tic/SM -tick/MDRZGS -ticker/M -ticket/GSMD -ticking/M -tickle/DRSMZG -tickler/M -ticklish/YP -ticklishness/M -ticktacktoe/M -ticktock/MS -tidal/Y -tidbit/SM -tiddler/S -tiddly -tiddlywink/S -tiddlywinks/M -tide/MGJDS -tideland/SM -tidemark/S -tidewater/MS -tideway/MS -tidily/U -tidiness/UM -tidings/M -tidy/DRSMTGP -tie's -tie/AUSD -tieback/MS -tiebreak/RSZ -tiebreaker/M -tiepin/S -tier/MD -tiff/MDGS -tiger/SM -tigerish -tight/SNRYPXT -tighten/ZGDR -tightener/M -tightfisted -tightness/M -tightrope/MS -tights/M -tightwad/MS -tigress/MS -til -tilapia -tilde/SM -tile/MZGDRS -tiler/M -tiling/M -till's -till/EDRZGS -tillable -tillage/M -tiller/EM -tilt/MDGS -timber/SMDG -timberland/M -timberline/MS -timbre/SM -timbrel/SM -time/MYZGJDRS -timekeeper/MS -timekeeping/M -timeless/PY -timelessness/M -timeline/MS -timeliness/UM -timely/UPRT -timeout/SM -timepiece/MS -timer/M -timescale/S -timeserver/SM -timeserving/M -timeshare/S -timestamp/SMD -timetable/DSMG -timeworn -timezone -timid/RYTP -timidity/M -timidness/M -timing/M -timorous/PY -timorousness/M -timothy/M -timpani/M -timpanist/SM -tin/SM -tincture/MGDS -tinder/M -tinderbox/MS -tine/MS -tinfoil/M -ting/MDYG -tinge/SM -tingeing -tingle/DSMGJ -tingling/M -tininess/M -tinker/ZGSMDR -tinkerer/M -tinkle/DSMG -tinned -tinniness/M -tinning -tinnitus/M -tinny/PRT -tinplate/M -tinpot -tinsel/GSMD -tinsmith/M -tinsmiths -tint/MDGS -tintinnabulation/MS -tintype/MS -tinware/M -tiny/RTP -tip/SM -tipped -tipper/SM -tippet/SM -tippex/GDS -tipping -tipple/DRSMZG -tippler/M -tipsily -tipsiness/M -tipster/MS -tipsy/RPT -tiptoe/DSM -tiptoeing -tiptop/SM -tirade/SM -tiramisu/MS -tire's -tire/AGDS -tired/PRYT -tiredness/M -tireless/YP -tirelessness/M -tiresome/PY -tiresomeness/M -tissue/SM -tit/SM -titan/SM -titanic -titanium/M -titch/S -titchy -tithe/DRSMZG -tither/M -titian/M -titillate/DSGN -titillating/Y -titillation/M -titivate/DSGN -titivation/M -title/DSMG -titled/U -titleholder/MS -titlist/MS -titmice -titmouse/M -titter/SGMD -tittle/SM -titty/S -titular -tizz -tizzy/SM -tn -tnpk -to/IU -toad/MS -toadstool/MS -toady/DSMG -toadyism/M -toast/SMDRZG -toaster/M -toastmaster/SM -toastmistress/MS -toasty/TRS -tobacco/MS -tobacconist/SM -toboggan/ZGSMDR -tobogganer/M -tobogganing/M -toccata/S -tocopherol -tocsin/SM -today/M -toddle/DRSMZG -toddler/M -toddy/SM -toe/DSM -toecap/SM -toehold/MS -toeing -toenail/MS -toerag/S -toff/S -toffee/SM -tofu/M -tog/SM -toga/MDS -together/P -togetherness/M -togged -togging -toggle/DSMG -togs/M -toil/MDRZGS -toiler/M -toilet/MDGS -toiletry/SM -toilette/M -toilsome -toke/MGDS -token/SM -tokenism/M -told/AU -tole/M -tolerable/I -tolerably/I -tolerance/IM -tolerances -tolerant/IY -tolerate/GNDS -toleration/M -toll/MDGS -tollbooth/M -tollbooths -tollgate/SM -tollway/SM -toluene/M -tom/SM -tomahawk/SGMD -tomato/M -tomatoes -tomb/MDGS -tombola/S -tomboy/MS -tomboyish -tombstone/MS -tomcat/MS -tome/MS -tomfoolery/SM -tomographic -tomography/M -tomorrow/MS -tomtit/MS -ton/SM -tonal/Y -tonality/SM -tone's -tone/IZGDRS -tonearm/SM -toneless/Y -toner/IM -tong/MDGS -tongue/MGDS -tongueless -tonic/SM -tonight/M -tonnage/SM -tonne/SM -tonsil/MS -tonsillectomy/SM -tonsillitis/M -tonsorial -tonsure/DSMG -tony/RT -too -took/A -tool's -tool/ADGS -toolbar/SM -toolbox/MS -toolkit -toolmaker/MS -toot/MDRZGS -tooter/M -tooth/MD -toothache/MS -toothbrush/MS -toothily -toothless -toothpaste/SM -toothpick/SM -toothsome -toothy/RT -tootle/GDS -tootsie/S -top/SM -topaz/MS -topcoat/SM -topdressing/SM -topee/S -topflight -topi -topiary/M -topic/SM -topical/Y -topicality/M -topknot/SM -topless -topmast/SM -topmost -topnotch -topographer/SM -topographic -topographical/Y -topography/SM -topological/Y -topology -topped -topper/MS -topping/SM -topple/GDS -topsail/SM -topside/SM -topsoil/M -topspin/M -toque/SM -tor/SM -torch/GMDS -torchbearer/MS -torchlight/M -tore -toreador/MS -torment/SMDG -tormenting/Y -tormentor/MS -torn -tornado/M -tornadoes -torpedo/GMD -torpedoes -torpid/Y -torpidity/M -torpor/M -torque/MGDS -torrent/SM -torrential -torrid/YP -torridity/M -torridness/M -torsion/M -torsional -torso/SM -tort's -tort/FEAS -torte/SM -tortellini/M -tortilla/MS -tortoise/MS -tortoiseshell/SM -tortoni/M -tortuous/PY -tortuousness/M -torture/DRSMZG -torturer/M -torturous -torus -tosh -toss/MDRSZG -tossup/MS -tot/SGMD -total/GSMDY -totalitarian/SM -totalitarianism/M -totality/SM -totalizator/SM -tote/MS -totem/SM -totemic -totted -totter/ZGMDRS -totterer/M -totting -toucan/MS -touch/AGMDS -touchdown/SM -touche/BJ -touched/U -touchily -touchiness/M -touching/Y -touchline/S -touchpaper/S -touchscreen/MS -touchstone/MS -touchy/RPT -tough/XTGMDNRYP -toughen/ZGDR -toughener/M -toughie/SM -toughness/M -toughs -toupee/MS -tour/CFSGDM -tourism/M -tourist/MS -touristic -touristy -tourmaline/M -tournament/SM -tourney/MS -tourniquet/MS -tousle/GDS -tout/MDGS -tow/SZGMDR -toward/S -towboat/MS -towel/JGSMD -towelette/SM -toweling/M -tower/GMD -towhead/MDS -towhee/MS -towline/MS -town/MS -townee/S -townhouse/MS -townie/MS -townsfolk/M -township/MS -townsman/M -townsmen -townspeople/M -townswoman/M -townswomen -towpath/M -towpaths -towrope/SM -toxemia/M -toxic -toxicity/SM -toxicological -toxicologist/SM -toxicology/M -toxin/SM -toy/SGMD -toyboy/S -tr -trabecula -trabecular -trabecule -trace/JDRSMZG -traceability -traceable/U -tracer/M -tracery/SM -trachea/M -tracheae -tracheal -tracheotomy/SM -tracing/M -track/ZGSMDR -trackball/SM -tracker/M -trackless -tracksuit/S -tract's -tract/CEKFAS -tractability/IM -tractable/I -tractably/I -traction/EFACKM -tractor/FCKMS -trad -trade/JDRSMZG -trademark/SGMD -trader/M -tradesman/M -tradesmen -tradespeople/M -tradeswoman/M -tradeswomen -trading/M -tradition/MS -traditional/Y -traditionalism/M -traditionalist/SM -traduce/DRSZG -traducer/M -traffic/SM -trafficked -trafficker/SM -trafficking/M -tragedian/SM -tragedienne/MS -tragedy/SM -tragic -tragically -tragicomedy/SM -tragicomic -trail/ZGSMDR -trailblazer/MS -trailblazing/M -trailer/M -train/ZGSMDRB -trained/U -trainee/SM -trainer/M -training/M -trainload/MS -trainman/M -trainmen -trainspotter/S -trainspotting -traipse/DSMG -trait/SM -traitor/SM -traitorous/Y -trajectory/SM -tram/MS -tramcar/S -tramlines -trammed -trammel/SGMD -trammeled/U -tramming -tramp/ZGSMDR -tramper/M -trample/DRSMZG -trampler/M -trampoline/MGDS -tramway/S -trance/MS -tranche/S -tranquil/RYT -tranquility/M -tranquilize/ZGDRS -tranquilizer/M -trans/I -transact/DGS -transaction/SM -transactional -transactor/MS -transatlantic -transceiver/SM -transcend/GSD -transcendence/M -transcendent -transcendental/Y -transcendentalism/M -transcendentalist/SM -transcontinental -transcribe/ZGDRS -transcriber/M -transcript/MS -transcription/SM -transducer/MS -transduction -transect/DSG -transept/MS -transfer/MBS -transferal/MS -transference/M -transferred -transferring -transfiguration/M -transfigure/GDS -transfinite -transfix/DSG -transform/BSZGMDR -transformation/SM -transformational -transformer/M -transfuse/DSXGN -transfusion/M -transgender/S -transgenic -transgress/GDS -transgression/SM -transgressor/SM -transience/M -transiency/M -transient/SMY -transistor/SM -transistorize/DSG -transit/SGMD -transition/GSMD -transitional/Y -transitive/ISMY -transitiveness/M -transitivity/M -transitory -transl -translatable/U -translate/DSGNBX -translated/U -translation/M -translator/SM -transliterate/DSGNX -transliteration/M -translocation -translucence/M -translucency/M -translucent/Y -transmigrate/GNDS -transmigration/M -transmissible -transmission/MS -transmit/S -transmittable -transmittal/M -transmittance/M -transmitted -transmitter/SM -transmitting -transmogrification/M -transmogrify/DSNG -transmutation/SM -transmute/BDSG -transnational/MS -transoceanic -transom/SM -transpacific -transparency/SM -transparent/Y -transphobia/M -transphobic -transpiration/M -transpire/DSG -transplant/MDGS -transplantation/M -transpolar -transponder/SM -transport/BSZGMDR -transportation/M -transporter/M -transpose/DSG -transposition/MS -transsexual/SM -transsexualism/M -transship/SL -transshipment/M -transshipped -transshipping -transubstantiation/M -transversal -transverse/MYS -transvestism/M -transvestite/MS -trap/MS -trapdoor/MS -trapeze/SM -trapezium/SM -trapezoid/SM -trapezoidal -trappable -trapped -trapper/SM -trapping/S -trappings/M -trapshooting/M -trash/GMDS -trashcan/MS -trashiness/M -trashy/RPT -trauma/MS -traumatic -traumatically -traumatize/GDS -travail/SGMD -travel/MDRSZGJ -traveled/U -traveler/M -traveling/M -travelogue/MS -traversal/SM -traverse/DSMG -travesty/GDSM -trawl/ZGSMDR -trawler/M -tray/MS -treacherous/PY -treacherousness/M -treachery/SM -treacle/M -treacly -tread/AGSM -treadle/DSMG -treadmill/MS -treas -treason/BM -treasonous -treasure/DRSMZG -treasurer/M -treasury/SM -treat/AGSMD -treatable -treated/U -treatise/SM -treatment/MS -treaty/SM -treble/MGDS -tree/MDS -treeing -treeless -treelike -treeline -treetop/SM -trefoil/SM -trek/MS -trekked -trekker/SM -trekking -trellis/GMDS -trematode/MS -tremble/DSMG -tremendous/Y -tremolo/SM -tremor/MS -tremulous/PY -tremulousness/M -trench's -trench/ADSG -trenchancy/M -trenchant/Y -trencher/MS -trencherman/M -trenchermen -trend/GSMD -trendily -trendiness/M -trendsetter/S -trendsetting -trendy/RSMPT -trepidation/M -trespass/MDRSZG -trespasser/M -tress/EMS -trestle/MS -trews -trey/MS -triad/SM -triage/MD -trial/ASM -trialed -trialing -triangle/SM -triangular/Y -triangulate/GNDS -triangulation/M -triathlete/S -triathlon/SM -tribal -tribalism/M -tribe/SM -tribesman/M -tribesmen -tribeswoman/M -tribeswomen -tribulation/SM -tribunal/SM -tribune/MS -tributary/SM -tribute's -tribute/FS -trice/M -tricentennial/MS -triceps/MS -triceratops/M -trichina/M -trichinae -trichinosis/M -trick/GSMD -trickery/M -trickily -trickiness/M -trickle/MGDS -trickster/SM -tricky/TRP -tricolor/SM -tricycle/SM -trident/MS -tried/U -triennial/MYS -trier/SM -trifecta/SM -trifle/MZGDRS -trifler/M -trifocals/M -trig/M -trigger/MDSG -triglyceride/MS -trigonometric -trigonometrical -trigonometry/M -trike/SM -trilateral/S -trilby/SM -trill/GSMD -trillion/SMH -trillionth/M -trillionths -trillium/M -trilobite/SM -trilogy/SM -trim/PMYS -trimaran/MS -trimester/SM -trimmed/U -trimmer/SM -trimmest -trimming/SM -trimmings/M -trimness/M -trimonthly -trinitrotoluene/M -trinity/SM -trinket/SM -trio/MS -trip/MYS -tripartite -tripe/M -triple/MGDS -triplet/SM -triplex/MS -triplicate/MGDS -tripod/MS -tripodal -tripos -tripped -tripper/SM -tripping -triptych/M -triptychs -tripwire/S -trireme/SM -trisect/SDG -trisection/M -trite/FPYT -triteness/FM -triter -tritium/M -triumph/GMD -triumphal -triumphalism -triumphalist -triumphant/Y -triumphs -triumvir/MS -triumvirate/SM -trivalent -trivet/MS -trivia/M -trivial/Y -triviality/SM -trivialization/M -trivialize/GDS -trivium/M -trochaic -trochee/SM -trod/AU -trodden/A -troglodyte/SM -troika/MS -troll/SGMD -trolley/SM -trolleybus/MS -trollop/SM -trombone/MS -trombonist/MS -tromp/SGD -tron/S -troop/SZGMDR -trooper/M -troopship/MS -trope/SM -trophy/SM -tropic/MS -tropical/Y -tropics/M -tropism/SM -troposphere/SM -trot/MS -troth/M -trotted -trotter/SM -trotting -troubadour/MS -trouble/DSMG -troubled/U -troublemaker/MS -troubleshoot/DRZGS -troubleshooter/M -troubleshooting/M -troubleshot -troublesome/Y -trough/M -troughs -trounce/DRSZG -trouncer/M -troupe/MZGDRS -trouper/M -trouser/SM -trousers/M -trousseau/M -trousseaux -trout/SM -trove/SM -trow/DSG -trowel/MDSG -troy/S -truancy/M -truant/GMDS -truce/SM -truck/SZGMDR -trucker/M -trucking/M -truckle/MGDS -truckload/SM -truculence/M -truculent/Y -trudge/MGDS -true/MTGDRS -truelove/SM -truffle/MS -trug/S -truism/MS -truly/U -trump/SGMD -trumpery/M -trumpet/ZGMDRS -trumpeter/M -truncate/GNDS -truncation/M -truncheon/SM -trundle/MZGDRS -trundler/M -trunk/SGM -truss/GMDS -trust/ESGMD -trustee/MS -trusteeship/SM -trustful/EY -trustfulness/M -trusting/Y -trustworthiness/M -trustworthy/TPR -trusty/TRSM -truth/ZMR -truther/M -truthful/UYP -truthfulness/UM -truthiness -truths/U -try's -try/AGDS -trying/Y -tryout/SM -tryptophan -tryst/SMDG -tsarists -tsetse/MS -tsp -tsunami/SM -ttys -tub/SZGMDR -tuba/MS -tubal -tubby/TR -tube/MS -tubeless/M -tuber/M -tubercle/SM -tubercular -tuberculin/M -tuberculosis/M -tuberculous -tuberose/M -tuberous -tubful/MS -tubing/M -tubular -tubule/MS -tuck/MDRSZG -tucker/MDG -tuft/MDRSZG -tufter/M -tug/SM -tugboat/MS -tugged -tugging -tuition/IM -tularemia/M -tulip/SM -tulle/M -tum/S -tumble/DRSMZG -tumbledown -tumbler/M -tumbleweed/SM -tumbling/M -tumbrel/SM -tumescence/M -tumescent -tumid -tumidity/M -tummy/SM -tumor/SM -tumorous -tumult/SM -tumultuous/Y -tun/SZGMDR -tuna/MS -tundra/SM -tune/MS -tuneful/YP -tunefulness/M -tuneless/Y -tuner/M -tuneup/SM -tungsten/M -tunic/SM -tunnel/JSMDRZG -tunneler/M -tunny/SM -tuple/S -tuppence -tuppenny -tuque/SM -turban/SMD -turbid -turbidity/M -turbine/SM -turbo/SM -turbocharge/ZGDRS -turbocharger/M -turbofan/SM -turbojet/SM -turboprop/SM -turbot/SM -turbulence/M -turbulent/Y -turd/MS -turducken/SM -tureen/SM -turf/MDSG -turfy -turgid/Y -turgidity/M -turkey/SM -turmeric/SM -turmoil/MS -turn/AMDRSZG -turnabout/SM -turnaround/SM -turnbuckle/SM -turncoat/SM -turner/AM -turning/MS -turnip/SM -turnkey/MS -turnoff/MS -turnout/MS -turnover/MS -turnpike/MS -turnstile/SM -turntable/SM -turpentine/M -turpitude/M -turps -turquoise/SM -turret/SMD -turtle/SM -turtledove/SM -turtleneck/SMD -tush/MS -tusk/MDS -tussle/DSMG -tussock/MS -tussocky -tut/SM -tutelage/M -tutelary -tutor/SMDG -tutored/U -tutorial/SM -tutorship/M -tutted -tutti/SM -tutting -tutu/MS -tux/MS -tuxedo/SM -twaddle/MZGDRS -twaddler/M -twain/M -twang/SMDG -twangy/RT -twas -twat/S -tweak/SMDG -twee -tweed/SM -tweeds/M -tweedy/RT -tween -tweet's -tweet/ASDG -tweeter/SM -tweezers/M -twelfth/M -twelfths -twelve/SM -twelvemonth/M -twelvemonths -twentieth/M -twentieths -twenty/SMH -twerk/SDG -twerp/SM -twice -twiddle/MGDS -twiddly -twig/MS -twigged -twigging -twiggy/TR -twilight/M -twilit -twill/MD -twin/MDRSZG -twine/SM -twiner/M -twinge/DSMG -twink/SY -twinkle/MGJDS -twinkling/M -twinned -twinning -twinset/S -twirl/SMDRZG -twirler/M -twirly -twist's -twist/USDG -twister/MS -twisty/TR -twit/MS -twitch/GMDS -twitchy/RT -twitted -twitter/MDSG -twittery -twitting -twixt -two/SM -twofer/SM -twofold -twopence/SM -twopenny -twosome/SM -twp -tycoon/SM -tying/AU -tyke/MS -tympani/M -tympanic -tympanist/MS -tympanum/SM -type's -type/AGDS -typecast/GS -typeface/MS -typescript/MS -typeset/S -typesetter/MS -typesetting/M -typewrite/RSZG -typewriter/M -typewriting/M -typewritten -typewrote -typhoid/M -typhoon/MS -typhus/M -typical/UY -typicality/M -typification/M -typify/NGDS -typing/M -typist/SM -typo/MS -typographer/SM -typographic -typographical/Y -typography/M -typology/SM -tyrannic -tyrannical/Y -tyrannicidal -tyrannicide/S -tyrannize/GDS -tyrannosaur/MS -tyrannosaurus/MS -tyrannous -tyranny/SM -tyrant/SM -tyro/MS -tzatziki -u/S -ubiquitous/Y -ubiquity/M -udder/SM -ufologist/SM -ufology/M -ugh -ugliness/M -ugly/RTP -uh -uhf -ukase/SM -ukulele/SM -ulcer/SM -ulcerate/XDSGN -ulceration/M -ulcerous -ulna/M -ulnae -ulnar -ulster/MS -ult -ulterior -ultimate/MY -ultimatum/MS -ultimo -ultra/SM -ultraconservative/SM -ultrahigh -ultralight/SM -ultramarine/M -ultramodern -ultrasensitive -ultrashort -ultrasonic -ultrasonically -ultrasound/MS -ultraviolet/M -ululate/DSGNX -ululation/M -um -umbel/SM -umber/M -umbilical -umbilici -umbilicus/M -umbra/SM -umbrage/M -umbrella/SM -umiak/SM -umlaut/MS -ump/SGMD -umpire/MGDS -umpteen/H -unabridged/MS -unacceptability -unacceptable -unaccommodating -unaccountably -unadventurous -unaesthetic -unalterably -unambitious -unanimity/M -unanimous/Y -unapparent -unappetizing -unappreciative -unary -unassertive -unassimilable -unassuming/Y -unavailing/Y -unaware/S -unbeknownst -unbend/SG -unbent -unbid -unblinking/Y -unblushing/Y -unbosom/DG -unbound/D -unbox/GDS -unbreakable -unbroken -uncanny/T -uncap/S -uncaring -uncatalogued -unceasing/Y -unchangeable -uncharacteristic -uncharitable -unchaste/RT -uncial/M -uncle/SM -unclean/DRPT -uncleanly/T -unclear/DRT -uncomfortable -uncommon/T -uncompelling -uncomplaining/Y -uncomplicated -uncomprehending/Y -uncompromising/Y -unconditional/Y -uncongenial -unconscionable -unconscionably -unconscious/M -unconstitutional/Y -uncontrollably -uncontroversial -uncool -uncooperative -uncouth/Y -uncrushable -unction/SM -unctuous/YP -unctuousness/M -uncut -undaunted/Y -undecided/SM -undemonstrative/Y -undeniably -under -underachieve/LZGDRS -underachiever/M -underact/SDG -underage -underappreciated -underarm/SM -underbelly/SM -underbid/S -underbidding -underbrush/M -undercarriage/MS -undercharge/MGDS -underclass/MS -underclassman/M -underclassmen -underclothes/M -underclothing/M -undercoat/GJSMD -undercoating/M -undercover -undercurrent/SM -undercut/SM -undercutting -underdeveloped -underdevelopment/M -underdog/SM -underdone -underemployed -underemployment/M -underestimate/DSMGNX -underestimation/M -underexpose/GDS -underexposure/MS -underfed -underfeed/GS -underfloor -underflow -underfoot -underfunded -underfur/M -undergarment/SM -undergo/G -undergoes -undergone -undergrad/S -undergraduate/SM -underground/MS -undergrowth/M -underhand -underhanded/PY -underhandedness/M -underinflated -underlain -underlay/SM -underlie/S -underline/MGDS -underling/MS -underlip/SM -underlying -undermanned -undermentioned -undermine/GDS -undermost -underneath/M -underneaths -undernourished -undernourishment/M -underpaid -underpants/M -underpart/MS -underpass/MS -underpay/GSL -underpayment/SM -underpin/S -underpinned -underpinning/MS -underplay/DGS -underpopulated -underprivileged -underproduction/M -underrate/GDS -underrepresented -underscore/DSMG -undersea/S -undersecretary/SM -undersell/GS -undersexed -undershirt/SM -undershoot/SG -undershorts/M -undershot -underside/MS -undersign/DGS -undersigned/M -undersized -underskirt/SM -undersold -understaffed -understand/SGBJ -understandably -understanding/MY -understate/DSLG -understatement/SM -understood -understudy/GDSM -undertake/ZGJRS -undertaken -undertaker/M -undertaking/M -underthings/M -undertone/MS -undertook -undertow/SM -underused -underutilized -undervaluation/M -undervalue/DSG -underwater -underway -underwear/M -underweight/M -underwent -underwhelm/DGS -underwire/DS -underworld/MS -underwrite/ZGRS -underwriter/M -underwritten -underwrote -undesirable/MS -undies/M -undo -undoubted/Y -undramatic -undue -undulant -undulate/DSXGN -undulation/M -undying -unearthliness/M -unease/M -uneasy/T -uneatable -uneconomic -unemployed/M -unending -unenterprising -unequal/DY -unerring/Y -unessential -uneven/Y -unexceptionably -unexcited -unexciting -unexpected/YP -unexpectedness/M -unfailing/Y -unfair/PTRY -unfaltering -unfamiliar -unfathomably -unfed -unfeeling/Y -unfeminine -unfit/S -unfitting -unfix/GDS -unflagging/Y -unflappability/M -unflappable -unflappably -unflattering -unflinching/Y -unforgettably -unforgivably -unfortunate/MS -unfriendly/T -unfrock/DG -unfruitful -unfunny -ungainliness/M -ungainly/RPT -ungenerous -ungentle -ungodly/T -ungraceful/Y -ungrudging -unguarded -unguent/SM -ungulate/MS -unhandy/T -unhappy/T -unhealthful -unhealthy/T -unhistorical -unholy/T -unhurt -unicameral -unicellular -unicorn/SM -unicycle/SM -unidirectional -unification/AM -uniform/SMDYG -uniformity/M -unify/AGDSN -unilateral/Y -unilateralism -unimportant -unimpressive -uninformative -uninhibited/Y -uninsured -unintelligent -unintended -uninteresting -uninterrupted/Y -uninterruptible -uninviting -union/ASM -unionism/M -unionist/MS -unique/YTRP -uniqueness/M -unisex/M -unison/M -unitary -unite/AEGSD -unitedly -unities -unitize/DSG -unity/EM -univalent -univalve/SM -universal/MYS -universalism -universalist -universality/M -universalize/DSG -universe/SM -university/SM -univocal -unjust/Y -unkempt -unkind/T -unkindly/T -unknowable/M -unknown/SM -unleaded/M -unless -unlike/PB -unlikely/T -unlit -unlock/DSG -unlovable -unlovely/TR -unloving -unlucky/T -unmanly/T -unmarried -unmeaning -unmentionable/MS -unmentionables/M -unmet -unmindful -unmissable -unmistakably -unmoral -unmovable -unmusical -unnecessary -unnerving/Y -unobservant -unoffensive -unofficial/Y -unoriginal -unpeople -unperceptive -unpersuasive -unpick/GDS -unpin/S -unpleasing -unpolitical -unpopular -unpractical -unprecedented/Y -unprofessional/Y -unpromising -unpropitious -unquestioning/Y -unquiet/TR -unread/B -unready -unreal -unreasoning -unregenerate -unrelated -unrelenting/Y -unrelieved/Y -unremarkable -unremitting/Y -unrepentant -unreported -unrepresentative -unrest/M -unrevealing -unripe/TR -unroll/GDS -unromantic -unruliness/M -unruly/RTP -unsafe/YTR -unsaleable -unsavory -unscathed -unseeing/Y -unseemly/T -unseen/M -unsentimental -unset -unshakable -unshakably -unshapely -unshockable -unshorn -unsightliness/M -unsightly/PT -unsmiling -unsociable -unsocial -unsold -unsound/PRYT -unspeakable -unspeakably -unspecific -unspectacular -unsporting -unstable -unsteady/TRP -unstinting/Y -unstrapping -unsubstantial -unsubtle -unsuitable -unsure -unsuspecting/Y -unsymmetrical -untactful -unthinkably -unthinking/Y -untidy/PTR -until -untimely/T -untiring/Y -untouchable/MS -untoward -untrue/RT -untrustworthy -untruth/M -unutterable -unutterably -unwarrantable -unwary/T -unwavering -unwed -unwelcome/G -unwell -unwieldiness/M -unwieldy/TRP -unwise/RYT -unworried -unworthy/T -unwound -unwrapping -unyielding -up/S -upbeat/MS -upbraid/SGD -upbringing/MS -upchuck/SGD -upcoming -upcountry/M -update/MGDRS -updraft/MS -upend/SGD -upfront -upgrade/MGDS -upheaval/MS -upheld -uphill/MS -uphold/ZGRS -upholder/M -upholster/ASGD -upholsterer/MS -upholstery/M -upkeep/M -upland/MS -uplift/JSMDG -upload/SDG -upmarket -upmost -upon -upped -upper/SM -uppercase/M -upperclassman/M -upperclassmen -upperclasswoman -upperclasswomen -uppercut/MS -uppercutting -uppermost -upping -uppish -uppity -upraise/DSG -uprear/GSD -upright/MYPS -uprightness/M -uprising/SM -upriver -uproar/SM -uproarious/Y -uproot/GSD -upscale -upset/SM -upsetting -upshot/SM -upside/SM -upsilon/MS -upstage/GDS -upstairs -upstanding -upstart/MDSG -upstate/M -upstream -upstroke/SM -upsurge/MGDS -upswing/MS -uptake/SM -uptempo -upthrust/GSM -uptick/SM -uptight -uptown/M -uptrend -upturn/GSMD -upward/SY -upwind -uracil/M -uranium/M -urban -urbane/RYT -urbanity/M -urbanization/M -urbanize/DSG -urbanologist/MS -urbanology/M -urchin/SM -urea/M -uremia/M -uremic -ureter/SM -urethane/M -urethra/M -urethrae -urethral -urge/MGDS -urgency/M -urgent/Y -uric -urinal/SM -urinalyses -urinalysis/M -urinary -urinate/GNDS -urination/M -urine/M -urn/SM -urogenital -urological -urologist/MS -urology/M -ursine -urticaria/M -usability/M -usable/UA -usage/SM -use/AEDSMG -used/U -useful/PY -usefulness/M -useless/YP -uselessness/M -user/MS -username/MS -usher/SMDG -usherette/SM -usu -usual's -usual/UY -usurer/SM -usurious -usurp/SDRZG -usurpation/M -usurper/M -usury/M -utensil/SM -uteri -uterine -uterus/M -utilitarian/MS -utilitarianism/M -utility/SM -utilization/M -utilize/GBDS -utmost/M -utopia/SM -utter/SDYG -utterance/SM -uttermost/M -uveitis -uvula/SM -uvular/MS -uxorious -v/AS -vac/S -vacancy/SM -vacant/Y -vacate/DSG -vacation/ZGMDRS -vacationer/M -vacationist/SM -vaccinate/GNDSX -vaccination/M -vaccine/SM -vacillate/XGNDS -vacillation/M -vacuity/M -vacuole/MS -vacuous/YP -vacuousness/M -vacuum/GSMD -vagabond/SMDG -vagabondage/M -vagarious -vagary/SM -vagina/SM -vaginae -vaginal/Y -vaginitis -vagrancy/M -vagrant/MS -vague/RYTP -vagueness/M -vagus -vain/RYT -vainglorious/Y -vainglory/M -val -valance/MS -vale/MS -valediction/MS -valedictorian/SM -valedictory/SM -valence/MS -valency/SM -valentine/SM -valet/SMDG -valetudinarian/MS -valetudinarianism/M -valiance/M -valiant/Y -valid/Y -validate/IGNDS -validation/IM -validations -validity/IM -validness/M -valise/SM -valley/SM -valor/M -valorous/Y -valuable/MS -valuate/DSG -valuation/CAMS -value's -value/CAGSD -valueless -valuer/SM -valve/DSMG -valveless -valvular -vamoose/DSG -vamp/AMDGS -vampire/SM -van/SM -vanadium/M -vandal/SM -vandalism/M -vandalize/DSG -vane/MS -vanguard/MS -vanilla/SM -vanish/JDSG -vanity/SM -vanned -vanning -vanquish/ZGDRS -vanquisher/M -vantage/SM -vape/GDS -vapid/YP -vapidity/M -vapidness/M -vapor/SM -vaporization/M -vaporize/DRSZG -vaporizer/M -vaporous -vaporware -vapory -vaquero/MS -var/S -variability/IM -variable/ISM -variably/I -variance/SM -variant/MS -variate/NX -variation/M -varicolored -varicose -varied/U -variegate/DSGN -variegation/M -varietal/SM -variety/SM -various/Y -varlet/SM -varmint/MS -varnish/GMDS -varnished/U -varsity/SM -vary/DSG -varying/U -vascular -vase/MS -vasectomy/SM -vasoconstriction -vasomotor -vassal/SM -vassalage/M -vast/MRYTSP -vastness/M -vat/SM -vatted -vatting -vaudeville/M -vaudevillian/MS -vault/SMDRZG -vaulter/M -vaulting/M -vaunt/SMDG -vb -veal/M -vector/SGMD -veejay/SM -veep/MS -veer/MDGS -veg/M -vegan/SM -veganism -vegeburger/S -veges -vegetable/SM -vegetarian/SM -vegetarianism/M -vegetate/GNVDS -vegetation/M -vegged -vegges -veggie/SM -veggieburger/S -vegging -vehemence/M -vehemency/M -vehement/Y -vehicle/MS -vehicular -veil's -veil/UDGS -vein/MDGS -vela -velar/SM -veld/MS -vellum/M -velocipede/MS -velocity/SM -velodrome/S -velour/MS -velum/M -velvet/M -velveteen/M -velvety -venal/Y -venality/M -venation/M -vend/DGS -vendetta/SM -vendible -vendor/MS -veneer/MDGS -venerability/M -venerable -venerate/DSGN -veneration/M -venereal -vengeance/M -vengeful/AY -venial -venireman/M -veniremen -venison/M -venom/M -venomous/Y -venous -vent's -vent/DGS -ventilate/GNDS -ventilation/M -ventilator/SM -ventilatory -ventral -ventricle/SM -ventricular -ventriloquism/M -ventriloquist/SM -ventriloquy/M -venture/DSMG -venturesome/PY -venturesomeness/M -venturous/PY -venturousness/M -venue/ASM -veracious/Y -veracity/M -veranda/SM -verapamil -verb/KMS -verbal/MYS -verbalization/M -verbalize/GDS -verbatim -verbena/SM -verbiage/MS -verbose/Y -verbosity/M -verboten -verdant/Y -verdict/SM -verdigris/GMDS -verdure/M -verge's -verge/FDSG -verger/MS -verifiable/U -verification/M -verified/U -verify/DSNG -verily -verisimilitude/M -veritable -veritably -verity/SM -vermicelli/M -vermiculite/M -vermiform -vermilion/M -vermin/M -verminous -vermouth/M -vernacular/MS -vernal -vernier/SM -veronica/M -verruca/SM -verrucae -versa -versatile -versatility/M -verse/AFNGMSDX -versed/U -versification/M -versifier/M -versify/ZGNDRS -version/AFIMS -versioned -versioning -verso/SM -versus -vert/A -vertebra/M -vertebrae -vertebral -vertebrate/IMS -vertex/MS -vertical/MYS -vertices -vertiginous -vertigo/M -verve/M -very/RT -vesicle/SM -vesicular -vesiculate -vesper/MS -vessel/MS -vest's -vest/ILDGS -vestal/MS -vestibule/MS -vestige/SM -vestigial/Y -vesting/M -vestment/IMS -vestry/SM -vestryman/M -vestrymen -vet/SM -vetch/MS -veteran/SM -veterinarian/MS -veterinary/SM -veto/MDG -vetoes -vetted -vetting -vex/GDS -vexation/SM -vexatious/Y -vhf -vi -via -viability/M -viable -viably -viaduct/SM -vial/MS -viand/SM -vibe/MS -vibes/M -vibraharp/SM -vibrancy/M -vibrant/Y -vibraphone/MS -vibraphonist/MS -vibrate/GNDSX -vibration/M -vibrato/MS -vibrator/SM -vibratory -viburnum/SM -vicar/SM -vicarage/SM -vicarious/YP -vicariousness/M -vice/CMS -viced -vicegerent/SM -vicennial -viceregal -viceroy/MS -vichyssoise/M -vicing -vicinity/M -vicious/YP -viciousness/M -vicissitude/SM -victim/MS -victimization/M -victimize/GDS -victimless -victor/MS -victorious/Y -victory/SM -victual/SMDG -vicuna/MS -videlicet -video/GSMD -videocassette/SM -videoconferencing -videodisc/MS -videophone/MS -videotape/DSMG -videotex -vie/DS -view/AMDRSZG -viewable -viewer/AM -viewership/M -viewfinder/SM -viewing/SM -viewpoint/MS -vigesimal -vigil/SM -vigilance/M -vigilant/Y -vigilante/SM -vigilantism/M -vigilantist/M -vignette/DSMG -vignettist/MS -vigor/M -vigorous/Y -vii -viii -viking/MS -vile/YTPR -vileness/M -vilification/M -vilify/DSNG -villa/SM -village/RSMZ -villager/M -villain/SM -villainous -villainy/SM -villein/SM -villeinage/M -villi -villus/M -vim/M -vinaigrette/M -vincible/I -vindicate/XDSGN -vindication/M -vindicator/MS -vindictive/PY -vindictiveness/M -vine/MS -vinegar/M -vinegary -vineyard/MS -vino/M -vinous -vintage/MS -vintner/MS -vinyl/SM -viol/MBS -viola/SM -violable/I -violate/GNDSX -violation/M -violator/SM -violence/M -violent/Y -violet/MS -violin/MS -violincello/S -violinist/SM -violist/MS -violoncellist/SM -violoncello/MS -viper/SM -viperous -virago/M -viragoes -viral -vireo/SM -virgin/MS -virginal/SM -virginity/M -virgule/MS -virile -virility/M -virologist/SM -virology/M -virtual/Y -virtualization -virtue/SM -virtuosity/M -virtuoso/M -virtuous/YP -virtuousness/M -virulence/M -virulent/Y -virus/MS -visa/MDSG -visage/MS -viscera -visceral/Y -viscid -viscose/M -viscosity/M -viscount/SM -viscountcy/SM -viscountess/MS -viscous -viscus/M -vise/ACMGDS -visibility/IM -visible/I -visibly/I -vision/KGDSM -visionary/SM -visit's -visit/ASGD -visitant/MS -visitation/MS -visitor/MS -visor/SM -vista/SM -visual/SMY -visualization/SM -visualize/DRSZG -visualizer/M -vita/M -vitae -vital/SY -vitality/M -vitalization/AM -vitalize/CAGSD -vitals/M -vitamin/MS -vitiate/GNDS -vitiation/M -viticulture/M -viticulturist/MS -vitreous -vitrifaction/M -vitrification/M -vitrify/GNDS -vitrine/SM -vitriol/M -vitriolic -vitriolically -vittles/M -vituperate/GNVDS -vituperation/M -viva/MS -vivace -vivacious/PY -vivaciousness/M -vivacity/M -vivaria -vivarium/SM -vivid/RYTP -vividness/M -vivify/ADSG -viviparous -vivisect/DGS -vivisection/M -vivisectional -vivisectionist/SM -vixen/SM -vixenish/Y -viz -vizier/SM -vlf -vocab -vocable/MS -vocabulary/SM -vocal/SMY -vocalic -vocalist/SM -vocalization/MS -vocalize/DSG -vocation/FIKASM -vocational/Y -vocative/MS -vociferate/DSGN -vociferation/M -vociferous/YP -vociferousness/M -vodka/SM -vogue/SM -voguish -voice/IDSMG -voiced/U -voiceless/PY -voicelessness/M -voicemail/SM -void/MDSGB -voila -voile/M -vol/S -volatile -volatility/M -volatilize/DSG -volcanic -volcanism -volcano/M -volcanoes -vole/MS -volition/M -volitional -volley/GSMD -volleyball/MS -volt/AMS -voltage/MS -voltaic -voltmeter/SM -volubility/M -voluble -volubly -volume/SM -volumetric -voluminous/YP -voluminousness/M -voluntarily/I -voluntarism/M -voluntary/SM -volunteer/SGMD -volunteerism/M -voluptuary/SM -voluptuous/PY -voluptuousness/M -volute/SM -vomit/SMDG -voodoo/GSMD -voodooism/M -voracious/PY -voraciousness/M -voracity/M -vortex/MS -votary/SM -vote's -vote/CGVDS -voter/SM -vouch/DRSZG -voucher/M -vouchsafe/DSG -vow/SGMD -vowel/SM -voyage/MZGDRS -voyager/M -voyageur/SM -voyeur/MS -voyeurism/M -voyeuristic -vulcanization/M -vulcanize/GDS -vulgar/RYT -vulgarian/MS -vulgarism/MS -vulgarity/SM -vulgarization/M -vulgarize/ZGDRS -vulgarizer/M -vulnerabilities -vulnerability/IM -vulnerable/I -vulnerably/I -vulpine -vulture/SM -vulturous -vulva/M -vulvae -vuvuzela/MS -vying -w/DNXTGVJ -wabbit/S -wack/MRTS -wackiness/M -wacko/SM -wacky/RPT -wad/SZGMDR -wadded -wadding/M -waddle/DSMG -wade/MS -wader/M -waders/M -wadge/S -wadi/MS -wafer/SM -waffle/MZGDRS -waffler/M -waft/MDGS -wag/SZGMDR -wage/MS -waged/U -wager/ZGMDR -wagerer/M -wagged -waggery/SM -wagging -waggish/YP -waggishness/M -waggle/MGDS -wagon/ZSMR -wagoner/M -wagtail/SM -waif/MS -wail/MDRZGS -wailer/M -wailing/M -wain/MS -wainscot/SJMDG -wainscoting/M -wainwright/MS -waist/SM -waistband/MS -waistcoat/MS -waistline/MS -wait/MDRZGS -waiter/M -waiting/M -waitperson/MS -waitress/MS -waitstaff/M -waive/DRSZG -waiver/M -wake/MGJDS -wakeful/PY -wakefulness/M -waken/GSD -waldo/S -waldoes -wale/MGDS -walk/MDRZGS -walkabout/S -walkaway/MS -walker/M -walkies -walking/M -walkout/SM -walkover/MS -walkway/SM -wall/MDGS -wallaby/SM -wallah -wallahs -wallboard/M -wallet/MS -walleye/DSM -wallflower/MS -wallop/MDSJG -walloping/M -wallow/MDSG -wallpaper/SMDG -wally/S -walnut/MS -walrus/MS -waltz/ZGMDRS -waltzer/M -wampum/M -wan/GPDY -wand/MS -wander/DRSJZG -wanderer/M -wanderings/M -wanderlust/SM -wane/MS -wangle/MZGDRS -wangler/M -wank/DRZGS -wanna -wannabe/SM -wannabee/S -wanner -wanness/M -wannest -want/MDGS -wanted/U -wanton/MDYSPG -wantonness/M -wapiti/MS -war/SM -warble/MZGDRS -warbler/M -warbonnet/SM -ward/AMDGS -warden/MS -warder/MS -wardress/S -wardrobe/SM -wardroom/SM -ware/MS -warehouse/DSMG -warez -warfare/M -warfarin -warhead/MS -warhorse/SM -warily/U -wariness/UM -warlike -warlock/MS -warlord/MS -warm/PDRYHZTGS -warmblooded -warmer/M -warmhearted/P -warmheartedness/M -warmish -warmness/M -warmonger/SMG -warmongering/M -warmth/M -warn/JDGS -warning/M -warp/MDGS -warpaint -warpath/M -warpaths -warplane/MS -warrant/GMDS -warranted/U -warranty/DSMG -warred -warren/MS -warring -warrior/SM -warship/SM -wart/MS -warthog/SM -wartime/M -warty/TR -wary/UPRT -was -wasabi -wash/BJMDRSZG -washable/SM -washbasin/SM -washboard/SM -washbowl/SM -washcloth/M -washcloths -washed/U -washer/M -washerwoman/M -washerwomen -washing/M -washout/MS -washrag/MS -washroom/MS -washstand/SM -washtub/MS -washy/TR -wasn't -wasp/MS -waspish/YP -waspishness/M -wassail/SMDG -wast -wastage/M -waste/DRSMZG -wastebasket/MS -wasteful/PY -wastefulness/M -wasteland/SM -wastepaper/M -waster/M -wastewater -wastrel/SM -watch/BZGMDRS -watchable/U -watchband/MS -watchdog/SM -watcher/M -watchful/YP -watchfulness/M -watchmaker/MS -watchmaking/M -watchman/M -watchmen -watchstrap/S -watchtower/SM -watchword/MS -water/GSMD -waterbed/MS -waterbird/SM -waterboard/MDJSG -waterboarding/M -waterborne -watercolor/MS -watercourse/SM -watercraft/M -watercress/M -waterfall/SM -waterfowl/SM -waterfront/MS -waterhole/SM -wateriness/M -waterlily/SM -waterline/MS -waterlogged -watermark/MDGS -watermelon/SM -watermill/MS -waterproof/SMDG -waterproofing/M -waters/M -watershed/MS -waterside/MS -waterspout/SM -watertight -waterway/MS -waterwheel/SM -waterworks/M -watery/PTR -watt/MS -wattage/M -wattle/MGDS -wave/MZGDRS -waveband/S -waveform -wavefront -wavelength/M -wavelengths -wavelet/SM -wavelike -waver/ZGMDR -waverer/M -wavering/Y -waviness/M -wavy/PRT -wax/GMDNS -waxiness/M -waxwing/SM -waxwork/SM -waxy/RPT -way/SM -waybill/SM -wayfarer/MS -wayfaring/SM -waylaid -waylay/RSZG -waylayer/M -wayside/SM -wayward/PY -waywardness/M -wazoo/S -we -we'd -we'll -we're -we've -weak/PNRYXT -weaken/DRZG -weakener/M -weakfish/MS -weakish -weakling/SM -weakness/MS -weal/MHS -wealth/M -wealthiness/M -wealthy/TRP -wean/DGS -weapon/MS -weaponize/GDS -weaponless -weaponry/M -wear/MRBJSZG -wearable/U -wearer/M -wearied/U -wearily -weariness/M -wearisome/Y -weary/TGDRSP -weasel/MDYSG -weather/SMDG -weatherboard/SG -weathercock/MS -weathering/M -weatherization/M -weatherize/DSG -weatherman/M -weathermen -weatherperson/MS -weatherproof/GSD -weatherstrip/S -weatherstripped -weatherstripping/M -weave/DRSMZG -weaver/M -weaving/M -web/SM -webbed -webbing/M -webcam/MS -webcast/SMG -webfeet -webfoot/M -webinar/SM -webisode/MS -weblog/MS -webmaster/SM -webmistress/MS -website/SM -wed/AS -wedded/A -wedder -wedding/SM -wedge/DSMG -wedgie/MS -wedlock/M -wee/RSMT -weed/MDRSZG -weeder/M -weedkiller/S -weedless -weedy/TR -weeing -week/MYS -weekday/SM -weekend/SZGMDR -weekly/SM -weeknight/SM -ween/DSG -weenie/MTRS -weensy/RT -weeny -weep/MRJSZG -weeper/M -weepie -weepy/TRSM -weevil/MS -weft/MS -weigh's -weigh/AGD -weighbridge/S -weighs/A -weight/MDSJG -weighted/U -weightily -weightiness/M -weightless/YP -weightlessness/M -weightlifter/MS -weightlifting/M -weighty/PTR -weir/MS -weird/PTRY -weirdie/MS -weirdness/M -weirdo/MS -welcome/MGDS -weld/MDRBSZG -welder/M -welfare/M -welkin/M -well/MDPSG -wellhead/SM -wellie -wellington/MS -wellness/M -wellspring/MS -welly/S -welsh/ZGDRS -welsher/M -welt/MDRSZG -welter/GMD -welterweight/SM -wen/M -wench/MS -wend/DSG -went -wept -were -weren't -werewolf/M -werewolves -west/M -westbound -westerly/SM -western/SZMR -westerner/M -westernization/M -westernize/GDS -westernmost -westward/S -wet/SMYP -wetback/SM -wetland/SM -wetness/M -wetter/SM -wettest -wetting -wetware/S -whack/SJZGMDR -whacker/M -whale/DRSMZG -whaleboat/MS -whalebone/M -whaler/M -whaling/M -wham/MS -whammed -whamming -whammy/SM -wharf/M -wharves -what/MS -whatchamacallit/MS -whatever -whatnot/M -whatshername -whatshisname -whatsit/S -whatsoever -wheal/SM -wheat/MN -wheatgerm -wheatmeal -whee -wheedle/DRSZG -wheedler/M -wheel/SMDRG -wheelbarrow/SM -wheelbase/SM -wheelchair/SM -wheelhouse/MS -wheelie/SM -wheelwright/MS -wheeze/DSMG -wheezily -wheeziness/M -wheezy/PRT -whelk/SMD -whelm/SDG -whelp/SMDG -when/MS -whence -whenever -whensoever -where/SM -whereabouts/M -whereas -whereat -whereby -wherefore/MS -wherein -whereof -whereon -wheresoever -whereto -whereupon -wherever -wherewith -wherewithal/M -wherry/SM -whet/S -whether -whetstone/SM -whetted -whetting -whew -whey/M -which -whichever -whiff/SMDG -whiffletree/MS -while/DSMG -whilom -whilst -whim/MS -whimper/MDGS -whimsical/Y -whimsicality/M -whimsy/SM -whine/DRSMZG -whiner/M -whinge/DRSZG -whingeing -whinny/GDSM -whiny/RT -whip/MS -whipcord/M -whiplash/MS -whipped -whipper/MS -whippersnapper/MS -whippet/MS -whipping/SM -whippletree/SM -whippoorwill/MS -whipsaw/MDGS -whir/MS -whirl/SMDG -whirligig/MS -whirlpool/MS -whirlwind/MS -whirlybird/SM -whirred -whirring -whisk/SMDRZG -whisker/MD -whiskery -whiskey/MS -whiskys -whisper/MDRSZG -whisperer/M -whist/M -whistle/MZGDRS -whistler/M -whit/MDNRSXTGJ -white/SPM -whitebait -whiteboard/S -whitecap/SM -whitefish/MS -whitehead/MS -whitelist/GDS -whiten/ZGDRJ -whitener/M -whiteness/M -whitening/M -whiteout/SM -whitetail/MS -whitewall/SM -whitewash/MDSG -whitewater/M -whitey/SM -whither -whiting/M -whitish -whittle/ZGDRS -whittler/M -whiz/M -whizkid/M -whizzbang/MS -whizzed -whizzes -whizzing -who'd -who'll -who're -who've -who/M -whoa -whodunit/MS -whoever -whole/SMP -wholefood/S -wholegrain -wholehearted/YP -wholeheartedness/M -wholemeal -wholeness/M -wholesale/MZGDRS -wholesaler/M -wholesome/UP -wholesomely -wholesomeness/UM -wholewheat -wholly -whom -whomever -whomsoever -whoop/SMDRZG -whoopee/S -whooper/M -whoosh/MDSG -whop/S -whopped -whopper/SM -whopping -whore/SMG -whorehouse/MS -whoreish -whorish -whorl/SMD -whose -whoso -whosoever -whup/S -whupped -whupping -why'd -why/M -whys -wick/MDRSZ -wicked/TPRY -wickedness/M -wicker/M -wickerwork/M -wicket/SM -wide/YTRP -widemouthed -widen/SDRZG -widener/M -wideness/M -widescreen/MS -widespread -widget/S -widow/SMDRZG -widower/M -widowhood/M -width/M -widths -wield/SDRZG -wielder/M -wiener/SM -wienie/SM -wife/MY -wifeless -wig/SM -wigeon/M -wigged -wigging -wiggle/DRSMZG -wiggler/M -wiggly/TR -wight/SM -wiglet/SM -wigwag/SM -wigwagged -wigwagging -wigwam/SM -wiki/MS -wild/MRYSTP -wildcard/MS -wildcat/MS -wildcatted -wildcatter/MS -wildcatting -wildebeest/MS -wilderness/MS -wildfire/MS -wildflower/SM -wildfowl/M -wildlife/M -wildness/M -wilds/M -wile/MGDS -wiliness/M -will/MDS -willful/PY -willfulness/M -willies/M -willing/UPY -willingness/UM -williwaw/MS -willow/SM -willowy -willpower/M -willy/S -wilt/MDSG -wily/RTP -wimp/MDSG -wimpish -wimple/DSMG -wimpy/RT -win/SGMD -wince/DSMG -winch/MDSG -wind's -wind/UASG -windbag/SM -windblown -windbreak/SZMR -windbreaker/M -windburn/MD -windcheater/S -windchill/M -winded -winder/SM -windfall/MS -windflower/MS -windily -windiness/M -winding's -windjammer/SM -windlass/MS -windless -windmill/MDGS -window/SMDG -windowless -windowpane/SM -windowsill/SM -windpipe/MS -windproof -windrow/SM -windscreen/SM -windshield/SM -windsock/MS -windstorm/MS -windsurf/ZGDRS -windsurfer/M -windsurfing/M -windswept -windup/SM -windward/M -windy/RTP -wine/MS -wineglass/MS -winegrower/MS -winemaker/MS -winery/SM -wing/MDRZG -wingding/MS -wingless -winglike -wingnut/SM -wingspan/MS -wingspread/SM -wingtip/SM -wink/MDRSZG -winker/M -winkle/DSMG -winnable/U -winner/SM -winning/MYS -winnow/ZGSDR -winnower/M -wino/MS -winsome/YTRP -winsomeness/M -winter/GSMD -wintergreen/M -winterize/GDS -wintertime/M -wintry/TR -winy/RT -wipe/MZGDRS -wiper/M -wire's -wire/AGDS -wired/S -wirehair/MS -wireless/MS -wiretap/MS -wiretapped -wiretapper/SM -wiretapping/M -wiriness/M -wiring/M -wiry/RTP -wisdom/M -wise/MYTGDRS -wiseacre/SM -wisecrack/MDSG -wiseguy/S -wish/MDRSZG -wishbone/SM -wisher/M -wishful/Y -wishlist's -wisp/MS -wispy/RT -wist -wisteria/SM -wistful/YP -wistfulness/M -wit/SM -witch/MDSG -witchcraft/M -witchery/M -with -withal -withdraw/SG -withdrawal/MS -withdrawn -withdrew -withe/DRSMZG -wither/JGD -withering/Y -withers/M -withheld -withhold/SG -withholding/M -within/M -without -withstand/GS -withstood -witless/PY -witlessness/M -witness/MDSG -wits/M -witted -witter/SGD -witticism/SM -wittily -wittiness/M -witting/UY -witty/RPT -wive/GDS -wiz -wizard/SMY -wizardry/M -wizened -wk/Y -woad/M -wobble/MGDS -wobbliness/M -wobbly/RTP -wodge/S -woe/SM -woebegone -woeful/YP -woefuller -woefullest -woefulness/M -wog/S -wok/SMN -woke -wold/MS -wolf/MDSG -wolfhound/SM -wolfish -wolfram/M -wolverine/SM -wolves -woman/M -womanhood/M -womanish -womanize/DRSZG -womanizer/M -womankind/M -womanlike/M -womanliness/M -womanly/RPT -womb/MS -wombat/MS -womble/S -women/M -womenfolk/SM -womenfolks/M -won't -won/M -wonder/MDGLS -wonderful/YP -wonderfulness/M -wondering/Y -wonderland/MS -wonderment/M -wondrous/Y -wonk/MS -wonky/TR -wont/MD -wonted/U -woo/SZGDR -wood/MDNSG -woodbine/M -woodblock/MS -woodcarver/MS -woodcarving/SM -woodchuck/MS -woodcock/SM -woodcraft/M -woodcut/SM -woodcutter/SM -woodcutting/M -wooden/RYTP -woodenness/M -woodiness/M -woodland/SM -woodlice -woodlot/SM -woodlouse -woodman/M -woodmen -woodpecker/MS -woodpile/SM -woods/M -woodshed/SM -woodsiness/M -woodsman/M -woodsmen -woodsy/RTP -woodwind/MS -woodwork/MRZG -woodworker/M -woodworking/M -woodworm/S -woody/TPRSM -wooer/M -woof/MDRSZG -woofer/M -wool/MNX -woolen/M -woolgathering/M -wooliness -woolliness/M -woolly/RSMPT -woozily -wooziness/M -woozy/TRP -wop/S! -word's -word/ADSG -wordage/M -wordbook/SM -wordily -wordiness/M -wording/SM -wordless/Y -wordplay/M -wordsmith -wordsmiths -wordy/TPR -wore -work's -work/ADJSG -workable/U -workaday -workaholic/SM -workaround/S -workbasket/S -workbench/MS -workbook/MS -workday/SM -worker/MS -workfare/M -workflow/MS -workforce/M -workhorse/SM -workhouse/SM -working's -workingman/M -workingmen -workings/M -workingwoman/M -workingwomen -workload/MS -workman/M -workmanlike -workmanship/M -workmate/S -workmen -workout/SM -workplace/MS -workroom/MS -works/M -worksheet/MS -workshop/MS -workshy -worksite/S -workspace -workstation/MS -worktable/MS -worktop/S -workup/MS -workweek/SM -world/SM -worldlier -worldliness/UM -worldly/UTP -worldview/SM -worldwide -worm/MDSG -wormhole/MS -wormwood/M -wormy/TR -worn/U -worried/Y -worrier/M -worriment/M -worrisome -worry/ZGDRSMJ -worrying/Y -worrywart/SM -worse/M -worsen/DSG -worship/ZGSMDR -worshiper/M -worshipful -worst/SGMD -worsted/M -wort/M -worth/M -worthies -worthily/U -worthiness/UM -worthless/PY -worthlessness/M -worthwhile -worthy's -worthy/UPRT -wot -wotcha -would've -would/S -wouldn't -wouldst -wound/SGMDR -wove/A -woven/AU -wow/SGMD -wpm -wrack/GSMD -wraith/M -wraiths -wrangle/DRSMZGJ -wrangler/M -wrap's -wrap/US -wraparound/SM -wrapped/U -wrapper/SM -wrapping/MS -wrasse/MS -wrath/M -wrathful/Y -wreak/SGD -wreath/MDSG -wreathe -wreaths -wreck/SZGMDR -wreckage/M -wrecker/M -wren/MS -wrench/MDSG -wrest/SGMD -wrestle/MZGDRS -wrestler/M -wrestling/M -wretch/MS -wretched/TPRY -wretchedness/M -wriggle/MZGDRS -wriggler/M -wriggly -wright/MS -wring/SZGMR -wringer/M -wrinkle/MGDS -wrinkled/U -wrinkly/TRSM -wrist/SM -wristband/MS -wristwatch/MS -writ/MRBJSZG -write/S -writer/M -writhe/MGDS -writing/M -written/AU -wrong/STGMPDRY -wrongdoer/SM -wrongdoing/SM -wrongful/PY -wrongfulness/M -wrongheaded/YP -wrongheadedness/M -wrongness/M -wrote/A -wroth -wrought -wrung -wry/Y -wryer -wryest -wryness/M -wt -wunderkind/S -wurst/SM -wuss/MS -wussy/RSMT -x -xci -xcii -xciv -xcix -xcvi -xcvii -xenon/M -xenophobe/MS -xenophobia/M -xenophobic -xerographic -xerography/M -xerox/MDSG -xi/SM -xii -xiii -xiv -xix -xor -xref/S -xterm/M -xv -xvi -xvii -xviii -xx -xxi -xxii -xxiii -xxiv -xxix -xxv -xxvi -xxvii -xxviii -xxx -xxxi -xxxii -xxxiii -xxxiv -xxxix -xxxv -xxxvi -xxxvii -xxxviii -xylem/M -xylene -xylophone/SM -xylophonist/MS -y'all -y/F -ya -yacht/SMDG -yachting/M -yachtsman/M -yachtsmen -yachtswoman/M -yachtswomen -yahoo/SM -yak/SM -yakked -yakking -yam/SM -yammer/SZGMDR -yammerer/M -yang/M -yank/MDSG -yap/SM -yapped -yapping -yard/MS -yardage/MS -yardarm/MS -yardman/M -yardmaster/MS -yardmen -yardstick/MS -yarmulke/SM -yarn/MS -yarrow/M -yashmak/S -yaw/SGMD -yawl/MS -yawn/MDRSZG -yawner/M -yaws/M -yd -ye/RST -yea/SM -yeah/M -yeahs -year/MYS -yearbook/MS -yearling/MS -yearlong -yearly/SM -yearn/GSJD -yearning/M -yeast/SM -yeasty/RT -yegg/MS -yell/MDSG -yellow/MDRTGPS -yellowhammer/S -yellowish -yellowness/M -yellowy -yelp/MDSG -yen/SM -yeoman/M -yeomanry/M -yeomen -yep/SM -yes/MS -yeshiva/SM -yessed -yessing -yesterday/MS -yesteryear/M -yet -yeti/MS -yew/SM -yid/S -yield/JSGMD -yikes -yin/M -yip/SM -yipe -yipped -yippee -yipping -yo -yob/S -yobbo/S -yodel/SMDRZG -yodeler/M -yoga/M -yogi/MS -yogic -yogurt/SM -yoke's -yoke/UGDS -yokel/SM -yolk/MDS -yon -yonder -yonks -yore/M -you'd -you'll -you're -you've -you/SMH -young/TMR -youngish -youngster/MS -your/S -yourself -yourselves -youth/M -youthful/YP -youthfulness/M -youths -yow -yowl/MDSG -yr/S -ytterbium/M -yttrium/M -yuan/M -yucca/SM -yuck -yucky/TR -yuk/SM -yukked -yukking -yukky -yule/M -yuletide/M -yum -yummy/TR -yup/SM -yuppie/MS -yuppify/GDS -yurt/MS -z/DNXTGJ -zaniness/M -zany/RSMPT -zap/SM -zapped -zapper/MS -zapping -zappy -zeal/M -zealot/MS -zealotry/M -zealous/YP -zealousness/M -zebra/SM -zebu/MS -zed/SM -zeitgeist/SM -zenith/M -zeniths -zenned -zeolite/S -zephyr/MS -zeppelin/MS -zero/MDHSG -zeroes -zest/MS -zestful/YP -zestfulness/M -zesty/RT -zeta/MS -zigzag/SM -zigzagged -zigzagging -zilch/M -zillion/MS -zinc/MS -zincked -zincking -zine/S -zinfandel/M -zing/MDRZG -zinger/M -zingy/RT -zinnia/MS -zip's -zip/US -zipped/U -zipper/MDGS -zipping/U -zippy/TR -zircon/MS -zirconium/M -zit/SM -zither/MS -zloty/SM -zlotys -zodiac/MS -zodiacal -zombie/MS -zonal/Y -zone's -zone/AGDS -zoning/M -zonked -zoo/SM -zookeeper/SM -zoological/Y -zoologist/SM -zoology/M -zoom/MDSG -zoophyte/SM -zoophytic -zooplankton -zorch -zoster -zounds -zucchini/MS -zwieback/M -zydeco/M -zygote/SM -zygotic -zymurgy/M diff --git a/csaf-validator-lib/tests/informativeTest_6_3_8.js b/csaf-validator-lib/tests/informativeTest_6_3_8.js deleted file mode 100644 index 09ccfcc..0000000 --- a/csaf-validator-lib/tests/informativeTest_6_3_8.js +++ /dev/null @@ -1,128 +0,0 @@ -import { expect } from 'chai' -import informativeTest_6_3_8 from '../lib/informativeTests/informativeTest_6_3_8.js' -import minimalDoc from './shared/shared/minimalDoc.js' -import csaf_2_0 from '../lib/schemaTests/csaf_2_0.js' - -const validMarker = 'Mocked as Valid' - -const documentValidBase = { - document: { - ...minimalDoc.document, - notes: [ - { - category: 'summary', - text: validMarker, - }, - ], - publisher: { - category: 'other', - name: 'Example PUB ' + validMarker, - namespace: 'https://example.com', - }, - references: [ - { - category: 'self', - summary: 'A non-canonical URL. ' + validMarker, - url: 'https://example.com/security/data/csaf/2021/my-thing-_10.json', - }, - ], - title: 'Title ' + validMarker, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - number: '1', - date: '2021-01-14T00:00:00.000Z', - summary: 'Summary ' + validMarker, - }, - ], - }, - }, -} - -/** - * @param {object} params - * @param {string} params.input - * @returns - */ -async function runHunspellMock({ input }) { - if (input.includes(validMarker)) { - return 'Hunspell vMOCK\n\n*' - } else { - return 'Hunspell vMOCK\n\n# wrongword 1' - } -} - -describe('Informative test 6.3.8', function () { - const csafWithInvalidTitle = { - document: { - ...documentValidBase.document, - title: 'Mock as invalid', - }, - } - - const csafWithInvalidProductName = { - document: { - ...documentValidBase.document, - }, - product_tree: { - branches: [ - { - branches: [ - { - branches: [ - { - category: 'product_name', - name: 'Mocked as Invalid', - product: { - name: validMarker, - product_id: '7Client-7.6', - product_identification_helper: { - cpe: 'cpe:/o:redhat:enterprise_linux:7::client', - }, - }, - }, - ], - category: 'product_family', - name: validMarker, - }, - ], - category: 'vendor', - name: validMarker, - }, - ], - }, - } - - describe('failing examples', function () { - it('test invalid title', async function () { - expect(csaf_2_0(csafWithInvalidTitle).isValid).to.true - const result = await informativeTest_6_3_8(csafWithInvalidTitle, { - hunspell: runHunspellMock, - }) - expect(result.infos.length).to.equal(1) - expect(result.infos[0].instancePath).to.equal('/document/title') - }) - - it('test invalid product name in branch', async function () { - expect(csaf_2_0(csafWithInvalidProductName).isValid).to.true - const result = await informativeTest_6_3_8(csafWithInvalidProductName, { - hunspell: runHunspellMock, - }) - expect(result.infos.length).to.equal(1) - expect(result.infos[0].instancePath).to.equal( - '/product_tree/branches/0/branches/0/branches/0/name' - ) - }) - }) - - describe('valid examples', function () { - it('test valid csaf', async function () { - expect(csaf_2_0(documentValidBase).isValid).to.true - const result = await informativeTest_6_3_8(documentValidBase, { - hunspell: runHunspellMock, - }) - expect(result.infos.length).to.equal(0) - }) - }) -}) diff --git a/csaf-validator-lib/tests/informativeTest_6_3_9.js b/csaf-validator-lib/tests/informativeTest_6_3_9.js deleted file mode 100644 index f825a3e..0000000 --- a/csaf-validator-lib/tests/informativeTest_6_3_9.js +++ /dev/null @@ -1,45 +0,0 @@ -import { expect } from 'chai' -import informativeTest_6_3_9 from '../lib/informativeTests/informativeTest_6_3_9.js' -import readExampleFiles from './shared/readExampleFiles.js' - -const failingExamples = await readExampleFiles( - new URL('informativeTest_6_3_9/failing', import.meta.url) -) -const validExamples = await readExampleFiles( - new URL('informativeTest_6_3_9/valid', import.meta.url) -) - -describe('Informative test 6.3.9', function () { - describe('failing examples', function () { - const expectedErrorCounts = new Map([ - ['oasis_csaf_tc-csaf_2_0-2021-6-3-09-01.json', 1], - ['oasis_csaf_tc-csaf_2_0-2021-6-3-09-02.json', 2], - ['oasis_csaf_tc-csaf_2_0-2021-6-3-09-03.json', 4], - ['oasis_csaf_tc-csaf_2_0-2021-6-3-09-04.json', 2], - ['oasis_csaf_tc-csaf_2_0-2021-6-3-09-05.json', 2], - ['oasis_csaf_tc-csaf_2_0-2021-6-3-09-06.json', 6], - ]) - - for (const [title, failingExample] of failingExamples) { - it(title, function () { - const result = informativeTest_6_3_9(failingExample) - - expect(result.infos.length).to.be.greaterThan(0) - - if (expectedErrorCounts.has(title)) { - expect(result.infos.length).to.equal(expectedErrorCounts.get(title)) - } - }) - } - }) - - describe('valid examples', function () { - for (const [title, validExample] of validExamples) { - it(title, function () { - const result = informativeTest_6_3_9(validExample) - - expect(result.infos.length).to.equal(0) - }) - } - }) -}) diff --git a/csaf-validator-lib/tests/informativeTest_6_3_9/failing/failing-02.json b/csaf-validator-lib/tests/informativeTest_6_3_9/failing/failing-02.json deleted file mode 100644 index 90423e0..0000000 --- a/csaf-validator-lib/tests/informativeTest_6_3_9/failing/failing-02.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Informative test: Branch Categories (failing example 1)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-01", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_version", - "name": "Product A", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "patch_level", - "name": "91", - "product": { - "product_id": "CSAFPID-0002", - "name": "Example Company Product A Update 91" - } - } - ] - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-01.json b/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-01.json deleted file mode 100644 index b1f1dd0..0000000 --- a/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-01.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Informative test: Branch Categories (failing example 1)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-01", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "patch_level", - "name": "91", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company Product A Update 91" - } - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-02.json b/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-02.json deleted file mode 100644 index 5f3b0c8..0000000 --- a/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-02.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Informative test: Branch Categories (failing example 2)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-02", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "product_family", - "name": "Example Company", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "product_version", - "name": "91", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company Product A 91" - } - }, - { - "category": "product_version", - "name": "92", - "product": { - "product_id": "CSAFPID-9080701", - "name": "Example Company Product A 92" - } - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-03.json b/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-03.json deleted file mode 100644 index 340b41c..0000000 --- a/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-03.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Informative test: Branch Categories (failing example 3)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-03", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "product_family", - "name": "Example Company", - "branches": [ - { - "category": "product_version", - "name": "91", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company Product A 91" - } - }, - { - "category": "product_name", - "name": "Product B", - "product": { - "product_id": "CSAFPID-9080701", - "name": "Example Company Product B 91" - } - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-04.json b/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-04.json deleted file mode 100644 index 0c4a6a6..0000000 --- a/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-04.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Informative test: Branch Categories (failing example 4)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-04", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_version", - "name": "91", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company Product A 91" - } - }, - { - "category": "product_name", - "name": "Product B", - "product": { - "product_id": "CSAFPID-9080701", - "name": "Example Company Product B 91" - } - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-05.json b/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-05.json deleted file mode 100644 index 40115ef..0000000 --- a/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-05.json +++ /dev/null @@ -1,100 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Informative test: Branch Categories (failing example 5)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-05", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "host_name", - "name": "unknown-host", - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_version", - "name": "91", - "branches": [ - { - "category": "language", - "name": "XYZ", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "architecture", - "name": "x86", - "branches": [ - { - "category": "service_pack", - "name": "1", - "branches": [ - { - "category": "patch_level", - "name": "104", - "product": { - "product_id": "CSAFPID-9080700", - "name": "unknown-host Example Company XYZ Product A x86 Version 91 SP1 Update 104" - } - } - ] - } - ] - }, - { - "category": "architecture", - "name": "amd64", - "branches": [ - { - "category": "service_pack", - "name": "1", - "branches": [ - { - "category": "patch_level", - "name": "104", - "product": { - "product_id": "CSAFPID-9080701", - "name": "unknown-host Example Company XYZ Product A amd64 Version 91 SP1 Update 104" - } - } - ] - } - ] - } - ] - } - ] - } - ] - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-06.json b/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-06.json deleted file mode 100644 index d8d3e62..0000000 --- a/csaf-validator-lib/tests/informativeTest_6_3_9/failing/oasis_csaf_tc-csaf_2_0-2021-6-3-09-06.json +++ /dev/null @@ -1,70 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Informative test: Branch Categories (failing example 6)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-06", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "host_name", - "name": "unknown-hostname", - "branches": [ - { - "category": "architecture", - "name": "x86", - "branches": [ - { - "category": "language", - "name": "XYZ", - "product": { - "product_id": "CSAFPID-9080700", - "name": "unknown-hostname x86 XYZ" - } - } - ] - }, - { - "category": "architecture", - "name": "amd64", - "branches": [ - { - "category": "service_pack", - "name": "1", - "branches": [ - { - "category": "patch_level", - "name": "104", - "product": { - "product_id": "CSAFPID-9080701", - "name": "unknown-hostname amd64 SP1 Update 104" - } - } - ] - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/informativeTest_6_3_9/valid/oasis_csaf_tc-csaf_2_0-2021-6-3-09-11.json b/csaf-validator-lib/tests/informativeTest_6_3_9/valid/oasis_csaf_tc-csaf_2_0-2021-6-3-09-11.json deleted file mode 100644 index b7d21c4..0000000 --- a/csaf-validator-lib/tests/informativeTest_6_3_9/valid/oasis_csaf_tc-csaf_2_0-2021-6-3-09-11.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Informative test: Branch Categories (valid example 1)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-11", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "product_version", - "name": "91", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company Product A 91" - } - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/informativeTest_6_3_9/valid/oasis_csaf_tc-csaf_2_0-2021-6-3-09-12.json b/csaf-validator-lib/tests/informativeTest_6_3_9/valid/oasis_csaf_tc-csaf_2_0-2021-6-3-09-12.json deleted file mode 100644 index a7f310f..0000000 --- a/csaf-validator-lib/tests/informativeTest_6_3_9/valid/oasis_csaf_tc-csaf_2_0-2021-6-3-09-12.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Informative test: Branch Categories (valid example 2)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-12", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_family", - "name": "ABC Products", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "product_version", - "name": "91", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company ABC Products Product A 91" - } - }, - { - "category": "product_version", - "name": "92", - "product": { - "product_id": "CSAFPID-9080701", - "name": "Example Company ABC Products Product A 92" - } - } - ] - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/informativeTest_6_3_9/valid/oasis_csaf_tc-csaf_2_0-2021-6-3-09-13.json b/csaf-validator-lib/tests/informativeTest_6_3_9/valid/oasis_csaf_tc-csaf_2_0-2021-6-3-09-13.json deleted file mode 100644 index 4426ee4..0000000 --- a/csaf-validator-lib/tests/informativeTest_6_3_9/valid/oasis_csaf_tc-csaf_2_0-2021-6-3-09-13.json +++ /dev/null @@ -1,70 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Informative test: Branch Categories (valid example 3)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-13", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_family", - "name": "ABC Products", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "product_version", - "name": "91", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company ABC Products Product A 91" - } - } - ] - }, - { - "category": "product_name", - "name": "Product B", - "branches": [ - { - "category": "product_version", - "name": "91", - "product": { - "product_id": "CSAFPID-9080701", - "name": "Example Company ABC Products Product B 91" - } - } - ] - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/informativeTest_6_3_9/valid/oasis_csaf_tc-csaf_2_0-2021-6-3-09-14.json b/csaf-validator-lib/tests/informativeTest_6_3_9/valid/oasis_csaf_tc-csaf_2_0-2021-6-3-09-14.json deleted file mode 100644 index c9c818d..0000000 --- a/csaf-validator-lib/tests/informativeTest_6_3_9/valid/oasis_csaf_tc-csaf_2_0-2021-6-3-09-14.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Informative test: Branch Categories (valid example 4)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-14", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "product_version", - "name": "91", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company Product A 91" - } - } - ] - }, - { - "category": "product_name", - "name": "Product B", - "branches": [ - { - "category": "product_version", - "name": "91", - "product": { - "product_id": "CSAFPID-9080701", - "name": "Example Company Product B 91" - } - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/informativeTest_6_3_9/valid/oasis_csaf_tc-csaf_2_0-2021-6-3-09-15.json b/csaf-validator-lib/tests/informativeTest_6_3_9/valid/oasis_csaf_tc-csaf_2_0-2021-6-3-09-15.json deleted file mode 100644 index dab25e8..0000000 --- a/csaf-validator-lib/tests/informativeTest_6_3_9/valid/oasis_csaf_tc-csaf_2_0-2021-6-3-09-15.json +++ /dev/null @@ -1,112 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Informative test: Branch Categories (valid example 5)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-15", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "host_name", - "name": "unknown-host", - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_family", - "name": "ABC Products", - "branches": [ - { - "category": "language", - "name": "XYZ", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "architecture", - "name": "x86", - "branches": [ - { - "category": "product_version", - "name": "91", - "branches": [ - { - "category": "service_pack", - "name": "1", - "branches": [ - { - "category": "patch_level", - "name": "104", - "product": { - "product_id": "CSAFPID-9080700", - "name": "unknown-host Example Company ABC Products XYZ Product A x86 Version 91 SP1 Update 104" - } - } - ] - } - ] - } - ] - }, - { - "category": "architecture", - "name": "amd64", - "branches": [ - { - "category": "product_version", - "name": "91", - "branches": [ - { - "category": "service_pack", - "name": "1", - "branches": [ - { - "category": "patch_level", - "name": "104", - "product": { - "product_id": "CSAFPID-9080701", - "name": "unknown-host Example Company ABC Products XYZ Product A amd64 Version 91 SP1 Update 104" - } - } - ] - } - ] - } - ] - } - ] - } - ] - } - ] - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/informativeTest_6_3_9/valid/valid-01.json b/csaf-validator-lib/tests/informativeTest_6_3_9/valid/valid-01.json deleted file mode 100644 index 4fd6409..0000000 --- a/csaf-validator-lib/tests/informativeTest_6_3_9/valid/valid-01.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Informative test: Branch Categories (failing example 1)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-01", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "product_version", - "name": "Product A", - "branches": [ - { - "category": "patch_level", - "name": "91", - "product": { - "product_id": "CSAFPID-0002", - "name": "Example Company Product A Update 91" - } - } - ] - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/languageSpecificTranslation.js b/csaf-validator-lib/tests/languageSpecificTranslation.js deleted file mode 100644 index 83154a2..0000000 --- a/csaf-validator-lib/tests/languageSpecificTranslation.js +++ /dev/null @@ -1,39 +0,0 @@ -import { getTranslationInMap } from '../lib/shared/languageSpecificTranslation.js' -import { expect } from 'chai' - -describe('test language specific translation', function () { - it('test getTranslationInMap', function () { - const translationMaps = new Map([ - ['de', new Map([['I18nTestKey', 'translationDe']])], - ['de-AT', new Map([['I18nTestKey', 'translationAT']])], - ['en', new Map([['I18nTestKey', 'translationEn']])], - ['zh-Hans-CN', new Map([['I18nTestKey', 'translationZh-Hans-CN']])], - ['sr', new Map([['I18nTestKey', 'translationSr']])], - ]) - - expect( - getTranslationInMap('de', 'I18nTestKey', translationMaps), - 'Translate language code de' - ).to.equal('translationDe') - expect( - getTranslationInMap('de-AT', 'I18nTestKey', translationMaps), - 'Translate language and region code' - ).to.equal('translationAT') - expect( - getTranslationInMap('en', 'I18nTestKey', translationMaps), - 'Translate language code en' - ).to.equal('translationEn') - expect( - getTranslationInMap('en-US', 'I18nTestKey', translationMaps), - 'Fallback to language code en on region us' - ).to.equal('translationEn') - expect( - getTranslationInMap('zh-Hans-CN', 'I18nTestKey', translationMaps), - 'Translate language, region and script code' - ).to.equal('translationZh-Hans-CN') - expect( - getTranslationInMap('sr-Cyrl-RS', 'I18nTestKey', translationMaps), - 'Fallback to language code en on region an sript code' - ).to.equal('translationSr') - }) -}) diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_16.js b/csaf-validator-lib/tests/mandatoryTest_6_1_16.js deleted file mode 100644 index 4824ddf..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_16.js +++ /dev/null @@ -1,33 +0,0 @@ -import { expect } from 'chai' -import { mandatoryTest_6_1_16 } from '../mandatoryTests.js' -import readExampleFiles from './shared/readExampleFiles.js' - -const failingExamples = await readExampleFiles( - new URL('mandatoryTest_6_1_16/failing', import.meta.url) -) - -const validExamples = await readExampleFiles( - new URL('mandatoryTest_6_1_16/valid', import.meta.url) -) - -describe('Mandatory test 6.1.16', function () { - describe('failing examples', function () { - for (const [title, failingExample] of failingExamples) { - it(title, async function () { - const result = await mandatoryTest_6_1_16(failingExample) - - expect(result.errors).to.have.length.greaterThan(0) - }) - } - }) - - describe('valid examples', function () { - for (const [title, validExample] of validExamples) { - it(title, async function () { - const result = await mandatoryTest_6_1_16(validExample) - - expect(result.errors).to.haveOwnProperty('length', 0) - }) - } - }) -}) diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_16/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-16-01.json b/csaf-validator-lib/tests/mandatoryTest_6_1_16/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-16-01.json deleted file mode 100644 index b6dfc28..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_16/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-16-01.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Latest Document Version (failing example 1)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-01", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T09:00:00.000Z", - "number": "1", - "summary": "Initial version." - }, - { - "date": "2021-07-21T10:00:00.000Z", - "number": "2", - "summary": "Second version." - } - ], - "status": "final", - "version": "1" - } - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_16/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-16-11.json b/csaf-validator-lib/tests/mandatoryTest_6_1_16/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-16-11.json deleted file mode 100644 index 50e35fd..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_16/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-16-11.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Latest Document Version (valid example 1)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-11", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T09:00:00.000Z", - "number": "1.0.0", - "summary": "Initial version." - }, - { - "date": "2021-07-21T10:00:00.000Z", - "number": "2.0.0", - "summary": "Second version." - } - ], - "status": "final", - "version": "2.0.0" - } - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_16/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-16-12.json b/csaf-validator-lib/tests/mandatoryTest_6_1_16/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-16-12.json deleted file mode 100644 index 959a5bc..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_16/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-16-12.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Latest Document Version (valid example 2)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-12", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T09:00:00.000Z", - "number": "1.0.0", - "summary": "Initial version." - }, - { - "date": "2021-07-21T10:00:00.000Z", - "number": "2.0.0", - "summary": "Second version." - } - ], - "status": "final", - "version": "2.0.0+21AF26D3" - } - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_16/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-16-13.json b/csaf-validator-lib/tests/mandatoryTest_6_1_16/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-16-13.json deleted file mode 100644 index b8dfb8a..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_16/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-16-13.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Latest Document Version (valid example 3)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-13", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T09:00:00.000Z", - "number": "1.0.0", - "summary": "Initial version." - }, - { - "date": "2021-07-21T10:00:00.000Z", - "number": "2.0.0+143D5", - "summary": "Second version." - } - ], - "status": "final", - "version": "2.0.0+21AF26D3" - } - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_16/valid/valid-01.json b/csaf-validator-lib/tests/mandatoryTest_6_1_16/valid/valid-01.json deleted file mode 100644 index 6c7a676..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_16/valid/valid-01.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "discoverer", - "name": "test", - "namespace": "http://example.test" - }, - "title": "test_1", - "tracking": { - "current_release_date": "2022-01-01T00:00:00.000Z", - "id": "111", - "initial_release_date": "2022-01-01T00:00:00.000Z", - "revision_history": [ - { - "date": "2022-01-01T00:00:00.000Z", - "number": "1.0.0", - "summary": "\"Initial Publication\"" - }, - { - "date": "2022-01-01T00:00:00.001Z", - "number": "1.0.1-1.0", - "summary": "New Version" - } - ], - "status": "draft", - "version": "1.0.1-1.0" - } - } -} diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_24.js b/csaf-validator-lib/tests/mandatoryTest_6_1_24.js deleted file mode 100644 index 154cc43..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_24.js +++ /dev/null @@ -1,33 +0,0 @@ -import { expect } from 'chai' -import { mandatoryTest_6_1_24 } from '../mandatoryTests.js' -import readExampleFiles from './shared/readExampleFiles.js' - -const failingExamples = await readExampleFiles( - new URL('mandatoryTest_6_1_24/failing', import.meta.url) -) - -const validExamples = await readExampleFiles( - new URL('mandatoryTest_6_1_24/valid', import.meta.url) -) - -describe('Mandatory test 6.1.24', function () { - describe('failing examples', function () { - for (const [title, failingExample] of failingExamples) { - it(title, async function () { - const result = await mandatoryTest_6_1_24(failingExample) - - expect(result.errors).to.have.length.greaterThan(0) - }) - } - }) - - describe('valid examples', function () { - for (const [title, validExample] of validExamples) { - it(title, async function () { - const result = await mandatoryTest_6_1_24(validExample) - - expect(result.errors).to.haveOwnProperty('length', 0) - }) - } - }) -}) diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_24/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-24-01.json b/csaf-validator-lib/tests/mandatoryTest_6_1_24/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-24-01.json deleted file mode 100644 index b492a59..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_24/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-24-01.json +++ /dev/null @@ -1,43 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Multiple Definition in Involvements (failing example 1)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-24-01", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "vulnerabilities": [ - { - "involvements": [ - { - "date": "2021-04-23T10:00:00.000Z", - "party": "vendor", - "status": "completed" - }, - { - "date": "2021-04-23T10:00:00.000Z", - "party": "vendor", - "status": "in_progress", - "summary": "The vendor has released a mitigation and is working to fully resolve the issue." - } - ] - } - ] -} diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_24/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-24-02.json b/csaf-validator-lib/tests/mandatoryTest_6_1_24/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-24-02.json deleted file mode 100644 index 5136245..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_24/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-24-02.json +++ /dev/null @@ -1,43 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Multiple Definition in Involvements (failing example 2)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-24-02", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "vulnerabilities": [ - { - "involvements": [ - { - "date": "2021-04-23T10:00:00.000Z", - "party": "vendor", - "status": "in_progress" - }, - { - "date": "2021-04-23T10:00:00.000Z", - "party": "vendor", - "status": "in_progress", - "summary": "The vendor has released a mitigation and is working to fully resolve the issue." - } - ] - } - ] -} diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_24/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-24-11.json b/csaf-validator-lib/tests/mandatoryTest_6_1_24/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-24-11.json deleted file mode 100644 index 2140c98..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_24/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-24-11.json +++ /dev/null @@ -1,47 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Multiple Definition in Involvements (valid example 1)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-24-11", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "vulnerabilities": [ - { - "involvements": [ - { - "date": "2021-04-23T10:00:00.000Z", - "party": "vendor", - "status": "completed" - } - ] - }, - { - "involvements": [ - { - "date": "2021-04-23T10:00:00.000Z", - "party": "vendor", - "status": "in_progress", - "summary": "The vendor has released a mitigation and is working to fully resolve the issue." - } - ] - } - ] -} diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_24/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-24-12.json b/csaf-validator-lib/tests/mandatoryTest_6_1_24/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-24-12.json deleted file mode 100644 index 950e410..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_24/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-24-12.json +++ /dev/null @@ -1,47 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Multiple Definition in Involvements (valid example 2)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-24-12", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "vulnerabilities": [ - { - "involvements": [ - { - "date": "2021-04-23T10:00:00.000Z", - "party": "vendor", - "status": "in_progress" - } - ] - }, - { - "involvements": [ - { - "date": "2021-04-23T10:00:00.000Z", - "party": "vendor", - "status": "in_progress", - "summary": "The vendor has released a mitigation and is working to fully resolve the issue." - } - ] - } - ] -} diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_3.js b/csaf-validator-lib/tests/mandatoryTest_6_1_3.js deleted file mode 100644 index 75dba3f..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_3.js +++ /dev/null @@ -1,19 +0,0 @@ -import { expect } from 'chai' -import mandatoryTest_6_1_3 from '../lib/mandatoryTests/mandatoryTest_6_1_3.js' -import readExampleFiles from './shared/readExampleFiles.js' - -const validExamples = await readExampleFiles( - new URL('mandatoryTest_6_1_3/valid', import.meta.url) -) - -describe('Mandatory test 6.1.3', function () { - describe('valid examples', function () { - for (const [title, validExample] of validExamples) { - it(title, function () { - const result = mandatoryTest_6_1_3(validExample) - - expect(result.errors.length).to.equal(0) - }) - } - }) -}) diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_3/valid/empty-relationships.json b/csaf-validator-lib/tests/mandatoryTest_6_1_3/valid/empty-relationships.json deleted file mode 100644 index d683945..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_3/valid/empty-relationships.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "document": { - "category": "", - "csaf_version": "2.0", - "publisher": { - "category": "", - "name": "", - "namespace": "" - }, - "title": "", - "tracking": { - "current_release_date": "", - "id": "", - "initial_release_date": "", - "revision_history": [ - { - "date": "", - "number": "", - "summary": "" - } - ], - "status": "", - "version": "", - "generator": { - "date": "2022-12-09T10:08:33.146Z", - "engine": { - "version": "2.0.0-132-g5e5edf38", - "name": "Secvisogram" - } - } - } - }, - "product_tree": { - "full_product_names": [ - { - "product_id": "CSAFPID-9080700", - "name": "Product A" - } - ], - "relationships": [{}] - } -} diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_30.js b/csaf-validator-lib/tests/mandatoryTest_6_1_30.js deleted file mode 100644 index 09cd47a..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_30.js +++ /dev/null @@ -1,49 +0,0 @@ -import minimalDoc from './shared/minimalCSAFBaseDoc.js' - -import { expect } from 'chai' -import { mandatoryTest_6_1_30 } from '../mandatoryTests.js' - -describe('Mandatory test 6.1.30', function () { - it('should allow valid doc', function () { - const result = mandatoryTest_6_1_30(minimalDoc) - expect(result.errors).to.have.lengthOf(0) - }) - - it('should fail on mixed integer and semantic versioning', function () { - const result = mandatoryTest_6_1_30({ - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [ - { - date: '2021-07-21T09:00:00.000Z', - number: '2.0.0', - summary: 'Initial version.', - }, - ], - version: '2', - }, - }, - }) - - expect(result.errors).to.have.lengthOf(1) - }) - - it('allows an empty revision_history', function () { - const result = mandatoryTest_6_1_30({ - ...minimalDoc, - document: { - ...minimalDoc.document, - tracking: { - ...minimalDoc.document.tracking, - revision_history: [], - version: '1', - }, - }, - }) - - expect(result.errors).to.have.lengthOf(0) - }) -}) diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_31.js b/csaf-validator-lib/tests/mandatoryTest_6_1_31.js deleted file mode 100644 index 05b8267..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_31.js +++ /dev/null @@ -1,33 +0,0 @@ -import { expect } from 'chai' -import { mandatoryTest_6_1_31 } from '../mandatoryTests.js' -import readExampleFiles from './shared/readExampleFiles.js' - -const failingExamples = await readExampleFiles( - new URL('mandatoryTest_6_1_31/failing', import.meta.url) -) - -const validExamples = await readExampleFiles( - new URL('mandatoryTest_6_1_31/valid', import.meta.url) -) - -describe('Mandatory test 6.1.31', function () { - describe('failing examples', function () { - for (const [title, failingExample] of failingExamples) { - it(title, async function () { - const result = await mandatoryTest_6_1_31(failingExample) - - expect(result.errors).to.have.length.greaterThan(0) - }) - } - }) - - describe('valid examples', function () { - for (const [title, validExample] of validExamples) { - it(title, async function () { - const result = await mandatoryTest_6_1_31(validExample) - - expect(result.errors).to.haveOwnProperty('length', 0) - }) - } - }) -}) diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-01.json b/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-01.json deleted file mode 100644 index 6bf84c2..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-01.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Version Range in Product Version (failing example 1)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-31-01", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "product_version", - "name": "prior to 4.2", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company Product A prior to 4.2" - } - } - ] - } - ] - } - ] - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-02.json b/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-02.json deleted file mode 100644 index b25c146..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-02.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Version Range in Product Version (failing example 2)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-31-02", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "product_version", - "name": "<4.2", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company Product A prior to 4.2" - } - } - ] - } - ] - } - ] - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-03.json b/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-03.json deleted file mode 100644 index 30ff0be..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-03.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Version Range in Product Version (failing example 3)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-31-03", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "product_version", - "name": "<=4.1", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company Product A <= 4.1" - } - } - ] - } - ] - } - ] - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-04.json b/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-04.json deleted file mode 100644 index 92a824e..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-04.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Version Range in Product Version (failing example 4)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-31-04", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "product_version", - "name": "<= 4.1", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company Product A <= 4.1" - } - } - ] - } - ] - } - ] - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-05.json b/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-05.json deleted file mode 100644 index 3f619b7..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-05.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Version Range in Product Version (failing example 5)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-31-05", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "product_version", - "name": "4.1 and earlier", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company Product A 4.1 and earlier" - } - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-06.json b/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-06.json deleted file mode 100644 index 593c36b..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-06.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Version Range in Product Version (failing example 6)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-31-06", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "product_version", - "name": "all", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company Product A all versions" - } - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-07.json b/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-07.json deleted file mode 100644 index 122896e..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-07.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Version Range in Product Version (failing example 7)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-31-07", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "product_version", - "name": "before 4.2", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company Product A before 4.2" - } - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-08.json b/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-08.json deleted file mode 100644 index 0d30320..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-08.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Version Range in Product Version (failing example 8)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-31-08", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "product_version", - "name": "4.2 and later", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company Product A 4.2 and later" - } - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-09.json b/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-09.json deleted file mode 100644 index 27a4ba1..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_31/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-31-09.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Version Range in Product Version (failing example 9)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-31-09", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "product_version", - "name": "3.X versions", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company Product A 3.X versions" - } - } - ] - } - ] - } - ] - } -} diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_31/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-31-11.json b/csaf-validator-lib/tests/mandatoryTest_6_1_31/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-31-11.json deleted file mode 100644 index 940837d..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_31/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-31-11.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Version Range in Product Version (valid example 1)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-31-11", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "product_version_range", - "name": "<4.2", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company Product A prior to 4.2" - } - } - ] - } - ] - } - ] - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_31/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-31-12.json b/csaf-validator-lib/tests/mandatoryTest_6_1_31/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-31-12.json deleted file mode 100644 index c5c9cb5..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_31/valid/oasis_csaf_tc-csaf_2_0-2021-6-1-31-12.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Version Range in Product Version (valid example 2)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-31-12", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "Example Company", - "branches": [ - { - "category": "product_name", - "name": "Product A", - "branches": [ - { - "category": "product_version", - "name": "after-eight", - "product": { - "product_id": "CSAFPID-9080700", - "name": "Example Company Product A after-eight" - } - } - ] - } - ] - } - ] - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_8.js b/csaf-validator-lib/tests/mandatoryTest_6_1_8.js deleted file mode 100644 index 4647c0b..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_8.js +++ /dev/null @@ -1,20 +0,0 @@ -import { expect } from 'chai' -import mandatoryTest_6_1_8 from '../lib/mandatoryTests/mandatoryTest_6_1_8.js' -import readExampleFiles from './shared/readExampleFiles.js' - -const failingExamples = await readExampleFiles( - new URL('mandatoryTest_6_1_8/failing', import.meta.url) -) - -describe('Mandatory test 6.1.8', function () { - describe('failing examples', function () { - for (const [title, failingExample] of failingExamples) { - it(title, async function () { - const result = mandatoryTest_6_1_8(failingExample) - - expect(result.isValid).to.be.false - expect(result.errors).to.have.length.greaterThan(0) - }) - } - }) -}) diff --git a/csaf-validator-lib/tests/mandatoryTest_6_1_8/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-08-01.json b/csaf-validator-lib/tests/mandatoryTest_6_1_8/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-08-01.json deleted file mode 100644 index b52addd..0000000 --- a/csaf-validator-lib/tests/mandatoryTest_6_1_8/failing/oasis_csaf_tc-csaf_2_0-2021-6-1-08-01.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Mandatory test: Invalid CVSS (failing example 1)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-01", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "full_product_names": [ - { - "product_id": "CSAFPID-9080700", - "name": "Product A" - } - ] - }, - "vulnerabilities": [ - { - "scores": [ - { - "products": [ - "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 6.5 - } - } - ] - } - ] -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/oasis.js b/csaf-validator-lib/tests/oasis.js deleted file mode 100644 index 19f943e..0000000 --- a/csaf-validator-lib/tests/oasis.js +++ /dev/null @@ -1,146 +0,0 @@ -import { readFile } from 'fs/promises' -import * as informative from '../informativeTests.js' -import * as optional from '../optionalTests.js' -import * as mandatory from '../mandatoryTests.js' -import { expect } from 'chai' -import { readFileSync } from 'fs' - -/** @typedef {import('../lib/shared/types.js').DocumentTest} DocumentTest */ - -/** @typedef {Map} TestMap */ - -/** - * @typedef {object} TestCases - * @property {TestCase[]} tests - */ - -/** - * @typedef {object} TestCase - * @property {string} id - * @property {string} group - * @property {TestSpec[]} [failures] - * @property {TestSpec[]} [valid] - */ - -/** - * @typedef {object} TestSpec - * @property {string} name - * @property {boolean} valid - */ - -const tests = new Map([ - [ - 'informative', - /** @type {TestMap} */ (new Map(Object.entries(informative))), - ], - ['optional', /** @type {TestMap} */ (new Map(Object.entries(optional)))], - ['mandatory', /** @type {TestMap} */ (new Map(Object.entries(mandatory)))], -]) - -const testDataBaseUrl = new URL( - '../csaf/csaf_2.0/test/validator/data/', - import.meta.url -) - -const testCases = /** @type {TestCases} */ ( - JSON.parse( - await readFile(new URL('testcases.json', testDataBaseUrl), 'utf-8') - ) -) - -const testMap = parseTestCases() - -describe('oasis', function () { - for (const [group, t] of testMap) { - describe(group, function () { - for (const [testId, u] of t) { - describe(testId, function () { - for (const [type, testSpecs] of u) { - describe(type, function () { - for (const testSpec of testSpecs) { - it(testSpec.name, async function () { - const test = tests - .get(group) - ?.get(`${group}Test_${testId.replace(/\./g, '_')}`) - - if (!test) - throw new Error( - `no matching test found for group=${group}, ${testId}` - ) - - const doc = JSON.parse( - readFileSync( - new URL(testSpec.name, testDataBaseUrl), - 'utf-8' - ) - ) - - const result = await test(doc) - - if (group === 'mandatory') { - expect(result.isValid).to.equal(testSpec.valid) - expect( - Boolean(result.errors?.length), - type === 'failures' - ? 'should have errors' - : `should not have errors, but had ${result.errors?.length}` - ).to.equal(type === 'failures') - } else { - expect(result.isValid === undefined).to.equal( - testSpec.valid - ) - - if (group === 'optional') { - expect( - Boolean(result.warnings?.length), - type === 'failures' - ? 'should have warnings' - : `should not have warnings, but had ${result.warnings?.length}` - ).to.equal(type === 'failures') - } else if (group === 'informative') { - expect( - Boolean(result.infos?.length), - type === 'failures' - ? 'should have infos' - : `should not have infos, but had ${result.infos?.length}` - ).to.equal(type === 'failures') - } - } - }) - } - }) - } - }) - } - }) - } -}) - -function parseTestCases() { - /** @type {Map>>} */ - const testData = new Map() - for (const test of testCases.tests) { - const valids = testData.get(test.group)?.get(test.id)?.get('valid') ?? [] - const failures = - testData.get(test.group)?.get(test.id)?.get('failures') ?? [] - - for (const valid of test.valid ?? []) { - valids.push(valid) - } - for (const failure of test.failures ?? []) { - failures.push(failure) - } - - testData.set( - test.group, - new Map(testData.get(test.group)).set( - test.id, - new Map(testData.get(test.group)?.get(test.id)) - .set('valid', valids) - .set('failures', failures) - ) - ) - } - - return testData -} diff --git a/csaf-validator-lib/tests/optionalTest_6_2_14.js b/csaf-validator-lib/tests/optionalTest_6_2_14.js deleted file mode 100644 index b18a141..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_14.js +++ /dev/null @@ -1,33 +0,0 @@ -import { expect } from 'chai' -import { optionalTest_6_2_14 } from '../optionalTests.js' -import readExampleFiles from './shared/readExampleFiles.js' - -const failingExamples = await readExampleFiles( - new URL('optionalTest_6_2_14/failing', import.meta.url) -) - -const validExamples = await readExampleFiles( - new URL('optionalTest_6_2_14/valid', import.meta.url) -) - -describe('Optional test 6.2.14', function () { - describe('failing examples', function () { - for (const [title, failingExample] of failingExamples) { - it(title, async function () { - const result = await optionalTest_6_2_14(failingExample) - - expect(result.warnings).to.have.length.greaterThan(0) - }) - } - }) - - describe('valid examples', function () { - for (const [title, validExample] of validExamples) { - it(title, async function () { - const result = await optionalTest_6_2_14(validExample) - - expect(result.warnings).to.haveOwnProperty('length', 0) - }) - } - }) -}) diff --git a/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-01.json b/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-01.json deleted file mode 100644 index d85b0b3..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-01.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "lang": "qtx", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: Use of Private Language (failing example 1)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-01", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-02.json b/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-02.json deleted file mode 100644 index 07fa3cd..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-02.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "lang": "en", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "source_lang": "qcb", - "title": "Optional test: Use of Private Language (failing example 2)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-02", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-03.json b/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-03.json deleted file mode 100644 index c648503..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-03.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "lang": "qdq", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "source_lang": "qcb", - "title": "Optional test: Use of Private Language (failing example 3)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-03", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-04.json b/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-04.json deleted file mode 100644 index 79b7ca4..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-04.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "lang": "en-QM", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: Use of Private Language (failing example 4)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-04", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-05.json b/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-05.json deleted file mode 100644 index 6a96c32..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-05.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "lang": "en-XP", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: Use of Private Language (failing example 5)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-05", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-06.json b/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-06.json deleted file mode 100644 index 59dd10e..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-06.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "lang": "en-Qabc", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: Use of Private Language (failing example 6)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-06", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-07.json b/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-07.json deleted file mode 100644 index d18e5a8..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-07.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "lang": "en-AA", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: Use of Private Language (failing example 7)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-07", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-08.json b/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-08.json deleted file mode 100644 index ac5d7cb..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_14/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-14-08.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "lang": "fr-ZZ", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: Use of Private Language (failing example 8)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-08", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/optionalTest_6_2_14/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-14-11.json b/csaf-validator-lib/tests/optionalTest_6_2_14/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-14-11.json deleted file mode 100644 index c23d092..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_14/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-14-11.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "lang": "en-US", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: Use of Private Language (valid example 1)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-11", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/optionalTest_6_2_14/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-14-12.json b/csaf-validator-lib/tests/optionalTest_6_2_14/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-14-12.json deleted file mode 100644 index 918df4b..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_14/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-14-12.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "lang": "en-US", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "source_lang": "de-DE", - "title": "Optional test: Use of Private Language (valid example 2)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-12", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/optionalTest_6_2_19.js b/csaf-validator-lib/tests/optionalTest_6_2_19.js deleted file mode 100644 index 767a16d..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_19.js +++ /dev/null @@ -1,238 +0,0 @@ -import { expect } from 'chai' -import optionalTest_6_2_19 from '../lib/optionalTests/optionalTest_6_2_19.js' -import readExampleFiles from './shared/readExampleFiles.js' - -const failingExamples = await readExampleFiles( - new URL('optionalTest_6_2_19/failing', import.meta.url) -) - -const validExamples = await readExampleFiles( - new URL('optionalTest_6_2_19/valid', import.meta.url) -) - -describe('Optional test 6.2.19', function () { - describe('failing examples', function () { - for (const [title, failingExample] of failingExamples) { - it(title, function () { - const result = optionalTest_6_2_19(failingExample) - - expect(result.warnings.length).to.be.greaterThan(0) - }) - } - }) - - describe('valid examples', function () { - for (const [title, validExample] of validExamples) { - it(title, function () { - const result = optionalTest_6_2_19(validExample) - - expect(result.warnings.length).to.equal(0) - }) - } - }) - - it('detects an invalid vector string based environmental score in a 2.0 vector', function () { - const result = optionalTest_6_2_19({ - vulnerabilities: [ - { - product_status: { - first_fixed: ['CSAFPID-9080700'], - }, - scores: [ - { - cvss_v2: { - baseScore: 4.3, - vectorString: - 'AV:N/AC:H/Au:M/C:P/I:P/A:P/CDP:MH/TD:M/CR:H/IR:H/AR:M', - version: '2.0', - }, - products: ['CSAFPID-9080700'], - }, - ], - }, - ], - }) - - expect(result.warnings).to.have.lengthOf(1) - }) - - it('can calculate the value based on 2.0 metrics', function () { - const result = optionalTest_6_2_19({ - vulnerabilities: [ - { - product_status: { - fixed: ['CSAFPID-9080700'], - }, - scores: [ - { - cvss_v2: { - version: '2.0', - accessVector: 'NETWORK', - accessComplexity: 'HIGH', - authentication: 'MULTIPLE', - confidentialityImpact: 'NONE', - integrityImpact: 'NONE', - availabilityImpact: 'NONE', - exploitability: 'NOT_DEFINED', - remediationLevel: 'NOT_DEFINED', - reportConfidence: 'NOT_DEFINED', - collateralDamagePotential: 'HIGH', - targetDistribution: 'MEDIUM', - confidentialityRequirement: 'HIGH', - integrityRequirement: 'HIGH', - availabilityRequirement: 'HIGH', - }, - products: ['CSAFPID-9080700'], - }, - ], - }, - ], - }) - - expect(result.warnings).to.have.lengthOf(1) - }) - - it('can calculate the value based on a 3.0 vector string', function () { - const result = optionalTest_6_2_19({ - vulnerabilities: [ - { - product_status: { - fixed: ['CSAFPID-9080700'], - }, - scores: [ - { - cvss_v3: { - baseScore: 5.7, - baseSeverity: 'MEDIUM', - vectorString: - 'CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:U/CR:L/IR:L/AR:L/MAV:P/MAC:H/MPR:H/MUI:N/MS:U/MC:N/MI:N/MA:H', - version: '3.0', - }, - products: ['CSAFPID-9080700'], - }, - ], - }, - ], - }) - - expect(result.warnings).to.have.lengthOf(1) - }) - - it('can calculate the value based on 3.0 metrics', function () { - const result = optionalTest_6_2_19({ - vulnerabilities: [ - { - product_status: { - fixed: ['CSAFPID-9080700'], - }, - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.0', - baseScore: 5.7, - baseSeverity: 'MEDIUM', - attackVector: 'NETWORK', - attackComplexity: 'HIGH', - privilegesRequired: 'HIGH', - userInteraction: 'REQUIRED', - scope: 'UNCHANGED', - confidentialityImpact: 'HIGH', - integrityImpact: 'HIGH', - availabilityImpact: 'NONE', - modifiedAvailabilityImpact: 'HIGH', - modifiedIntegrityImpact: 'NONE', - modifiedConfidentialityImpact: 'NONE', - exploitCodeMaturity: 'NOT_DEFINED', - remediationLevel: 'NOT_DEFINED', - reportConfidence: 'NOT_DEFINED', - confidentialityRequirement: 'LOW', - integrityRequirement: 'LOW', - availabilityRequirement: 'LOW', - modifiedAttackVector: 'PHYSICAL', - modifiedAttackComplexity: 'HIGH', - modifiedPrivilegesRequired: 'HIGH', - modifiedUserInteraction: 'NONE', - modifiedScope: 'UNCHANGED', - }, - }, - ], - }, - ], - }) - - expect(result.warnings).to.have.lengthOf(1) - }) - - it('can calculate the value based on a 3.1 vector string', function () { - const result = optionalTest_6_2_19({ - vulnerabilities: [ - { - product_status: { - fixed: ['CSAFPID-9080700'], - }, - scores: [ - { - cvss_v3: { - baseScore: 5.7, - baseSeverity: 'MEDIUM', - vectorString: - 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:U/CR:L/IR:L/AR:L/MAV:P/MAC:H/MPR:H/MUI:N/MS:U/MC:N/MI:N/MA:H', - version: '3.1', - }, - products: ['CSAFPID-9080700'], - }, - ], - }, - ], - }) - - expect(result.warnings).to.have.lengthOf(1) - }) - - it('can calculate the value based on 3.1 metrics', function () { - const result = optionalTest_6_2_19({ - vulnerabilities: [ - { - product_status: { - fixed: ['CSAFPID-9080700'], - }, - scores: [ - { - products: ['CSAFPID-9080700'], - cvss_v3: { - version: '3.1', - baseScore: 5.7, - baseSeverity: 'MEDIUM', - attackVector: 'NETWORK', - attackComplexity: 'HIGH', - privilegesRequired: 'HIGH', - userInteraction: 'REQUIRED', - scope: 'UNCHANGED', - confidentialityImpact: 'HIGH', - integrityImpact: 'HIGH', - availabilityImpact: 'NONE', - modifiedAvailabilityImpact: 'HIGH', - modifiedIntegrityImpact: 'NONE', - modifiedConfidentialityImpact: 'NONE', - exploitCodeMaturity: 'NOT_DEFINED', - remediationLevel: 'NOT_DEFINED', - reportConfidence: 'NOT_DEFINED', - confidentialityRequirement: 'LOW', - integrityRequirement: 'LOW', - availabilityRequirement: 'LOW', - modifiedAttackVector: 'PHYSICAL', - modifiedAttackComplexity: 'HIGH', - modifiedPrivilegesRequired: 'HIGH', - modifiedUserInteraction: 'NONE', - modifiedScope: 'UNCHANGED', - }, - }, - ], - }, - ], - }) - - expect(result.warnings).to.have.lengthOf(1) - }) -}) diff --git a/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-01.json b/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-01.json deleted file mode 100644 index de745d4..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-01.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: CVSS for Fixed Products (failing example 1)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-19-01", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "full_product_names": [ - { - "product_id": "CSAFPID-9080700", - "name": "Product A" - } - ] - }, - "vulnerabilities": [ - { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ - { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" - }, - "products": [ - "CSAFPID-9080700" - ] - } - ] - } - ] -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-02.json b/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-02.json deleted file mode 100644 index d6a9c65..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-02.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: CVSS for Fixed Products (failing example 2)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-19-02", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "full_product_names": [ - { - "product_id": "CSAFPID-9080700", - "name": "Product A" - } - ] - }, - "vulnerabilities": [ - { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ - { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "modifiedConfidentialality": "NONE", - "modifiedIntegrity": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" - }, - "products": [ - "CSAFPID-9080700" - ] - } - ] - } - ] -} diff --git a/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-03.json b/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-03.json deleted file mode 100644 index f3c4bb1..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-03.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: CVSS for Fixed Products (failing example 3)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-19-03", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "full_product_names": [ - { - "product_id": "CSAFPID-9080700", - "name": "Product A" - } - ] - }, - "vulnerabilities": [ - { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ - { - "cvss_v2": { - "baseScore": 6.8, - "targetDistribution": "LOW", - "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:C", - "version": "2.0" - }, - "products": [ - "CSAFPID-9080700" - ] - } - ] - } - ] -} diff --git a/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-04.json b/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-04.json deleted file mode 100644 index 32f88fe..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-04.json +++ /dev/null @@ -1,55 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: CVSS for Fixed Products (failing example 4)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-19-04", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "full_product_names": [ - { - "product_id": "CSAFPID-9080700", - "name": "Product A" - } - ] - }, - "vulnerabilities": [ - { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ - { - "cvss_v2": { - "baseScore": 6.8, - "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:C", - "version": "2.0" - }, - "products": [ - "CSAFPID-9080700" - ] - } - ] - } - ] -} diff --git a/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-05.json b/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-05.json deleted file mode 100644 index 642e059..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-05.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: CVSS for Fixed Products (failing example 5)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-19-05", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "full_product_names": [ - { - "product_id": "CSAFPID-9080700", - "name": "Product A" - } - ] - }, - "vulnerabilities": [ - { - "product_status": { - "first_fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ - { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - }, - "products": [ - "CSAFPID-9080700" - ] - } - ] - } - ] -} diff --git a/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-06.json b/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-06.json deleted file mode 100644 index 31aba2e..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_19/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-19-06.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: CVSS for Fixed Products (failing example 6)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-19-06", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "full_product_names": [ - { - "product_id": "CSAFPID-9080700", - "name": "Product A" - } - ] - }, - "vulnerabilities": [ - { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ - { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "modifiedConfidentialality": "NONE", - "modifiedIntegrity": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - }, - "products": [ - "CSAFPID-9080700" - ] - } - ] - } - ] -} diff --git a/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-11.json b/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-11.json deleted file mode 100644 index 67c06a1..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-11.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: CVSS for Fixed Products (valid example 1)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-19-11", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "full_product_names": [ - { - "product_id": "CSAFPID-9080700", - "name": "Product A" - } - ] - }, - "vulnerabilities": [ - { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ - { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/MC:N/MI:N/MA:N", - "version": "3.1" - }, - "products": [ - "CSAFPID-9080700" - ] - } - ] - } - ] -} diff --git a/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-12.json b/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-12.json deleted file mode 100644 index c06745c..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-12.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: CVSS for Fixed Products (valid example 2)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-19-12", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "full_product_names": [ - { - "product_id": "CSAFPID-9080700", - "name": "Product A" - } - ] - }, - "vulnerabilities": [ - { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ - { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "modifiedAvailabilityImpact": "NONE", - "modifiedConfidentialityImpact": "NONE", - "modifiedIntegrityImpact": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" - }, - "products": [ - "CSAFPID-9080700" - ] - } - ] - } - ] -} diff --git a/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-13.json b/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-13.json deleted file mode 100644 index 5acf96f..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-13.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: CVSS for Fixed Products (valid example 3)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-19-13", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "full_product_names": [ - { - "product_id": "CSAFPID-9080700", - "name": "Product A" - } - ] - }, - "vulnerabilities": [ - { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ - { - "cvss_v2": { - "baseScore": 6.8, - "targetDistribution": "NONE", - "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:C", - "version": "2.0" - }, - "products": [ - "CSAFPID-9080700" - ] - } - ] - } - ] -} diff --git a/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-14.json b/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-14.json deleted file mode 100644 index aa48735..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-14.json +++ /dev/null @@ -1,55 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: CVSS for Fixed Products (valid example 4)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-19-14", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "full_product_names": [ - { - "product_id": "CSAFPID-9080700", - "name": "Product A" - } - ] - }, - "vulnerabilities": [ - { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ - { - "cvss_v2": { - "baseScore": 6.8, - "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:C/TD:N", - "version": "2.0" - }, - "products": [ - "CSAFPID-9080700" - ] - } - ] - } - ] -} diff --git a/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-15.json b/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-15.json deleted file mode 100644 index ebeb9d0..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-15.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: CVSS for Fixed Products (valid example 5)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-19-15", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "full_product_names": [ - { - "product_id": "CSAFPID-9080700", - "name": "Product A" - } - ] - }, - "vulnerabilities": [ - { - "product_status": { - "first_fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ - { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/MC:N/MI:N/MA:N", - "version": "3.0" - }, - "products": [ - "CSAFPID-9080700" - ] - } - ] - } - ] -} diff --git a/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-16.json b/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-16.json deleted file mode 100644 index cb7fa1e..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-16.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: CVSS for Fixed Products (valid example 6)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-19-16", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "full_product_names": [ - { - "product_id": "CSAFPID-9080700", - "name": "Product A" - } - ] - }, - "vulnerabilities": [ - { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ - { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "modifiedAvailabilityImpact": "NONE", - "modifiedConfidentialityImpact": "NONE", - "modifiedIntegrityImpact": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - }, - "products": [ - "CSAFPID-9080700" - ] - } - ] - } - ] -} diff --git a/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-17.json b/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-17.json deleted file mode 100644 index 2928fa3..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_19/valid/oasis_csaf_tc-csaf_2_0-2021-6-2-19-17.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: CVSS for Fixed Products (valid example 7)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-19-17", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "full_product_names": [ - { - "product_id": "CSAFPID-9080700", - "name": "Product A" - } - ] - }, - "vulnerabilities": [ - { - "product_status": { - "known_affected": [ - "CSAFPID-9080700" - ] - }, - "scores": [ - { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" - }, - "products": [ - "CSAFPID-9080700" - ] - } - ] - } - ] -} diff --git a/csaf-validator-lib/tests/optionalTest_6_2_20.js b/csaf-validator-lib/tests/optionalTest_6_2_20.js deleted file mode 100644 index 2d1a2f7..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_20.js +++ /dev/null @@ -1,19 +0,0 @@ -import { expect } from 'chai' -import optionalTest_6_2_20 from '../lib/optionalTests/optionalTest_6_2_20.js' -import readExampleFiles from './shared/readExampleFiles.js' - -const failingExamples = await readExampleFiles( - new URL('optionalTest_6_2_20/failing', import.meta.url) -) - -describe('Optional test 6.2.20', function () { - describe('failing examples', function () { - for (const [title, failingExample] of failingExamples) { - it(title, function () { - const result = optionalTest_6_2_20(failingExample) - - expect(result.warnings.length).to.be.greaterThan(0) - }) - } - }) -}) diff --git a/csaf-validator-lib/tests/optionalTest_6_2_20/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-20-01.json b/csaf-validator-lib/tests/optionalTest_6_2_20/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-20-01.json deleted file mode 100644 index 2471fbc..0000000 --- a/csaf-validator-lib/tests/optionalTest_6_2_20/failing/oasis_csaf_tc-csaf_2_0-2021-6-2-20-01.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "document": { - "category": "csaf_base", - "csaf_version": "2.0", - "custom_property": "any", - "publisher": { - "category": "other", - "name": "OASIS CSAF TC", - "namespace": "https://csaf.io" - }, - "title": "Optional test: Additional Properties (failing example 1)", - "tracking": { - "current_release_date": "2021-07-21T10:00:00.000Z", - "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-20-01", - "initial_release_date": "2021-07-21T10:00:00.000Z", - "revision_history": [ - { - "date": "2021-07-21T10:00:00.000Z", - "number": "1", - "summary": "Initial version." - } - ], - "status": "final", - "version": "1" - } - } -} \ No newline at end of file diff --git a/csaf-validator-lib/tests/shared/minimalCSAFBaseDoc.js b/csaf-validator-lib/tests/shared/minimalCSAFBaseDoc.js deleted file mode 100644 index 5520d66..0000000 --- a/csaf-validator-lib/tests/shared/minimalCSAFBaseDoc.js +++ /dev/null @@ -1,12 +0,0 @@ -import sortObjectKeys from '../../lib/shared/sortObjectKeys.js' -import minimalDoc from './shared/minimalDoc.js' - -export default /** @type {typeof minimalDoc} */ ( - sortObjectKeys(new Intl.Collator(), { - ...minimalDoc, - document: { - ...minimalDoc.document, - category: 'generic_csaf', - }, - }) -) diff --git a/csaf-validator-lib/tests/shared/minimalInformationalAdvisoryDoc.js b/csaf-validator-lib/tests/shared/minimalInformationalAdvisoryDoc.js deleted file mode 100644 index 62babbd..0000000 --- a/csaf-validator-lib/tests/shared/minimalInformationalAdvisoryDoc.js +++ /dev/null @@ -1,24 +0,0 @@ -import minimalDoc from './shared/minimalDoc.js' - -export default { - ...minimalDoc, - document: { - ...minimalDoc.document, - category: 'csaf_informational_advisory', - notes: [ - { - category: 'description', - text: 'Some mandatory description', - title: 'Some description', - }, - ], - references: [ - ...minimalDoc.document.references, - { - category: 'external', - summary: 'The canonical URL.', - url: 'https://example.com/security/data/csaf/2021/OASIS_CSAF_TC-CSAF_2_0-2021-6-1-27-02-01.json', - }, - ], - }, -} diff --git a/csaf-validator-lib/tests/shared/minimalSecurityAdvisoryDoc.js b/csaf-validator-lib/tests/shared/minimalSecurityAdvisoryDoc.js deleted file mode 100644 index cc8c675..0000000 --- a/csaf-validator-lib/tests/shared/minimalSecurityAdvisoryDoc.js +++ /dev/null @@ -1,44 +0,0 @@ -import minimalDoc from './shared/minimalDoc.js' - -export default { - ...minimalDoc, - document: { - ...minimalDoc.document, - category: 'csaf_security_advisory', - }, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-0001', - name: 'Some sample product', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - }, - vulnerabilities: [ - { - notes: [ - { - category: 'description', - text: 'This is a sample note', - }, - ], - product_status: { - fixed: ['CSAFPID-0001'], - }, - }, - ], -} diff --git a/csaf-validator-lib/tests/shared/minimalSecurityIncidentResponseDoc.js b/csaf-validator-lib/tests/shared/minimalSecurityIncidentResponseDoc.js deleted file mode 100644 index ac7524b..0000000 --- a/csaf-validator-lib/tests/shared/minimalSecurityIncidentResponseDoc.js +++ /dev/null @@ -1,23 +0,0 @@ -import minimalDoc from './shared/minimalDoc.js' - -export default { - ...minimalDoc, - document: { - ...minimalDoc.document, - category: 'csaf_security_incident_response', - notes: [ - { - category: 'description', - text: 'Some mandatory description', - title: 'Some description', - }, - ], - references: [ - { - category: 'external', - summary: 'The canonical URL.', - url: 'https://example.com/security/data/csaf/2021/OASIS_CSAF_TC-CSAF_2_0-2021-6-1-27-02-01.json', - }, - ], - }, -} diff --git a/csaf-validator-lib/tests/shared/minimalVexDoc.js b/csaf-validator-lib/tests/shared/minimalVexDoc.js deleted file mode 100644 index f6fabca..0000000 --- a/csaf-validator-lib/tests/shared/minimalVexDoc.js +++ /dev/null @@ -1,45 +0,0 @@ -import minimalDoc from './shared/minimalDoc.js' - -export default { - ...minimalDoc, - document: { - ...minimalDoc.document, - category: 'csaf_vex', - }, - product_tree: { - full_product_names: [ - { - product_id: 'CSAFPID-0001', - name: 'Some sample product', - product_identification_helper: { - hashes: [ - { - file_hashes: [ - { - algorithm: 'sha256', - value: - '6ae24620ea9656230f49234efd0789356ae24620ea9656230f49234efd078935', - }, - ], - filename: 'product_a.so', - }, - ], - }, - }, - ], - }, - vulnerabilities: [ - { - notes: [ - { - category: 'description', - text: 'This is a sample note', - }, - ], - product_status: { - fixed: ['CSAFPID-0001'], - }, - cve: 'CVE-0000-1111', - }, - ], -} diff --git a/csaf-validator-lib/tests/shared/readExampleFiles.js b/csaf-validator-lib/tests/shared/readExampleFiles.js deleted file mode 100644 index f86d3e2..0000000 --- a/csaf-validator-lib/tests/shared/readExampleFiles.js +++ /dev/null @@ -1,23 +0,0 @@ -import { readdir, readFile } from 'fs/promises' -import { resolve } from 'path' -import { fileURLToPath } from 'url' - -/** - * @param {URL} url - */ -export default async function readExampleFiles(url) { - const examplesDir = fileURLToPath(url) - - const dirEntries = await readdir(examplesDir) - const examples = await Promise.all( - dirEntries - .filter((d) => d.endsWith('.json')) - .map((f) => - readFile(resolve(examplesDir, f), { encoding: 'utf-8' }).then((o) => [ - f, - JSON.parse(o), - ]) - ) - ) - return examples -} diff --git a/csaf-validator-lib/tests/shared/shared/minimalDoc.js b/csaf-validator-lib/tests/shared/shared/minimalDoc.js deleted file mode 100644 index 29c295a..0000000 --- a/csaf-validator-lib/tests/shared/shared/minimalDoc.js +++ /dev/null @@ -1,39 +0,0 @@ -export default { - document: { - category: 'Test Report', - csaf_version: '2.0', - title: 'Minimal valid', - lang: 'en', - distribution: { - tlp: { - label: 'AMBER', - }, - }, - publisher: { - category: 'other', - name: 'Secvisogram Automated Tester', - namespace: 'https://github.com/secvisogram/secvisogram', - }, - references: [ - { - category: 'self', - summary: 'A non-canonical URL.', - url: 'https://example.com/security/data/csaf/2021/my-thing-_10.json', - }, - ], - tracking: { - current_release_date: '2021-01-14T00:00:00.000Z', - id: 'My-Thing-.10', - initial_release_date: '2021-01-14T00:00:00.000Z', - revision_history: [ - { - number: '1', - date: '2021-01-14T00:00:00.000Z', - summary: 'Summary', - }, - ], - status: 'draft', - version: '1', - }, - }, -} diff --git a/csaf-validator-lib/tests/shared/valid-1.js b/csaf-validator-lib/tests/shared/valid-1.js deleted file mode 100644 index caa8c6f..0000000 --- a/csaf-validator-lib/tests/shared/valid-1.js +++ /dev/null @@ -1,3068 +0,0 @@ -export default { - document: { - title: - 'Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability', - category: 'Cisco Security Advisory', - csaf_version: '2.0', - publisher: { - category: 'vendor', - contact_details: - 'Emergency Support:\n+1 877 228 7302 (toll-free within North America)\n+1 408 525 6532 (International direct-dial)\nNon-emergency Support:\nEmail: psirt@cisco.com\nSupport requests that are received via e-mail are typically acknowledged within 48 hours.', - issuing_authority: - 'Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.\nMore information can be found in Cisco Security Vulnerability Policy available at http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html', - name: 'Cisco PSIRT', - namespace: 'https://www.cisco.com', - }, - tracking: { - id: 'cisco-sa-20180328-smi2', - status: 'final', - version: '3.0.0', - revision_history: [ - { - number: '1.0.0', - date: '2018-03-28T15:17:05Z', - summary: 'Initial public release.', - }, - { - number: '1.1.0', - date: '2018-03-29T17:13:23Z', - summary: "Added the researcher's company name.", - }, - { - number: '1.2.0', - date: '2018-04-02T13:18:01Z', - summary: 'Metadata update.', - }, - { - number: '1.3.0', - date: '2018-04-06T19:35:44Z', - summary: 'Added more details to the Workarounds section.', - }, - { - number: '1.4.0', - date: '2018-04-09T14:20:12Z', - summary: - 'Emphasized that Smart Install is enabled by default. Added a link to the list of devices that support Smart Install.', - }, - { - number: '2.0.0', - date: '2018-04-16T18:21:34Z', - summary: - 'Updated IOS Software Checker with products found to be non-vulnerable.', - }, - { - number: '3.0.0', - date: '2018-04-17T15:08:41Z', - summary: - 'Updated IOS Software Checker with products found to be vulnerable.', - }, - ], - initial_release_date: '2018-03-28T16:00:00Z', - current_release_date: '2018-04-17T15:08:41Z', - generator: { - engine: { - name: 'TVCE', - }, - }, - }, - notes: [ - { - title: 'Summary', - category: 'summary', - text: 'A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device.\n\nThe vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts:\n\nTriggering a reload of the device\nAllowing the attacker to execute arbitrary code on the device\nCausing an indefinite loop on the affected device that triggers a watchdog crash\n\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\nSmart Install client functionality is enabled by default on switches that are running Cisco IOS Software releases that have not been updated to address Cisco bug ID CSCvd36820 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd36820"].\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2"]\n\nThis advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682"].', - }, - { - title: 'Vulnerable Products', - category: 'general', - text: 'This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE Software and have the Smart Install client feature enabled.\n\nOnly Smart Install client switches are affected by the vulnerability that is described in this advisory. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability.\n\nFor a list of devices that support Smart Install, see Smart Install Configuration Guide - Supported Devices ["https://www.cisco.com/c/en/us/td/docs/switches/lan/smart_install/configuration/guide/smart_install/supported_devices.html"].\n\nFor information about which Cisco IOS and IOS XE Software releases are vulnerable, see the Fixed Software ["#fixed"] section of this advisory.\n Notes Regarding Specific Releases\nSmart Install client functionality is enabled by default on switches that are running Cisco IOS Software releases that have not been updated to address Cisco bug ID CSCvd36820 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd36820"].\n\nSwitches that are running releases earlier than Cisco IOS Software Release 12.2(52)SE are not capable of running Smart Install, but they can be Smart Install clients if they support the archive download-sw privileged EXEC command.\n Determining Whether the Smart Install Client Feature Is Enabled\nTo determine whether a device is configured with the Smart Install client feature enabled, use the show vstack config privileged EXEC command on the Smart Install client. An output of Role: Client and Oper Mode: Enabled or Role: Client (SmartInstall enabled) from the show vstack config command confirms that the feature is enabled on the device.\n\nThe following examples show the output of the show vstack config command on Cisco Catalyst Switches that are configured as Smart Install clients:\n\n\nswitch1# show vstack config\nRole: Client (SmartInstall enabled)\n.\n.\n.\n\nswitch2# show vstack config\nCapability: Client\nOper Mode: Enabled\nRole: Client\n.\n.\n.\nDetermining the Cisco IOS Software Release\nTo determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS Software, the system banner displays text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The banner also displays the installed image name in parentheses, followed by the Cisco IOS Software release number and release name. Some Cisco devices do not support the show version command or may provide different output.\n\nThe following example shows the output of the command for a device that is running Cisco IOS Software Release 15.5(2)T1 and has an installed image name of C2951-UNIVERSALK9-M:\n\n\nRouter> show version\n Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Mon 22-Jun-15 09:32 by prod_rel_team . . .\n\nFor information about the naming and numbering conventions for Cisco IOS Software releases, see the Cisco IOS and NX-OS Software Reference Guide ["https://www.cisco.com/c/en/us/about/security-center/ios-nx-os-reference-guide.html"].\nDetermining the Cisco IOS XE Software Release\nTo determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS XE Software, the system banner displays Cisco IOS Software, Cisco IOS XE Software, or similar text.\n\nThe following example shows the output of the command for a device that is running Cisco IOS XE Software Release 16.2.1 and has an installed image name of CAT3K_CAA-UNIVERSALK9-M:\n\n\nios-xe-device# show version\n Cisco IOS Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version Denali 16.2.1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Sun 27-Mar-16 21:47 by mcpre . . .\n\nFor information about the naming and numbering conventions for Cisco IOS XE Software releases, see the Cisco IOS and NX-OS Software Reference Guide ["https://www.cisco.com/c/en/us/about/security-center/ios-nx-os-reference-guide.html"].', - }, - { - title: 'Products Confirmed Not Vulnerable', - category: 'general', - text: 'No other Cisco products are currently known to be affected by this vulnerability.\n\nCisco has confirmed that this vulnerability does not affect Cisco IOS XR Software or Cisco NX-OS Software.', - }, - { - title: 'Details', - category: 'general', - text: 'Cisco Smart Install is a ?plug-and-play? configuration and image-management feature that provides zero-touch deployment for new (typically access layer) switches. The feature allows a customer to ship a Cisco switch to any location, install it in the network, and power it on without additional configuration requirements. The Smart Install feature incorporates no authentication by design.\n\nA Smart Install network consists of exactly one Smart Install director switch or router, also known as an integrated branch director (IBD), and one or more Smart Install client switches, also known as integrated branch clients (IBCs). A client switch does not need to be directly connected to the director; the client switch can be up to seven hops away.\n\nThe director provides a single management point for images and configuration of client switches. When a client switch is first installed in the network, the director automatically detects the new switch and identifies the correct Cisco IOS Software image and the configuration file for downloading. The director can also allocate an IP address and hostname to a client.', - }, - { - title: 'Workarounds', - category: 'general', - text: 'There are no workarounds that address this vulnerability for customers who require the use of Cisco Smart Install. For customers not requiring Cisco Smart Install, the feature can be disabled with the no vstack command. In software releases that are associated with Cisco Bug ID CSCvd36820 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd36820"], Cisco Smart Install will auto-disable if not in use.\n\nAdministrators are encouraged to consult the informational security advisory on Cisco Smart Install Protocol Misuse ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170214-smi"] and the Smart Install Configuration Guide ["http://www.cisco.com/c/en/us/td/docs/switches/lan/smart_install/configuration/guide/smart_install/concepts.html#23355"].', - }, - { - title: 'Fixed Software', - category: 'general', - text: 'Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:\nhttps://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"]\n\nAdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.\n\nWhen considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.\n\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\n\nCustomers Without Service Contracts\n\nCustomers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC:\nhttps://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"]\n\nCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.\n Cisco IOS and IOS XE Software\nTo help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides a tool, the Cisco IOS Software Checker ["https://tools.cisco.com/security/center/softwarechecker.x"], that identifies any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (?First Fixed?). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (?Combined First Fixed?).\n\nCustomers can use this tool to perform the following tasks:\n\nInitiate a search by choosing one or more releases from a drop-down list or uploading a file from a local system for the tool to parse\nEnter the output of the show version command for the tool to parse\nCreate a custom search by including all previously published Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication\n\nTo determine whether a release is affected by any published Cisco Security Advisory, use the Cisco IOS Software Checker ["https://tools.cisco.com/security/center/softwarechecker.x"] on Cisco.com or enter a Cisco IOS Software or Cisco IOS XE Software release?for example, 15.1(4)M2 or 3.13.8S?in the following field:\n\n\n\n\n\nFor a mapping of Cisco IOS XE Software releases to Cisco IOS Software releases, refer to the Cisco IOS XE 2 Release Notes ["https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/2/release/notes/rnasr21/rnasr21_gen.html#wp3000032"], Cisco IOS XE 3S Release Notes ["https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/3/release/notes/asr1k_rn_3s_rel_notes/asr1k_rn_3s_sys_req.html#wp3069754"], or Cisco IOS XE 3SG Release Notes ["https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_24726.html#pgfId-2570252"], depending on the Cisco IOS XE Software release.', - }, - { - title: 'Vulnerability Policy', - category: 'general', - text: 'To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.', - }, - { - title: 'Exploitation and Public Announcements', - category: 'general', - text: 'The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.', - }, - { - title: 'Source', - category: 'general', - text: 'Cisco would like to thank George Nosenko from Embedi for reporting this vulnerability via GeekPwn.', - }, - { - title: 'Legal Disclaimer', - category: 'legal_disclaimer', - text: 'THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\n\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.', - }, - ], - references: [ - { - url: 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2', - summary: - 'Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability', - }, - { - url: 'https://tools.cisco.com/security/center/content/CiscoSecurityBundle/cisco-sa-20180328-bundle', - summary: - 'Summary of the Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication, March 28, 2018', - }, - { - url: 'http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682', - summary: - 'Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication', - }, - { - url: 'https://tools.cisco.com/security/center/content/CiscoSecurityBundle/cisco-sa-20180328-bundle', - summary: - 'Summary of the Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication, March 28, 2018', - }, - { - url: 'http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682', - summary: - 'Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication', - }, - ], - }, - product_tree: { - branches: [ - { - name: 'Cisco', - category: 'vendor', - branches: [ - { - name: 'IOS', - category: 'product_name', - branches: [ - { - name: '12.2SE', - category: 'product_version', - branches: [ - { - name: '12.2(55)SE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-103763', - name: 'Cisco IOS 12.2SE 12.2(55)SE', - }, - }, - { - name: '12.2(55)SE3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-105394', - name: 'Cisco IOS 12.2SE 12.2(55)SE3', - }, - }, - { - name: '12.2(55)SE2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-105689', - name: 'Cisco IOS 12.2SE 12.2(55)SE2', - }, - }, - { - name: '12.2(58)SE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-105987', - name: 'Cisco IOS 12.2SE 12.2(58)SE', - }, - }, - { - name: '12.2(55)SE1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-106029', - name: 'Cisco IOS 12.2SE 12.2(55)SE1', - }, - }, - { - name: '12.2(58)SE1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-109098', - name: 'Cisco IOS 12.2SE 12.2(58)SE1', - }, - }, - { - name: '12.2(55)SE4', - category: 'service_pack', - product: { - product_id: 'CVRFPID-109439', - name: 'Cisco IOS 12.2SE 12.2(55)SE4', - }, - }, - { - name: '12.2(58)SE2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-109808', - name: 'Cisco IOS 12.2SE 12.2(58)SE2', - }, - }, - { - name: '12.2(55)SE5', - category: 'service_pack', - product: { - product_id: 'CVRFPID-111674', - name: 'Cisco IOS 12.2SE 12.2(55)SE5', - }, - }, - { - name: '12.2(55)SE6', - category: 'service_pack', - product: { - product_id: 'CVRFPID-114665', - name: 'Cisco IOS 12.2SE 12.2(55)SE6', - }, - }, - { - name: '12.2(55)SE7', - category: 'service_pack', - product: { - product_id: 'CVRFPID-184125', - name: 'Cisco IOS 12.2SE 12.2(55)SE7', - }, - }, - { - name: '12.2(55)SE8', - category: 'service_pack', - product: { - product_id: 'CVRFPID-189187', - name: 'Cisco IOS 12.2SE 12.2(55)SE8', - }, - }, - { - name: '12.2(55)SE9', - category: 'service_pack', - product: { - product_id: 'CVRFPID-192911', - name: 'Cisco IOS 12.2SE 12.2(55)SE9', - }, - }, - { - name: '12.2(55)SE10', - category: 'service_pack', - product: { - product_id: 'CVRFPID-198542', - name: 'Cisco IOS 12.2SE 12.2(55)SE10', - }, - }, - { - name: '12.2(55)SE11', - category: 'service_pack', - product: { - product_id: 'CVRFPID-210732', - name: 'Cisco IOS 12.2SE 12.2(55)SE11', - }, - }, - { - name: '12.2(55)SE12', - category: 'service_pack', - product: { - product_id: 'CVRFPID-228057', - name: 'Cisco IOS 12.2SE 12.2(55)SE12', - }, - }, - { - name: '12.2(55)SE13', - category: 'service_pack', - product: { - product_id: 'CVRFPID-230962', - name: 'Cisco IOS 12.2SE 12.2(55)SE13', - }, - }, - ], - }, - { - name: '12.2EX', - category: 'product_version', - branches: [ - { - name: '12.2(55)EX', - category: 'service_pack', - product: { - product_id: 'CVRFPID-106674', - name: 'Cisco IOS 12.2EX 12.2(55)EX', - }, - }, - { - name: '12.2(55)EX1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-108306', - name: 'Cisco IOS 12.2EX 12.2(55)EX1', - }, - }, - { - name: '12.2(55)EX2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-109760', - name: 'Cisco IOS 12.2EX 12.2(55)EX2', - }, - }, - { - name: '12.2(55)EX3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-111019', - name: 'Cisco IOS 12.2EX 12.2(55)EX3', - }, - }, - ], - }, - { - name: '12.2EY', - category: 'product_version', - branches: [ - { - name: '12.2(55)EY', - category: 'service_pack', - product: { - product_id: 'CVRFPID-103559', - name: 'Cisco IOS 12.2EY 12.2(55)EY', - }, - }, - ], - }, - { - name: '12.2EZ', - category: 'product_version', - branches: [ - { - name: '12.2(55)EZ', - category: 'service_pack', - product: { - product_id: 'CVRFPID-107283', - name: 'Cisco IOS 12.2EZ 12.2(55)EZ', - }, - }, - ], - }, - { - name: '15.0EY', - category: 'product_version', - branches: [ - { - name: '15.0(1)EY', - category: 'service_pack', - product: { - product_id: 'CVRFPID-104376', - name: 'Cisco IOS 15.0EY 15.0(1)EY', - }, - }, - { - name: '15.0(1)EY2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-187269', - name: 'Cisco IOS 15.0EY 15.0(1)EY2', - }, - }, - ], - }, - { - name: '15.1M', - category: 'product_version', - branches: [ - { - name: '15.1(4)M12c', - category: 'service_pack', - product: { - product_id: 'CVRFPID-233143', - name: 'Cisco IOS 15.1M 15.1(4)M12c', - }, - }, - ], - }, - { - name: '15.0SE', - category: 'product_version', - branches: [ - { - name: '15.0(1)SE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-105660', - name: 'Cisco IOS 15.0SE 15.0(1)SE', - }, - }, - { - name: '15.0(2)SE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-107852', - name: 'Cisco IOS 15.0SE 15.0(2)SE', - }, - }, - { - name: '15.0(1)SE1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-111010', - name: 'Cisco IOS 15.0SE 15.0(1)SE1', - }, - }, - { - name: '15.0(1)SE2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-113961', - name: 'Cisco IOS 15.0SE 15.0(1)SE2', - }, - }, - { - name: '15.0(1)SE3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-115832', - name: 'Cisco IOS 15.0SE 15.0(1)SE3', - }, - }, - { - name: '15.0(2)SE1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-115939', - name: 'Cisco IOS 15.0SE 15.0(2)SE1', - }, - }, - { - name: '15.0(2)SE2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-116083', - name: 'Cisco IOS 15.0SE 15.0(2)SE2', - }, - }, - { - name: '15.0(2)SE3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-189455', - name: 'Cisco IOS 15.0SE 15.0(2)SE3', - }, - }, - { - name: '15.0(2)SE4', - category: 'service_pack', - product: { - product_id: 'CVRFPID-190635', - name: 'Cisco IOS 15.0SE 15.0(2)SE4', - }, - }, - { - name: '15.0(2)SE5', - category: 'service_pack', - product: { - product_id: 'CVRFPID-192706', - name: 'Cisco IOS 15.0SE 15.0(2)SE5', - }, - }, - { - name: '15.0(2)SE6', - category: 'service_pack', - product: { - product_id: 'CVRFPID-195770', - name: 'Cisco IOS 15.0SE 15.0(2)SE6', - }, - }, - { - name: '15.0(2)SE7', - category: 'service_pack', - product: { - product_id: 'CVRFPID-204097', - name: 'Cisco IOS 15.0SE 15.0(2)SE7', - }, - }, - { - name: '15.0(2)SE8', - category: 'service_pack', - product: { - product_id: 'CVRFPID-209028', - name: 'Cisco IOS 15.0SE 15.0(2)SE8', - }, - }, - { - name: '15.0(2)SE9', - category: 'service_pack', - product: { - product_id: 'CVRFPID-209029', - name: 'Cisco IOS 15.0SE 15.0(2)SE9', - }, - }, - { - name: '15.0(2a)SE9', - category: 'service_pack', - product: { - product_id: 'CVRFPID-212329', - name: 'Cisco IOS 15.0SE 15.0(2a)SE9', - }, - }, - { - name: '15.0(2)SE10', - category: 'service_pack', - product: { - product_id: 'CVRFPID-213788', - name: 'Cisco IOS 15.0SE 15.0(2)SE10', - }, - }, - { - name: '15.0(2)SE11', - category: 'service_pack', - product: { - product_id: 'CVRFPID-220466', - name: 'Cisco IOS 15.0SE 15.0(2)SE11', - }, - }, - { - name: '15.0(2)SE10a', - category: 'service_pack', - product: { - product_id: 'CVRFPID-222342', - name: 'Cisco IOS 15.0SE 15.0(2)SE10a', - }, - }, - { - name: '15.0(2)SE12', - category: 'service_pack', - product: { - product_id: 'CVRFPID-234926', - name: 'Cisco IOS 15.0SE 15.0(2)SE12', - }, - }, - ], - }, - { - name: '15.1SG', - category: 'product_version', - branches: [ - { - name: '15.1(2)SG', - category: 'service_pack', - product: { - product_id: 'CVRFPID-115477', - name: 'Cisco IOS 15.1SG 15.1(2)SG', - }, - }, - { - name: '15.1(2)SG1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-188035', - name: 'Cisco IOS 15.1SG 15.1(2)SG1', - }, - }, - { - name: '15.1(2)SG2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-193283', - name: 'Cisco IOS 15.1SG 15.1(2)SG2', - }, - }, - { - name: '15.1(2)SG3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-194741', - name: 'Cisco IOS 15.1SG 15.1(2)SG3', - }, - }, - { - name: '15.1(2)SG4', - category: 'service_pack', - product: { - product_id: 'CVRFPID-195489', - name: 'Cisco IOS 15.1SG 15.1(2)SG4', - }, - }, - { - name: '15.1(2)SG5', - category: 'service_pack', - product: { - product_id: 'CVRFPID-197465', - name: 'Cisco IOS 15.1SG 15.1(2)SG5', - }, - }, - { - name: '15.1(2)SG6', - category: 'service_pack', - product: { - product_id: 'CVRFPID-204187', - name: 'Cisco IOS 15.1SG 15.1(2)SG6', - }, - }, - { - name: '15.1(2)SG7', - category: 'service_pack', - product: { - product_id: 'CVRFPID-209034', - name: 'Cisco IOS 15.1SG 15.1(2)SG7', - }, - }, - { - name: '15.1(2)SG8', - category: 'service_pack', - product: { - product_id: 'CVRFPID-214992', - name: 'Cisco IOS 15.1SG 15.1(2)SG8', - }, - }, - { - name: '15.1(2)SG8a', - category: 'service_pack', - product: { - product_id: 'CVRFPID-233796', - name: 'Cisco IOS 15.1SG 15.1(2)SG8a', - }, - }, - ], - }, - { - name: '15.0EX', - category: 'product_version', - branches: [ - { - name: '15.0(2)EX', - category: 'service_pack', - product: { - product_id: 'CVRFPID-189064', - name: 'Cisco IOS 15.0EX 15.0(2)EX', - }, - }, - { - name: '15.0(2)EX1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-189115', - name: 'Cisco IOS 15.0EX 15.0(2)EX1', - }, - }, - { - name: '15.0(2)EX2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-192910', - name: 'Cisco IOS 15.0EX 15.0(2)EX2', - }, - }, - { - name: '15.0(2)EX3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-194540', - name: 'Cisco IOS 15.0EX 15.0(2)EX3', - }, - }, - { - name: '15.0(2)EX4', - category: 'service_pack', - product: { - product_id: 'CVRFPID-194913', - name: 'Cisco IOS 15.0EX 15.0(2)EX4', - }, - }, - { - name: '15.0(2)EX5', - category: 'service_pack', - product: { - product_id: 'CVRFPID-195943', - name: 'Cisco IOS 15.0EX 15.0(2)EX5', - }, - }, - { - name: '15.0(2)EX6', - category: 'service_pack', - product: { - product_id: 'CVRFPID-200496', - name: 'Cisco IOS 15.0EX 15.0(2)EX6', - }, - }, - { - name: '15.0(2)EX7', - category: 'service_pack', - product: { - product_id: 'CVRFPID-201366', - name: 'Cisco IOS 15.0EX 15.0(2)EX7', - }, - }, - { - name: '15.0(2)EX8', - category: 'service_pack', - product: { - product_id: 'CVRFPID-204831', - name: 'Cisco IOS 15.0EX 15.0(2)EX8', - }, - }, - { - name: '15.0(2a)EX5', - category: 'service_pack', - product: { - product_id: 'CVRFPID-205064', - name: 'Cisco IOS 15.0EX 15.0(2a)EX5', - }, - }, - { - name: '15.0(2)EX10', - category: 'service_pack', - product: { - product_id: 'CVRFPID-211570', - name: 'Cisco IOS 15.0EX 15.0(2)EX10', - }, - }, - { - name: '15.0(2)EX11', - category: 'service_pack', - product: { - product_id: 'CVRFPID-214797', - name: 'Cisco IOS 15.0EX 15.0(2)EX11', - }, - }, - { - name: '15.0(2)EX13', - category: 'service_pack', - product: { - product_id: 'CVRFPID-225160', - name: 'Cisco IOS 15.0EX 15.0(2)EX13', - }, - }, - { - name: '15.0(2)EX12', - category: 'service_pack', - product: { - product_id: 'CVRFPID-230965', - name: 'Cisco IOS 15.0EX 15.0(2)EX12', - }, - }, - ], - }, - { - name: '15.1SY', - category: 'product_version', - branches: [ - { - name: '15.1(1)SY', - category: 'service_pack', - product: { - product_id: 'CVRFPID-112489', - name: 'Cisco IOS 15.1SY 15.1(1)SY', - }, - }, - { - name: '15.1(1)SY1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-115285', - name: 'Cisco IOS 15.1SY 15.1(1)SY1', - }, - }, - { - name: '15.1(2)SY', - category: 'service_pack', - product: { - product_id: 'CVRFPID-184932', - name: 'Cisco IOS 15.1SY 15.1(2)SY', - }, - }, - { - name: '15.1(2)SY1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-188061', - name: 'Cisco IOS 15.1SY 15.1(2)SY1', - }, - }, - { - name: '15.1(2)SY2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-189219', - name: 'Cisco IOS 15.1SY 15.1(2)SY2', - }, - }, - { - name: '15.1(1)SY2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-191635', - name: 'Cisco IOS 15.1SY 15.1(1)SY2', - }, - }, - { - name: '15.1(1)SY3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-194944', - name: 'Cisco IOS 15.1SY 15.1(1)SY3', - }, - }, - { - name: '15.1(2)SY3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-198059', - name: 'Cisco IOS 15.1SY 15.1(2)SY3', - }, - }, - { - name: '15.1(1)SY4', - category: 'service_pack', - product: { - product_id: 'CVRFPID-198426', - name: 'Cisco IOS 15.1SY 15.1(1)SY4', - }, - }, - { - name: '15.1(2)SY4', - category: 'service_pack', - product: { - product_id: 'CVRFPID-201019', - name: 'Cisco IOS 15.1SY 15.1(2)SY4', - }, - }, - { - name: '15.1(1)SY5', - category: 'service_pack', - product: { - product_id: 'CVRFPID-204109', - name: 'Cisco IOS 15.1SY 15.1(1)SY5', - }, - }, - { - name: '15.1(2)SY5', - category: 'service_pack', - product: { - product_id: 'CVRFPID-204110', - name: 'Cisco IOS 15.1SY 15.1(2)SY5', - }, - }, - { - name: '15.1(2)SY4a', - category: 'service_pack', - product: { - product_id: 'CVRFPID-204832', - name: 'Cisco IOS 15.1SY 15.1(2)SY4a', - }, - }, - { - name: '15.1(1)SY6', - category: 'service_pack', - product: { - product_id: 'CVRFPID-209043', - name: 'Cisco IOS 15.1SY 15.1(1)SY6', - }, - }, - { - name: '15.1(2)SY6', - category: 'service_pack', - product: { - product_id: 'CVRFPID-209044', - name: 'Cisco IOS 15.1SY 15.1(2)SY6', - }, - }, - { - name: '15.1(2)SY7', - category: 'service_pack', - product: { - product_id: 'CVRFPID-210406', - name: 'Cisco IOS 15.1SY 15.1(2)SY7', - }, - }, - { - name: '15.1(2)SY8', - category: 'service_pack', - product: { - product_id: 'CVRFPID-214052', - name: 'Cisco IOS 15.1SY 15.1(2)SY8', - }, - }, - { - name: '15.1(2)SY9', - category: 'service_pack', - product: { - product_id: 'CVRFPID-220440', - name: 'Cisco IOS 15.1SY 15.1(2)SY9', - }, - }, - { - name: '15.1(2)SY10', - category: 'service_pack', - product: { - product_id: 'CVRFPID-222650', - name: 'Cisco IOS 15.1SY 15.1(2)SY10', - }, - }, - { - name: '15.1(2)SY11', - category: 'service_pack', - product: { - product_id: 'CVRFPID-227307', - name: 'Cisco IOS 15.1SY 15.1(2)SY11', - }, - }, - ], - }, - { - name: '12.4JAN', - category: 'product_version', - branches: [ - { - name: '12.4(25e)JAN2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-192702', - name: 'Cisco IOS 12.4JAN 12.4(25e)JAN2', - }, - }, - ], - }, - { - name: '15.2E', - category: 'product_version', - branches: [ - { - name: '15.2(1)E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-183811', - name: 'Cisco IOS 15.2E 15.2(1)E', - }, - }, - { - name: '15.2(2)E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-187057', - name: 'Cisco IOS 15.2E 15.2(2)E', - }, - }, - { - name: '15.2(1)E1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-195469', - name: 'Cisco IOS 15.2E 15.2(1)E1', - }, - }, - { - name: '15.2(3)E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-197483', - name: 'Cisco IOS 15.2E 15.2(3)E', - }, - }, - { - name: '15.2(1)E2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-198060', - name: 'Cisco IOS 15.2E 15.2(1)E2', - }, - }, - { - name: '15.2(1)E3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-200488', - name: 'Cisco IOS 15.2E 15.2(1)E3', - }, - }, - { - name: '15.2(2)E1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-201074', - name: 'Cisco IOS 15.2E 15.2(2)E1', - }, - }, - { - name: '15.2(2b)E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-204102', - name: 'Cisco IOS 15.2E 15.2(2b)E', - }, - }, - { - name: '15.2(4)E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-204108', - name: 'Cisco IOS 15.2E 15.2(4)E', - }, - }, - { - name: '15.2(3)E1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-204186', - name: 'Cisco IOS 15.2E 15.2(3)E1', - }, - }, - { - name: '15.2(2)E2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-204228', - name: 'Cisco IOS 15.2E 15.2(2)E2', - }, - }, - { - name: '15.2(2a)E1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-204818', - name: 'Cisco IOS 15.2E 15.2(2a)E1', - }, - }, - { - name: '15.2(2)E3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-205672', - name: 'Cisco IOS 15.2E 15.2(2)E3', - }, - }, - { - name: '15.2(2a)E2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-209045', - name: 'Cisco IOS 15.2E 15.2(2a)E2', - }, - }, - { - name: '15.2(3)E2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-209046', - name: 'Cisco IOS 15.2E 15.2(3)E2', - }, - }, - { - name: '15.2(3a)E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-209047', - name: 'Cisco IOS 15.2E 15.2(3a)E', - }, - }, - { - name: '15.2(3)E3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-209358', - name: 'Cisco IOS 15.2E 15.2(3)E3', - }, - }, - { - name: '15.2(3m)E2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-209359', - name: 'Cisco IOS 15.2E 15.2(3m)E2', - }, - }, - { - name: '15.2(4)E1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-209887', - name: 'Cisco IOS 15.2E 15.2(4)E1', - }, - }, - { - name: '15.2(2)E4', - category: 'service_pack', - product: { - product_id: 'CVRFPID-210766', - name: 'Cisco IOS 15.2E 15.2(2)E4', - }, - }, - { - name: '15.2(2)E5', - category: 'service_pack', - product: { - product_id: 'CVRFPID-211296', - name: 'Cisco IOS 15.2E 15.2(2)E5', - }, - }, - { - name: '15.2(4)E2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-213610', - name: 'Cisco IOS 15.2E 15.2(4)E2', - }, - }, - { - name: '15.2(4m)E1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-214072', - name: 'Cisco IOS 15.2E 15.2(4m)E1', - }, - }, - { - name: '15.2(3)E4', - category: 'service_pack', - product: { - product_id: 'CVRFPID-214078', - name: 'Cisco IOS 15.2E 15.2(3)E4', - }, - }, - { - name: '15.2(5)E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-214556', - name: 'Cisco IOS 15.2E 15.2(5)E', - }, - }, - { - name: '15.2(3m)E7', - category: 'service_pack', - product: { - product_id: 'CVRFPID-216295', - name: 'Cisco IOS 15.2E 15.2(3m)E7', - }, - }, - { - name: '15.2(4)E3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-217805', - name: 'Cisco IOS 15.2E 15.2(4)E3', - }, - }, - { - name: '15.2(2)E6', - category: 'service_pack', - product: { - product_id: 'CVRFPID-218891', - name: 'Cisco IOS 15.2E 15.2(2)E6', - }, - }, - { - name: '15.2(5a)E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-218995', - name: 'Cisco IOS 15.2E 15.2(5a)E', - }, - }, - { - name: '15.2(5)E1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-220441', - name: 'Cisco IOS 15.2E 15.2(5)E1', - }, - }, - { - name: '15.2(5b)E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-220457', - name: 'Cisco IOS 15.2E 15.2(5b)E', - }, - }, - { - name: '15.2(4m)E3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-220664', - name: 'Cisco IOS 15.2E 15.2(4m)E3', - }, - }, - { - name: '15.2(3m)E8', - category: 'service_pack', - product: { - product_id: 'CVRFPID-220689', - name: 'Cisco IOS 15.2E 15.2(3m)E8', - }, - }, - { - name: '15.2(2)E5a', - category: 'service_pack', - product: { - product_id: 'CVRFPID-221033', - name: 'Cisco IOS 15.2E 15.2(2)E5a', - }, - }, - { - name: '15.2(5c)E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-221137', - name: 'Cisco IOS 15.2E 15.2(5c)E', - }, - }, - { - name: '15.2(3)E5', - category: 'service_pack', - product: { - product_id: 'CVRFPID-222275', - name: 'Cisco IOS 15.2E 15.2(3)E5', - }, - }, - { - name: '15.2(2)E5b', - category: 'service_pack', - product: { - product_id: 'CVRFPID-222436', - name: 'Cisco IOS 15.2E 15.2(2)E5b', - }, - }, - { - name: '15.2(4n)E2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-222500', - name: 'Cisco IOS 15.2E 15.2(4n)E2', - }, - }, - { - name: '15.2(4o)E2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-222924', - name: 'Cisco IOS 15.2E 15.2(4o)E2', - }, - }, - { - name: '15.2(5a)E1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-223143', - name: 'Cisco IOS 15.2E 15.2(5a)E1', - }, - }, - { - name: '15.2(4)E4', - category: 'service_pack', - product: { - product_id: 'CVRFPID-224553', - name: 'Cisco IOS 15.2E 15.2(4)E4', - }, - }, - { - name: '15.2(2)E7', - category: 'service_pack', - product: { - product_id: 'CVRFPID-224868', - name: 'Cisco IOS 15.2E 15.2(2)E7', - }, - }, - { - name: '15.2(5)E2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-225740', - name: 'Cisco IOS 15.2E 15.2(5)E2', - }, - }, - { - name: '15.2(4p)E1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-226077', - name: 'Cisco IOS 15.2E 15.2(4p)E1', - }, - }, - { - name: '15.2(6)E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-227598', - name: 'Cisco IOS 15.2E 15.2(6)E', - }, - }, - { - name: '15.2(5)E2b', - category: 'service_pack', - product: { - product_id: 'CVRFPID-227754', - name: 'Cisco IOS 15.2E 15.2(5)E2b', - }, - }, - { - name: '15.2(4)E5', - category: 'service_pack', - product: { - product_id: 'CVRFPID-227959', - name: 'Cisco IOS 15.2E 15.2(4)E5', - }, - }, - { - name: '15.2(5)E2c', - category: 'service_pack', - product: { - product_id: 'CVRFPID-228151', - name: 'Cisco IOS 15.2E 15.2(5)E2c', - }, - }, - { - name: '15.2(4m)E2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-230588', - name: 'Cisco IOS 15.2E 15.2(4m)E2', - }, - }, - { - name: '15.2(4o)E3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-230589', - name: 'Cisco IOS 15.2E 15.2(4o)E3', - }, - }, - { - name: '15.2(4q)E1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-230590', - name: 'Cisco IOS 15.2E 15.2(4q)E1', - }, - }, - { - name: '15.2(6)E0a', - category: 'service_pack', - product: { - product_id: 'CVRFPID-230591', - name: 'Cisco IOS 15.2E 15.2(6)E0a', - }, - }, - { - name: '15.2(6)E0b', - category: 'service_pack', - product: { - product_id: 'CVRFPID-230623', - name: 'Cisco IOS 15.2E 15.2(6)E0b', - }, - }, - { - name: '15.2(2)E7b', - category: 'service_pack', - product: { - product_id: 'CVRFPID-230990', - name: 'Cisco IOS 15.2E 15.2(2)E7b', - }, - }, - { - name: '15.2(4)E5a', - category: 'service_pack', - product: { - product_id: 'CVRFPID-231074', - name: 'Cisco IOS 15.2E 15.2(4)E5a', - }, - }, - { - name: '15.2(6)E0c', - category: 'service_pack', - product: { - product_id: 'CVRFPID-231245', - name: 'Cisco IOS 15.2E 15.2(6)E0c', - }, - }, - ], - }, - { - name: '15.0EZ', - category: 'product_version', - branches: [ - { - name: '15.0(2)EZ', - category: 'service_pack', - product: { - product_id: 'CVRFPID-190637', - name: 'Cisco IOS 15.0EZ 15.0(2)EZ', - }, - }, - ], - }, - { - name: '15.2EY', - category: 'product_version', - branches: [ - { - name: '15.2(1)EY', - category: 'service_pack', - product: { - product_id: 'CVRFPID-191928', - name: 'Cisco IOS 15.2EY 15.2(1)EY', - }, - }, - ], - }, - { - name: '15.0EJ', - category: 'product_version', - branches: [ - { - name: '15.0(2)EJ', - category: 'service_pack', - product: { - product_id: 'CVRFPID-191948', - name: 'Cisco IOS 15.0EJ 15.0(2)EJ', - }, - }, - { - name: '15.0(2)EJ1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-197471', - name: 'Cisco IOS 15.0EJ 15.0(2)EJ1', - }, - }, - ], - }, - { - name: '15.2SY', - category: 'product_version', - branches: [ - { - name: '15.2(1)SY', - category: 'service_pack', - product: { - product_id: 'CVRFPID-192726', - name: 'Cisco IOS 15.2SY 15.2(1)SY', - }, - }, - { - name: '15.2(1)SY1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-204828', - name: 'Cisco IOS 15.2SY 15.2(1)SY1', - }, - }, - { - name: '15.2(1)SY0a', - category: 'service_pack', - product: { - product_id: 'CVRFPID-209063', - name: 'Cisco IOS 15.2SY 15.2(1)SY0a', - }, - }, - { - name: '15.2(1)SY2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-209064', - name: 'Cisco IOS 15.2SY 15.2(1)SY2', - }, - }, - { - name: '15.2(2)SY', - category: 'service_pack', - product: { - product_id: 'CVRFPID-209065', - name: 'Cisco IOS 15.2SY 15.2(2)SY', - }, - }, - { - name: '15.2(1)SY1a', - category: 'service_pack', - product: { - product_id: 'CVRFPID-209439', - name: 'Cisco IOS 15.2SY 15.2(1)SY1a', - }, - }, - { - name: '15.2(2)SY1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-211976', - name: 'Cisco IOS 15.2SY 15.2(2)SY1', - }, - }, - { - name: '15.2(2)SY2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-214053', - name: 'Cisco IOS 15.2SY 15.2(2)SY2', - }, - }, - { - name: '15.2(1)SY3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-216259', - name: 'Cisco IOS 15.2SY 15.2(1)SY3', - }, - }, - { - name: '15.2(1)SY4', - category: 'service_pack', - product: { - product_id: 'CVRFPID-222651', - name: 'Cisco IOS 15.2SY 15.2(1)SY4', - }, - }, - { - name: '15.2(2)SY3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-227285', - name: 'Cisco IOS 15.2SY 15.2(2)SY3', - }, - }, - { - name: '15.2(1)SY5', - category: 'service_pack', - product: { - product_id: 'CVRFPID-227308', - name: 'Cisco IOS 15.2SY 15.2(1)SY5', - }, - }, - ], - }, - { - name: '15.2EX', - category: 'product_version', - branches: [ - { - name: '15.2(5)EX', - category: 'service_pack', - product: { - product_id: 'CVRFPID-222530', - name: 'Cisco IOS 15.2EX 15.2(5)EX', - }, - }, - ], - }, - { - name: '15.1SVG', - category: 'product_version', - branches: [ - { - name: '15.1(3)SVG3d', - category: 'service_pack', - product: { - product_id: 'CVRFPID-232957', - name: 'Cisco IOS 15.1SVG 15.1(3)SVG3d', - }, - }, - ], - }, - { - name: '15.2EB', - category: 'product_version', - branches: [ - { - name: '15.2(2)EB', - category: 'service_pack', - product: { - product_id: 'CVRFPID-197462', - name: 'Cisco IOS 15.2EB 15.2(2)EB', - }, - }, - { - name: '15.2(2)EB1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-209839', - name: 'Cisco IOS 15.2EB 15.2(2)EB1', - }, - }, - { - name: '15.2(2)EB2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-214218', - name: 'Cisco IOS 15.2EB 15.2(2)EB2', - }, - }, - ], - }, - { - name: '15.3SY', - category: 'product_version', - branches: [ - { - name: '15.3(1)SY', - category: 'service_pack', - product: { - product_id: 'CVRFPID-209532', - name: 'Cisco IOS 15.3SY 15.3(1)SY', - }, - }, - { - name: '15.3(0)SY', - category: 'service_pack', - product: { - product_id: 'CVRFPID-212701', - name: 'Cisco IOS 15.3SY 15.3(0)SY', - }, - }, - { - name: '15.3(1)SY1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-216258', - name: 'Cisco IOS 15.3SY 15.3(1)SY1', - }, - }, - { - name: '15.3(1)SY2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-220444', - name: 'Cisco IOS 15.3SY 15.3(1)SY2', - }, - }, - { - name: '15.3(1)SY3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-230607', - name: 'Cisco IOS 15.3SY 15.3(1)SY3', - }, - }, - ], - }, - { - name: '15.6SP', - category: 'product_version', - branches: [ - { - name: '15.6(2)SP3b', - category: 'service_pack', - product: { - product_id: 'CVRFPID-231824', - name: 'Cisco IOS 15.6SP 15.6(2)SP3b', - }, - }, - ], - }, - { - name: '15.2EC', - category: 'product_version', - branches: [ - { - name: '15.2(4)EC1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-220461', - name: 'Cisco IOS 15.2EC 15.2(4)EC1', - }, - }, - { - name: '15.2(4)EC2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-223086', - name: 'Cisco IOS 15.2EC 15.2(4)EC2', - }, - }, - ], - }, - { - name: '15.4SY', - category: 'product_version', - branches: [ - { - name: '15.4(1)SY', - category: 'service_pack', - product: { - product_id: 'CVRFPID-217807', - name: 'Cisco IOS 15.4SY 15.4(1)SY', - }, - }, - { - name: '15.4(1)SY1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-220594', - name: 'Cisco IOS 15.4SY 15.4(1)SY1', - }, - }, - { - name: '15.4(1)SY2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-224611', - name: 'Cisco IOS 15.4SY 15.4(1)SY2', - }, - }, - { - name: '15.4(1)SY3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-228056', - name: 'Cisco IOS 15.4SY 15.4(1)SY3', - }, - }, - ], - }, - { - name: '15.5SY', - category: 'product_version', - branches: [ - { - name: '15.5(1)SY', - category: 'service_pack', - product: { - product_id: 'CVRFPID-225786', - name: 'Cisco IOS 15.5SY 15.5(1)SY', - }, - }, - ], - }, - ], - }, - { - name: 'Cisco IOS XE Software', - category: 'product_name', - branches: [ - { - name: '3.2SE', - category: 'product_version', - branches: [ - { - name: '3.2.0SE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-196216', - name: 'Cisco IOS XE Software 3.2SE 3.2.0SE', - }, - }, - { - name: '3.2.1SE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-196221', - name: 'Cisco IOS XE Software 3.2SE 3.2.1SE', - }, - }, - { - name: '3.2.2SE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-196222', - name: 'Cisco IOS XE Software 3.2SE 3.2.2SE', - }, - }, - { - name: '3.2.3SE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-196223', - name: 'Cisco IOS XE Software 3.2SE 3.2.3SE', - }, - }, - ], - }, - { - name: '3.3SE', - category: 'product_version', - branches: [ - { - name: '3.3.0SE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-196218', - name: 'Cisco IOS XE Software 3.3SE 3.3.0SE', - }, - }, - { - name: '3.3.1SE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-196925', - name: 'Cisco IOS XE Software 3.3SE 3.3.1SE', - }, - }, - { - name: '3.3.2SE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-206200', - name: 'Cisco IOS XE Software 3.3SE 3.3.2SE', - }, - }, - { - name: '3.3.3SE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-206201', - name: 'Cisco IOS XE Software 3.3SE 3.3.3SE', - }, - }, - { - name: '3.3.4SE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-206202', - name: 'Cisco IOS XE Software 3.3SE 3.3.4SE', - }, - }, - { - name: '3.3.5SE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-206203', - name: 'Cisco IOS XE Software 3.3SE 3.3.5SE', - }, - }, - ], - }, - { - name: '3.3XO', - category: 'product_version', - branches: [ - { - name: '3.3.0XO', - category: 'service_pack', - product: { - product_id: 'CVRFPID-196220', - name: 'Cisco IOS XE Software 3.3XO 3.3.0XO', - }, - }, - { - name: '3.3.1XO', - category: 'service_pack', - product: { - product_id: 'CVRFPID-206163', - name: 'Cisco IOS XE Software 3.3XO 3.3.1XO', - }, - }, - { - name: '3.3.2XO', - category: 'service_pack', - product: { - product_id: 'CVRFPID-206164', - name: 'Cisco IOS XE Software 3.3XO 3.3.2XO', - }, - }, - ], - }, - { - name: '3.4SG', - category: 'product_version', - branches: [ - { - name: '3.4.0SG', - category: 'service_pack', - product: { - product_id: 'CVRFPID-196230', - name: 'Cisco IOS XE Software 3.4SG 3.4.0SG', - }, - }, - { - name: '3.4.2SG', - category: 'service_pack', - product: { - product_id: 'CVRFPID-196231', - name: 'Cisco IOS XE Software 3.4SG 3.4.2SG', - }, - }, - { - name: '3.4.1SG', - category: 'service_pack', - product: { - product_id: 'CVRFPID-196288', - name: 'Cisco IOS XE Software 3.4SG 3.4.1SG', - }, - }, - { - name: '3.4.3SG', - category: 'service_pack', - product: { - product_id: 'CVRFPID-206165', - name: 'Cisco IOS XE Software 3.4SG 3.4.3SG', - }, - }, - { - name: '3.4.4SG', - category: 'service_pack', - product: { - product_id: 'CVRFPID-206166', - name: 'Cisco IOS XE Software 3.4SG 3.4.4SG', - }, - }, - { - name: '3.4.5SG', - category: 'service_pack', - product: { - product_id: 'CVRFPID-206167', - name: 'Cisco IOS XE Software 3.4SG 3.4.5SG', - }, - }, - { - name: '3.4.6SG', - category: 'service_pack', - product: { - product_id: 'CVRFPID-210070', - name: 'Cisco IOS XE Software 3.4SG 3.4.6SG', - }, - }, - { - name: '3.4.7SG', - category: 'service_pack', - product: { - product_id: 'CVRFPID-213785', - name: 'Cisco IOS XE Software 3.4SG 3.4.7SG', - }, - }, - { - name: '3.4.8SG', - category: 'service_pack', - product: { - product_id: 'CVRFPID-221185', - name: 'Cisco IOS XE Software 3.4SG 3.4.8SG', - }, - }, - ], - }, - { - name: '3.5E', - category: 'product_version', - branches: [ - { - name: '3.5.0E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-197145', - name: 'Cisco IOS XE Software 3.5E 3.5.0E', - }, - }, - { - name: '3.5.1E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-206168', - name: 'Cisco IOS XE Software 3.5E 3.5.1E', - }, - }, - { - name: '3.5.2E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-206169', - name: 'Cisco IOS XE Software 3.5E 3.5.2E', - }, - }, - { - name: '3.5.3E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-206170', - name: 'Cisco IOS XE Software 3.5E 3.5.3E', - }, - }, - ], - }, - { - name: '3.6E', - category: 'product_version', - branches: [ - { - name: '3.6.0E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-206172', - name: 'Cisco IOS XE Software 3.6E 3.6.0E', - }, - }, - { - name: '3.6.1E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-206173', - name: 'Cisco IOS XE Software 3.6E 3.6.1E', - }, - }, - { - name: '3.6.0aE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-210073', - name: 'Cisco IOS XE Software 3.6E 3.6.0aE', - }, - }, - { - name: '3.6.0bE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-210074', - name: 'Cisco IOS XE Software 3.6E 3.6.0bE', - }, - }, - { - name: '3.6.2aE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-210075', - name: 'Cisco IOS XE Software 3.6E 3.6.2aE', - }, - }, - { - name: '3.6.2E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-210264', - name: 'Cisco IOS XE Software 3.6E 3.6.2E', - }, - }, - { - name: '3.6.3E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-212674', - name: 'Cisco IOS XE Software 3.6E 3.6.3E', - }, - }, - { - name: '3.6.4E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-213790', - name: 'Cisco IOS XE Software 3.6E 3.6.4E', - }, - }, - { - name: '3.6.5E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-217279', - name: 'Cisco IOS XE Software 3.6E 3.6.5E', - }, - }, - { - name: '3.6.6E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-220357', - name: 'Cisco IOS XE Software 3.6E 3.6.6E', - }, - }, - { - name: '3.6.5aE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-221108', - name: 'Cisco IOS XE Software 3.6E 3.6.5aE', - }, - }, - { - name: '3.6.5bE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-222435', - name: 'Cisco IOS XE Software 3.6E 3.6.5bE', - }, - }, - { - name: '3.6.7E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-224840', - name: 'Cisco IOS XE Software 3.6E 3.6.7E', - }, - }, - { - name: '3.6.7aE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-230240', - name: 'Cisco IOS XE Software 3.6E 3.6.7aE', - }, - }, - { - name: '3.6.7bE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-230998', - name: 'Cisco IOS XE Software 3.6E 3.6.7bE', - }, - }, - ], - }, - { - name: '3.7E', - category: 'product_version', - branches: [ - { - name: '3.7.0E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-206211', - name: 'Cisco IOS XE Software 3.7E 3.7.0E', - }, - }, - { - name: '3.7.1E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-210076', - name: 'Cisco IOS XE Software 3.7E 3.7.1E', - }, - }, - { - name: '3.7.2E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-210077', - name: 'Cisco IOS XE Software 3.7E 3.7.2E', - }, - }, - { - name: '3.7.3E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-213797', - name: 'Cisco IOS XE Software 3.7E 3.7.3E', - }, - }, - { - name: '3.7.4E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-217280', - name: 'Cisco IOS XE Software 3.7E 3.7.4E', - }, - }, - { - name: '3.7.5E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-220290', - name: 'Cisco IOS XE Software 3.7E 3.7.5E', - }, - }, - ], - }, - { - name: '16.1', - category: 'product_version', - branches: [ - { - name: '16.1.1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-212436', - name: 'Cisco IOS XE Software 16.1 16.1.1', - }, - }, - { - name: '16.1.2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-213100', - name: 'Cisco IOS XE Software 16.1 16.1.2', - }, - }, - { - name: '16.1.3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-214993', - name: 'Cisco IOS XE Software 16.1 16.1.3', - }, - }, - ], - }, - { - name: '3.2JA', - category: 'product_version', - branches: [ - { - name: '3.2.0JA', - category: 'service_pack', - product: { - product_id: 'CVRFPID-213783', - name: 'Cisco IOS XE Software 3.2JA 3.2.0JA', - }, - }, - ], - }, - { - name: '16.2', - category: 'product_version', - branches: [ - { - name: '16.2.1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-213809', - name: 'Cisco IOS XE Software 16.2 16.2.1', - }, - }, - { - name: '16.2.2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-217253', - name: 'Cisco IOS XE Software 16.2 16.2.2', - }, - }, - ], - }, - { - name: '3.8E', - category: 'product_version', - branches: [ - { - name: '3.8.0E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-213811', - name: 'Cisco IOS XE Software 3.8E 3.8.0E', - }, - }, - { - name: '3.8.1E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-213812', - name: 'Cisco IOS XE Software 3.8E 3.8.1E', - }, - }, - { - name: '3.8.2E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-217283', - name: 'Cisco IOS XE Software 3.8E 3.8.2E', - }, - }, - { - name: '3.8.3E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-220489', - name: 'Cisco IOS XE Software 3.8E 3.8.3E', - }, - }, - { - name: '3.8.4E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-222695', - name: 'Cisco IOS XE Software 3.8E 3.8.4E', - }, - }, - { - name: '3.8.5E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-226331', - name: 'Cisco IOS XE Software 3.8E 3.8.5E', - }, - }, - { - name: '3.8.5aE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-231004', - name: 'Cisco IOS XE Software 3.8E 3.8.5aE', - }, - }, - ], - }, - { - name: '16.3', - category: 'product_version', - branches: [ - { - name: '16.3.1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-213960', - name: 'Cisco IOS XE Software 16.3 16.3.1', - }, - }, - { - name: '16.3.2', - category: 'service_pack', - product: { - product_id: 'CVRFPID-217255', - name: 'Cisco IOS XE Software 16.3 16.3.2', - }, - }, - { - name: '16.3.3', - category: 'service_pack', - product: { - product_id: 'CVRFPID-217256', - name: 'Cisco IOS XE Software 16.3 16.3.3', - }, - }, - { - name: '16.3.1a', - category: 'service_pack', - product: { - product_id: 'CVRFPID-220802', - name: 'Cisco IOS XE Software 16.3 16.3.1a', - }, - }, - { - name: '16.3.4', - category: 'service_pack', - product: { - product_id: 'CVRFPID-222711', - name: 'Cisco IOS XE Software 16.3 16.3.4', - }, - }, - { - name: '16.3.5', - category: 'service_pack', - product: { - product_id: 'CVRFPID-229124', - name: 'Cisco IOS XE Software 16.3 16.3.5', - }, - }, - { - name: '16.3.5b', - category: 'service_pack', - product: { - product_id: 'CVRFPID-231187', - name: 'Cisco IOS XE Software 16.3 16.3.5b', - }, - }, - ], - }, - { - name: '16.4', - category: 'product_version', - branches: [ - { - name: '16.4.1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-214051', - name: 'Cisco IOS XE Software 16.4 16.4.1', - }, - }, - ], - }, - { - name: '16.5', - category: 'product_version', - branches: [ - { - name: '16.5.1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-217259', - name: 'Cisco IOS XE Software 16.5 16.5.1', - }, - }, - { - name: '16.5.1a', - category: 'service_pack', - product: { - product_id: 'CVRFPID-225784', - name: 'Cisco IOS XE Software 16.5 16.5.1a', - }, - }, - ], - }, - { - name: '3.9E', - category: 'product_version', - branches: [ - { - name: '3.9.0E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-217282', - name: 'Cisco IOS XE Software 3.9E 3.9.0E', - }, - }, - { - name: '3.9.1E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-222483', - name: 'Cisco IOS XE Software 3.9E 3.9.1E', - }, - }, - { - name: '3.9.2E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-226158', - name: 'Cisco IOS XE Software 3.9E 3.9.2E', - }, - }, - { - name: '3.9.2bE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-227755', - name: 'Cisco IOS XE Software 3.9E 3.9.2bE', - }, - }, - ], - }, - { - name: '16.6', - category: 'product_version', - branches: [ - { - name: '16.6.1', - category: 'service_pack', - product: { - product_id: 'CVRFPID-218901', - name: 'Cisco IOS XE Software 16.6 16.6.1', - }, - }, - { - name: '16.6.4', - category: 'service_pack', - product: { - product_id: 'CVRFPID-233155', - name: 'Cisco IOS XE Software 16.6 16.6.4', - }, - }, - ], - }, - { - name: '16.8', - category: 'product_version', - branches: [ - { - name: '16.8.1s', - category: 'service_pack', - product: { - product_id: 'CVRFPID-236834', - name: 'Cisco IOS XE Software 16.8 16.8.1s', - }, - }, - ], - }, - { - name: '3.10E', - category: 'product_version', - branches: [ - { - name: '3.10.0E', - category: 'service_pack', - product: { - product_id: 'CVRFPID-227555', - name: 'Cisco IOS XE Software 3.10E 3.10.0E', - }, - }, - { - name: '3.10.0cE', - category: 'service_pack', - product: { - product_id: 'CVRFPID-231246', - name: 'Cisco IOS XE Software 3.10E 3.10.0cE', - }, - }, - ], - }, - ], - }, - ], - }, - ], - }, - vulnerabilities: [ - { - title: - 'Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability', - ids: [ - { - system_name: 'Cisco Bug ID', - text: 'CSCvg76186', - }, - ], - notes: [ - { - title: 'Summary', - category: 'summary', - text: 'A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device.\n\n\n\nThe vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts:\n\n\n Triggering a reload of the device\n Allowing the attacker to execute arbitrary code on the device\n Causing an indefinite loop on the affected device that triggers a watchdog crash', - }, - { - title: 'Cisco Bug IDs', - category: 'other', - text: 'CSCvg76186', - }, - ], - cve: 'CVE-2018-0171', - product_status: { - known_affected: [ - 'CVRFPID-103559', - 'CVRFPID-103763', - 'CVRFPID-104376', - 'CVRFPID-105394', - 'CVRFPID-105660', - 'CVRFPID-105689', - 'CVRFPID-105987', - 'CVRFPID-106029', - 'CVRFPID-106674', - 'CVRFPID-107283', - 'CVRFPID-107852', - 'CVRFPID-108306', - 'CVRFPID-109098', - 'CVRFPID-109439', - 'CVRFPID-109760', - 'CVRFPID-109808', - 'CVRFPID-111010', - 'CVRFPID-111019', - 'CVRFPID-111674', - 'CVRFPID-112489', - 'CVRFPID-113961', - 'CVRFPID-114665', - 'CVRFPID-115285', - 'CVRFPID-115477', - 'CVRFPID-115832', - 'CVRFPID-115939', - 'CVRFPID-116083', - 'CVRFPID-183811', - 'CVRFPID-184125', - 'CVRFPID-184932', - 'CVRFPID-187057', - 'CVRFPID-187269', - 'CVRFPID-188035', - 'CVRFPID-188061', - 'CVRFPID-189064', - 'CVRFPID-189115', - 'CVRFPID-189187', - 'CVRFPID-189219', - 'CVRFPID-189455', - 'CVRFPID-190635', - 'CVRFPID-190637', - 'CVRFPID-191635', - 'CVRFPID-191928', - 'CVRFPID-191948', - 'CVRFPID-192702', - 'CVRFPID-192706', - 'CVRFPID-192726', - 'CVRFPID-192910', - 'CVRFPID-192911', - 'CVRFPID-193283', - 'CVRFPID-194540', - 'CVRFPID-194741', - 'CVRFPID-194913', - 'CVRFPID-194944', - 'CVRFPID-195469', - 'CVRFPID-195489', - 'CVRFPID-195770', - 'CVRFPID-195943', - 'CVRFPID-197462', - 'CVRFPID-197465', - 'CVRFPID-197471', - 'CVRFPID-197483', - 'CVRFPID-198059', - 'CVRFPID-198060', - 'CVRFPID-198426', - 'CVRFPID-198542', - 'CVRFPID-200488', - 'CVRFPID-200496', - 'CVRFPID-201019', - 'CVRFPID-201074', - 'CVRFPID-201366', - 'CVRFPID-204097', - 'CVRFPID-204102', - 'CVRFPID-204108', - 'CVRFPID-204109', - 'CVRFPID-204110', - 'CVRFPID-204186', - 'CVRFPID-204187', - 'CVRFPID-204228', - 'CVRFPID-204818', - 'CVRFPID-204828', - 'CVRFPID-204831', - 'CVRFPID-204832', - 'CVRFPID-205064', - 'CVRFPID-205672', - 'CVRFPID-209028', - 'CVRFPID-209029', - 'CVRFPID-209034', - 'CVRFPID-209043', - 'CVRFPID-209044', - 'CVRFPID-209045', - 'CVRFPID-209046', - 'CVRFPID-209047', - 'CVRFPID-209063', - 'CVRFPID-209064', - 'CVRFPID-209065', - 'CVRFPID-209358', - 'CVRFPID-209359', - 'CVRFPID-209439', - 'CVRFPID-209532', - 'CVRFPID-209839', - 'CVRFPID-209887', - 'CVRFPID-210406', - 'CVRFPID-210732', - 'CVRFPID-210766', - 'CVRFPID-211296', - 'CVRFPID-211570', - 'CVRFPID-211976', - 'CVRFPID-212329', - 'CVRFPID-212701', - 'CVRFPID-213610', - 'CVRFPID-213788', - 'CVRFPID-214052', - 'CVRFPID-214053', - 'CVRFPID-214072', - 'CVRFPID-214078', - 'CVRFPID-214218', - 'CVRFPID-214556', - 'CVRFPID-214797', - 'CVRFPID-214992', - 'CVRFPID-216258', - 'CVRFPID-216259', - 'CVRFPID-216295', - 'CVRFPID-217805', - 'CVRFPID-217807', - 'CVRFPID-218891', - 'CVRFPID-218995', - 'CVRFPID-220440', - 'CVRFPID-220441', - 'CVRFPID-220444', - 'CVRFPID-220457', - 'CVRFPID-220461', - 'CVRFPID-220466', - 'CVRFPID-220594', - 'CVRFPID-220664', - 'CVRFPID-220689', - 'CVRFPID-221033', - 'CVRFPID-221137', - 'CVRFPID-222275', - 'CVRFPID-222342', - 'CVRFPID-222436', - 'CVRFPID-222500', - 'CVRFPID-222530', - 'CVRFPID-222650', - 'CVRFPID-222651', - 'CVRFPID-222924', - 'CVRFPID-223086', - 'CVRFPID-223143', - 'CVRFPID-224553', - 'CVRFPID-224611', - 'CVRFPID-224868', - 'CVRFPID-225160', - 'CVRFPID-225740', - 'CVRFPID-225786', - 'CVRFPID-226077', - 'CVRFPID-227285', - 'CVRFPID-227307', - 'CVRFPID-227308', - 'CVRFPID-227598', - 'CVRFPID-227754', - 'CVRFPID-227959', - 'CVRFPID-228056', - 'CVRFPID-228057', - 'CVRFPID-228151', - 'CVRFPID-230588', - 'CVRFPID-230589', - 'CVRFPID-230590', - 'CVRFPID-230591', - 'CVRFPID-230607', - 'CVRFPID-230623', - 'CVRFPID-230962', - 'CVRFPID-230965', - 'CVRFPID-230990', - 'CVRFPID-231074', - 'CVRFPID-231245', - 'CVRFPID-231824', - 'CVRFPID-232957', - 'CVRFPID-233143', - 'CVRFPID-233796', - 'CVRFPID-234926', - 'CVRFPID-196216', - 'CVRFPID-196218', - 'CVRFPID-196220', - 'CVRFPID-196221', - 'CVRFPID-196222', - 'CVRFPID-196223', - 'CVRFPID-196230', - 'CVRFPID-196231', - 'CVRFPID-196288', - 'CVRFPID-196925', - 'CVRFPID-197145', - 'CVRFPID-206163', - 'CVRFPID-206164', - 'CVRFPID-206165', - 'CVRFPID-206166', - 'CVRFPID-206167', - 'CVRFPID-206168', - 'CVRFPID-206169', - 'CVRFPID-206170', - 'CVRFPID-206172', - 'CVRFPID-206173', - 'CVRFPID-206200', - 'CVRFPID-206201', - 'CVRFPID-206202', - 'CVRFPID-206203', - 'CVRFPID-206211', - 'CVRFPID-210070', - 'CVRFPID-210073', - 'CVRFPID-210074', - 'CVRFPID-210075', - 'CVRFPID-210076', - 'CVRFPID-210077', - 'CVRFPID-210264', - 'CVRFPID-212436', - 'CVRFPID-212674', - 'CVRFPID-213100', - 'CVRFPID-213783', - 'CVRFPID-213785', - 'CVRFPID-213790', - 'CVRFPID-213797', - 'CVRFPID-213809', - 'CVRFPID-213811', - 'CVRFPID-213812', - 'CVRFPID-213960', - 'CVRFPID-214051', - 'CVRFPID-214993', - 'CVRFPID-217253', - 'CVRFPID-217255', - 'CVRFPID-217256', - 'CVRFPID-217259', - 'CVRFPID-217279', - 'CVRFPID-217280', - 'CVRFPID-217282', - 'CVRFPID-217283', - 'CVRFPID-218901', - 'CVRFPID-220290', - 'CVRFPID-220357', - 'CVRFPID-220489', - 'CVRFPID-220802', - 'CVRFPID-221108', - 'CVRFPID-221185', - 'CVRFPID-222435', - 'CVRFPID-222483', - 'CVRFPID-222695', - 'CVRFPID-222711', - 'CVRFPID-224840', - 'CVRFPID-225784', - 'CVRFPID-226158', - 'CVRFPID-226331', - 'CVRFPID-227555', - 'CVRFPID-227755', - 'CVRFPID-229124', - 'CVRFPID-230240', - 'CVRFPID-230998', - 'CVRFPID-231004', - 'CVRFPID-231187', - 'CVRFPID-231246', - 'CVRFPID-233155', - 'CVRFPID-236834', - ], - }, - scores: [ - { - products: [ - 'CVRFPID-103559', - 'CVRFPID-103763', - 'CVRFPID-104376', - 'CVRFPID-105394', - 'CVRFPID-105660', - 'CVRFPID-105689', - 'CVRFPID-105987', - 'CVRFPID-106029', - 'CVRFPID-106674', - 'CVRFPID-107283', - 'CVRFPID-107852', - 'CVRFPID-108306', - 'CVRFPID-109098', - 'CVRFPID-109439', - 'CVRFPID-109760', - 'CVRFPID-109808', - 'CVRFPID-111010', - 'CVRFPID-111019', - 'CVRFPID-111674', - 'CVRFPID-112489', - 'CVRFPID-113961', - 'CVRFPID-114665', - 'CVRFPID-115285', - 'CVRFPID-115477', - 'CVRFPID-115832', - 'CVRFPID-115939', - 'CVRFPID-116083', - 'CVRFPID-183811', - 'CVRFPID-184125', - 'CVRFPID-184932', - 'CVRFPID-187057', - 'CVRFPID-187269', - 'CVRFPID-188035', - 'CVRFPID-188061', - 'CVRFPID-189064', - 'CVRFPID-189115', - 'CVRFPID-189187', - 'CVRFPID-189219', - 'CVRFPID-189455', - 'CVRFPID-190635', - 'CVRFPID-190637', - 'CVRFPID-191635', - 'CVRFPID-191928', - 'CVRFPID-191948', - 'CVRFPID-192702', - 'CVRFPID-192706', - 'CVRFPID-192726', - 'CVRFPID-192910', - 'CVRFPID-192911', - 'CVRFPID-193283', - 'CVRFPID-194540', - 'CVRFPID-194741', - 'CVRFPID-194913', - 'CVRFPID-194944', - 'CVRFPID-195469', - 'CVRFPID-195489', - 'CVRFPID-195770', - 'CVRFPID-195943', - 'CVRFPID-197462', - 'CVRFPID-197465', - 'CVRFPID-197471', - 'CVRFPID-197483', - 'CVRFPID-198059', - 'CVRFPID-198060', - 'CVRFPID-198426', - 'CVRFPID-198542', - 'CVRFPID-200488', - 'CVRFPID-200496', - 'CVRFPID-201019', - 'CVRFPID-201074', - 'CVRFPID-201366', - 'CVRFPID-204097', - 'CVRFPID-204102', - 'CVRFPID-204108', - 'CVRFPID-204109', - 'CVRFPID-204110', - 'CVRFPID-204186', - 'CVRFPID-204187', - 'CVRFPID-204228', - 'CVRFPID-204818', - 'CVRFPID-204828', - 'CVRFPID-204831', - 'CVRFPID-204832', - 'CVRFPID-205064', - 'CVRFPID-205672', - 'CVRFPID-209028', - 'CVRFPID-209029', - 'CVRFPID-209034', - 'CVRFPID-209043', - 'CVRFPID-209044', - 'CVRFPID-209045', - 'CVRFPID-209046', - 'CVRFPID-209047', - 'CVRFPID-209063', - 'CVRFPID-209064', - 'CVRFPID-209065', - 'CVRFPID-209358', - 'CVRFPID-209359', - 'CVRFPID-209439', - 'CVRFPID-209532', - 'CVRFPID-209839', - 'CVRFPID-209887', - 'CVRFPID-210406', - 'CVRFPID-210732', - 'CVRFPID-210766', - 'CVRFPID-211296', - 'CVRFPID-211570', - 'CVRFPID-211976', - 'CVRFPID-212329', - 'CVRFPID-212701', - 'CVRFPID-213610', - 'CVRFPID-213788', - 'CVRFPID-214052', - 'CVRFPID-214053', - 'CVRFPID-214072', - 'CVRFPID-214078', - 'CVRFPID-214218', - 'CVRFPID-214556', - 'CVRFPID-214797', - 'CVRFPID-214992', - 'CVRFPID-216258', - 'CVRFPID-216259', - 'CVRFPID-216295', - 'CVRFPID-217805', - 'CVRFPID-217807', - 'CVRFPID-218891', - 'CVRFPID-218995', - 'CVRFPID-220440', - 'CVRFPID-220441', - 'CVRFPID-220444', - 'CVRFPID-220457', - 'CVRFPID-220461', - 'CVRFPID-220466', - 'CVRFPID-220594', - 'CVRFPID-220664', - 'CVRFPID-220689', - 'CVRFPID-221033', - 'CVRFPID-221137', - 'CVRFPID-222275', - 'CVRFPID-222342', - 'CVRFPID-222436', - 'CVRFPID-222500', - 'CVRFPID-222530', - 'CVRFPID-222650', - 'CVRFPID-222651', - 'CVRFPID-222924', - 'CVRFPID-223086', - 'CVRFPID-223143', - 'CVRFPID-224553', - 'CVRFPID-224611', - 'CVRFPID-224868', - 'CVRFPID-225160', - 'CVRFPID-225740', - 'CVRFPID-225786', - 'CVRFPID-226077', - 'CVRFPID-227285', - 'CVRFPID-227307', - 'CVRFPID-227308', - 'CVRFPID-227598', - 'CVRFPID-227754', - 'CVRFPID-227959', - 'CVRFPID-228056', - 'CVRFPID-228057', - 'CVRFPID-228151', - 'CVRFPID-230588', - 'CVRFPID-230589', - 'CVRFPID-230590', - 'CVRFPID-230591', - 'CVRFPID-230607', - 'CVRFPID-230623', - 'CVRFPID-230962', - 'CVRFPID-230965', - 'CVRFPID-230990', - 'CVRFPID-231074', - 'CVRFPID-231245', - 'CVRFPID-231824', - 'CVRFPID-232957', - 'CVRFPID-233143', - 'CVRFPID-233796', - 'CVRFPID-234926', - 'CVRFPID-196216', - 'CVRFPID-196218', - 'CVRFPID-196220', - 'CVRFPID-196221', - 'CVRFPID-196222', - 'CVRFPID-196223', - 'CVRFPID-196230', - 'CVRFPID-196231', - 'CVRFPID-196288', - 'CVRFPID-196925', - 'CVRFPID-197145', - 'CVRFPID-206163', - 'CVRFPID-206164', - 'CVRFPID-206165', - 'CVRFPID-206166', - 'CVRFPID-206167', - 'CVRFPID-206168', - 'CVRFPID-206169', - 'CVRFPID-206170', - 'CVRFPID-206172', - 'CVRFPID-206173', - 'CVRFPID-206200', - 'CVRFPID-206201', - 'CVRFPID-206202', - 'CVRFPID-206203', - 'CVRFPID-206211', - 'CVRFPID-210070', - 'CVRFPID-210073', - 'CVRFPID-210074', - 'CVRFPID-210075', - 'CVRFPID-210076', - 'CVRFPID-210077', - 'CVRFPID-210264', - 'CVRFPID-212436', - 'CVRFPID-212674', - 'CVRFPID-213100', - 'CVRFPID-213783', - 'CVRFPID-213785', - 'CVRFPID-213790', - 'CVRFPID-213797', - 'CVRFPID-213809', - 'CVRFPID-213811', - 'CVRFPID-213812', - 'CVRFPID-213960', - 'CVRFPID-214051', - 'CVRFPID-214993', - 'CVRFPID-217253', - 'CVRFPID-217255', - 'CVRFPID-217256', - 'CVRFPID-217259', - 'CVRFPID-217279', - 'CVRFPID-217280', - 'CVRFPID-217282', - 'CVRFPID-217283', - 'CVRFPID-218901', - 'CVRFPID-220290', - 'CVRFPID-220357', - 'CVRFPID-220489', - 'CVRFPID-220802', - 'CVRFPID-221108', - 'CVRFPID-221185', - 'CVRFPID-222435', - 'CVRFPID-222483', - 'CVRFPID-222695', - 'CVRFPID-222711', - 'CVRFPID-224840', - 'CVRFPID-225784', - 'CVRFPID-226158', - 'CVRFPID-226331', - 'CVRFPID-227555', - 'CVRFPID-227755', - 'CVRFPID-229124', - 'CVRFPID-230240', - 'CVRFPID-230998', - 'CVRFPID-231004', - 'CVRFPID-231187', - 'CVRFPID-231246', - 'CVRFPID-233155', - 'CVRFPID-236834', - ], - cvss_v3: { - version: '3.0', - baseScore: 9.8, - baseSeverity: 'CRITICAL', - vectorString: 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H', - }, - }, - ], - remediations: [ - { - details: - 'There are no workarounds that address this vulnerability for customers who require the use of Cisco Smart Install. For customers not requiring Cisco Smart Install, the feature can be disabled with the no vstack command. In software releases that are associated with Cisco Bug ID CSCvd36820 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd36820"], Cisco Smart Install will auto-disable if not in use.\n\nAdministrators are encouraged to consult the informational security advisory on Cisco Smart Install Protocol Misuse ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170214-smi"] and the Smart Install Configuration Guide ["http://www.cisco.com/c/en/us/td/docs/switches/lan/smart_install/configuration/guide/smart_install/concepts.html#23355"].', - category: 'workaround', - product_ids: ['CVRFPID-103763'], - }, - ], - references: [ - { - url: 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2', - summary: - 'Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability', - }, - ], - }, - ], -} diff --git a/csaf-validator-lib/tests/shared/valid-2.js b/csaf-validator-lib/tests/shared/valid-2.js deleted file mode 100644 index e2ffc44..0000000 --- a/csaf-validator-lib/tests/shared/valid-2.js +++ /dev/null @@ -1,9880 +0,0 @@ -export default { - document: { - lang: 'en', - title: - 'Red Hat Bug Fix Advisory: Red Hat OpenShift Container Platform 3.9 RPM Release Advisory', - category: 'csaf_security_advisory', - csaf_version: '2.0', - publisher: { - category: 'vendor', - contact_details: 'secalert@redhat.com', - name: 'Red Hat Product Security', - namespace: 'https://www.redhat.com', - }, - tracking: { - id: 'RHBA-2018:0489', - status: 'final', - version: '1', - revision_history: [ - { - number: '1', - date: '2018-03-28T13:49:00Z', - summary: 'Current version', - }, - ], - initial_release_date: '2018-03-28T13:49:00Z', - current_release_date: '2018-03-28T13:49:00Z', - generator: { - date: '2018-04-11T19:24:01Z', - engine: { - name: 'Red Hat rhsa-to-cvrf', - version: '2.1', - }, - }, - }, - notes: [ - { - title: 'Topic', - category: 'summary', - text: 'Red Hat OpenShift Container Platform 3.9, which fixes several bugs and includes various enhancements, is now available.', - }, - { - title: 'Details', - category: 'general', - text: "Red Hat OpenShift Container Platform is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThe OpenShift Container Platform 3.9 Release Notes provide information about new features, bug fixes, and known issues:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis advisory contains the RPM packages for this release. See the following\nadvisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:0490", - }, - { - title: 'Terms of Use', - category: 'legal_disclaimer', - text: 'Please see https://www.redhat.com/footer/terms-of-use.html', - }, - ], - distribution: { - text: 'Copyright © 2018 Red Hat, Inc. All rights reserved.', - }, - references: [ - { - url: 'https://access.redhat.com/errata/RHBA-2018:0489', - summary: 'https://access.redhat.com/errata/RHBA-2018:0489', - }, - { - url: 'https://access.redhat.com/security/cve/CVE-2017-15137', - summary: 'https://access.redhat.com/security/cve/CVE-2017-15137', - }, - { - url: 'https://access.redhat.com/security/cve/CVE-2017-15138', - summary: 'https://access.redhat.com/security/cve/CVE-2017-15138', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1333030', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1333030', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1378883', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1378883', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1383707', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1383707', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1396404', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1396404', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1419801', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1419801', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1430322', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1430322', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1440892', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1440892', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1463617', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1463617', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1463844', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1463844', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1464657', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1464657', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1466216', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1466216', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1467557', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1467557', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1469411', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1469411', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1480835', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1480835', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1483579', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1483579', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1488380', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1488380', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1489603', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1489603', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1491100', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1491100', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1491717', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1491717', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1493955', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1493955', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1496256', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1496256', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1496261', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1496261', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1496758', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1496758', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1497038', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1497038', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1497408', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1497408', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1500207', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1500207', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1500225', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1500225', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1500897', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1500897', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1501254', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1501254', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1502838', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1502838', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1502850', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1502850', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1502945', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1502945', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1503260', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1503260', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1503601', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1503601', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1504075', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1504075', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1504464', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1504464', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1505558', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1505558', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1505681', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1505681', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1505796', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1505796', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1506177', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1506177', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1506651', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1506651', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1506750', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1506750', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1506866', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1506866', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1507424', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1507424', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1507469', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1507469', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1507816', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1507816', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508310', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508310', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508346', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508346', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508352', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508352', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508391', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508391', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508496', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508496', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508561', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508561', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508563', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508563', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508761', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508761', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508781', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1508781', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1509028', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1509028', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1509082', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1509082', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1509129', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1509129', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1509661', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1509661', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1509799', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1509799', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1509853', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1509853', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1510174', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1510174', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1510178', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1510178', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1510294', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1510294', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1510486', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1510486', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1510573', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1510573', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1510786', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1510786', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1510804', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1510804', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1511097', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1511097', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1511400', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1511400', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1511576', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1511576', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1511852', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1511852', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1512473', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1512473', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1512825', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1512825', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1513706', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1513706', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1513859', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1513859', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1515058', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1515058', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1515060', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1515060', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1515527', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1515527', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1515972', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1515972', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1516569', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1516569', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1517605', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1517605', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1517875', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1517875', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1518386', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1518386', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1518502', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1518502', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1518684', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1518684', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1518912', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1518912', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1519060', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1519060', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1519193', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1519193', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1519619', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1519619', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1519991', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1519991', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1521151', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1521151', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1523142', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1523142', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1523354', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1523354', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1523534', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1523534', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1523638', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1523638', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1523681', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1523681', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1524379', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1524379', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1524707', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1524707', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1524805', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1524805', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1524883', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1524883', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1525426', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1525426', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1525817', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1525817', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1525819', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1525819', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1526887', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1526887', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1526949', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1526949', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1527210', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1527210', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1527346', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1527346', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1527602', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1527602', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1527685', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1527685', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1527689', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1527689', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1528135', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1528135', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1528548', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1528548', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1528570', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1528570', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1528613', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1528613', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1529070', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1529070', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1529083', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1529083', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1529467', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1529467', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1529473', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1529473', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1529478', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1529478', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1530162', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1530162', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1530203', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1530203', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1530366', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1530366', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1530403', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1530403', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1530924', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1530924', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1531157', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1531157', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1531511', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1531511', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1531513', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1531513', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1531558', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1531558', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532060', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532060', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532149', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532149', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532512', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532512', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532936', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532936', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532942', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532942', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532955', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532955', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532960', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532960', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532966', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532966', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532967', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532967', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532972', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532972', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532975', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532975', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532981', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532981', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532986', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1532986', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533099', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533099', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533153', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533153', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533208', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533208', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533318', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533318', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533348', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533348', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533363', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533363', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533658', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533658', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533753', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533753', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533818', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1533818', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534316', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534316', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534320', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534320', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534467', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534467', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534514', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534514', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534715', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534715', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534720', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534720', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534858', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534858', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534879', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534879', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534883', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534883', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534895', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534895', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534922', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534922', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534933', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534933', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534955', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534955', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534957', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1534957', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535182', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535182', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535270', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535270', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535277', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535277', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535314', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535314', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535323', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535323', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535402', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535402', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535639', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535639', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535902', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535902', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535917', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535917', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535929', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535929', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535931', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535931', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535940', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535940', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535976', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1535976', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1536088', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1536088', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1536217', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1536217', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1536253', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1536253', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1536289', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1536289', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1536362', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1536362', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1536629', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1536629', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1536659', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1536659', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1536839', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1536839', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537105', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537105', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537237', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537237', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537367', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537367', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537426', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537426', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537726', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537726', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537857', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537857', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537873', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537873', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537946', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537946', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537955', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1537955', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538044', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538044', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538048', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538048', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538216', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538216', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538321', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538321', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538389', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538389', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538445', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538445', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538452', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538452', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538581', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538581', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538722', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538722', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538732', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538732', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538806', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538806', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538922', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538922', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538943', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538943', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538960', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538960', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538969', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538969', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538974', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538974', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538986', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538986', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538988', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538988', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538995', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1538995', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539102', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539102', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539187', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539187', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539308', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539308', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539382', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539382', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539542', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539542', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539566', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539566', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539840', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539840', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539859', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539859', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539892', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539892', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539987', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1539987', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540039', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540039', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540080', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540080', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540462', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540462', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540487', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540487', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540490', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540490', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540521', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540521', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540526', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540526', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540729', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540729', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540785', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540785', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540812', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540812', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540822', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540822', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540840', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540840', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540842', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540842', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540846', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540846', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540848', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540848', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540866', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540866', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540912', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540912', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540916', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540916', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540976', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1540976', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1541247', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1541247', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1541263', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1541263', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1541265', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1541265', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1541339', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1541339', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1541461', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1541461', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1541589', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1541589', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1541946', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1541946', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542099', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542099', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542238', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542238', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542324', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542324', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542397', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542397', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542406', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542406', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542612', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542612', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542669', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542669', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542781', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542781', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542855', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542855', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542861', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542861', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542868', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1542868', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543122', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543122', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543229', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543229', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543256', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543256', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543324', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543324', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543446', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543446', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543478', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543478', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543511', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543511', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543521', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543521', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543532', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543532', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543625', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543625', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543714', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543714', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543771', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543771', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543830', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543830', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543869', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1543869', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544027', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544027', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544083', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544083', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544207', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544207', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544360', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544360', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544387', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544387', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544645', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544645', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544657', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544657', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544815', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544815', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544903', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1544903', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1545011', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1545011', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1545280', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1545280', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1545828', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1545828', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1546188', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1546188', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1546293', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1546293', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1546311', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1546311', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1546365', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1546365', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1546374', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1546374', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1546854', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1546854', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1547229', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1547229', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1547284', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1547284', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1547727', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1547727', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1547898', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1547898', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1547923', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1547923', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1547944', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1547944', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1548104', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1548104', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1548485', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1548485', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1548633', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1548633', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1548641', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1548641', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1548720', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1548720', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1549491', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1549491', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1549971', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1549971', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1550140', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1550140', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1550148', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1550148', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1551775', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1551775', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1552165', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1552165', - }, - { - url: 'https://bugzilla.redhat.com/show_bug.cgi?id=1552430', - summary: 'https://bugzilla.redhat.com/show_bug.cgi?id=1552430', - }, - ], - aggregate_severity: { - namespace: 'https://access.redhat.com/security/updates/classification/', - text: 'Moderate', - }, - }, - product_tree: { - branches: [ - { - name: 'Red Hat OpenShift Enterprise', - category: 'product_family', - branches: [ - { - name: 'Red Hat OpenShift Container Platform 3.9', - category: 'product_name', - product: { - product_id: '7Server-RH7-RHOSE-3.9', - name: 'Red Hat OpenShift Container Platform 3.9', - }, - }, - ], - }, - { - name: 'ansible-asb-modules-0:0.1.1-1.el7', - category: 'product_version', - product: { - product_id: 'ansible-asb-modules-0:0.1.1-1.el7', - name: 'ansible-asb-modules-0.1.1-1.el7.src.rpm', - }, - }, - { - name: 'ansible-kubernetes-modules-0:0.4.0-8.el7', - category: 'product_version', - product: { - product_id: 'ansible-kubernetes-modules-0:0.4.0-8.el7', - name: 'ansible-kubernetes-modules-0.4.0-8.el7.src.rpm', - }, - }, - { - name: 'ansible-service-broker-0:1.1.16-1.el7', - category: 'product_version', - product: { - product_id: 'ansible-service-broker-0:1.1.16-1.el7', - name: 'ansible-service-broker-1.1.16-1.el7.src.rpm', - }, - }, - { - name: 'apb-0:1.1.15-1.el7', - category: 'product_version', - product: { - product_id: 'apb-0:1.1.15-1.el7', - name: 'apb-1.1.15-1.el7.src.rpm', - }, - }, - { - name: 'apb-base-scripts-0:1.1.5-1.el7', - category: 'product_version', - product: { - product_id: 'apb-base-scripts-0:1.1.5-1.el7', - name: 'apb-base-scripts-1.1.5-1.el7.src.rpm', - }, - }, - { - name: 'atomic-openshift-0:3.9.14-1.git.0.4efa2ca.el7', - category: 'product_version', - product: { - product_id: 'atomic-openshift-0:3.9.14-1.git.0.4efa2ca.el7', - name: 'atomic-openshift-3.9.14-1.git.0.4efa2ca.el7.src.rpm', - }, - }, - { - name: 'atomic-openshift-web-console-0:3.9.14-1.git.229.04c20c2.el7', - category: 'product_version', - product: { - product_id: - 'atomic-openshift-web-console-0:3.9.14-1.git.229.04c20c2.el7', - name: 'atomic-openshift-web-console-3.9.14-1.git.229.04c20c2.el7.src.rpm', - }, - }, - { - name: 'cockpit-0:160-3.el7', - category: 'product_version', - product: { - product_id: 'cockpit-0:160-3.el7', - name: 'cockpit-160-3.el7.src.rpm', - }, - }, - { - name: 'containernetworking-plugins-0:0.5.2-5.el7', - category: 'product_version', - product: { - product_id: 'containernetworking-plugins-0:0.5.2-5.el7', - name: 'containernetworking-plugins-0.5.2-5.el7.src.rpm', - }, - }, - { - name: 'cri-o-0:1.9.10-1.git8723732.el7', - category: 'product_version', - product: { - product_id: 'cri-o-0:1.9.10-1.git8723732.el7', - name: 'cri-o-1.9.10-1.git8723732.el7.src.rpm', - }, - }, - { - name: 'cri-tools-0:1.0.0-2.alpha.0.git653cc8c.el7', - category: 'product_version', - product: { - product_id: 'cri-tools-0:1.0.0-2.alpha.0.git653cc8c.el7', - name: 'cri-tools-1.0.0-2.alpha.0.git653cc8c.el7.src.rpm', - }, - }, - { - name: 'dumb-init-0:1.1.3-12.el7', - category: 'product_version', - product: { - product_id: 'dumb-init-0:1.1.3-12.el7', - name: 'dumb-init-1.1.3-12.el7.src.rpm', - }, - }, - { - name: 'elastic-curator-0:3.5.0-2.el7', - category: 'product_version', - product: { - product_id: 'elastic-curator-0:3.5.0-2.el7', - name: 'elastic-curator-3.5.0-2.el7.src.rpm', - }, - }, - { - name: 'elasticsearch-0:2.4.4-1.el7', - category: 'product_version', - product: { - product_id: 'elasticsearch-0:2.4.4-1.el7', - name: 'elasticsearch-2.4.4-1.el7.src.rpm', - }, - }, - { - name: 'elasticsearch-cloud-kubernetes-0:2.4.4.01_redhat_1-1.el7', - category: 'product_version', - product: { - product_id: - 'elasticsearch-cloud-kubernetes-0:2.4.4.01_redhat_1-1.el7', - name: 'elasticsearch-cloud-kubernetes-2.4.4.01_redhat_1-1.el7.src.rpm', - }, - }, - { - name: 'fluentd-0:0.12.42-1.el7', - category: 'product_version', - product: { - product_id: 'fluentd-0:0.12.42-1.el7', - name: 'fluentd-0.12.42-1.el7.src.rpm', - }, - }, - { - name: 'golang-github-openshift-oauth-proxy-0:2.1-2.git885c9f40.el7', - category: 'product_version', - product: { - product_id: - 'golang-github-openshift-oauth-proxy-0:2.1-2.git885c9f40.el7', - name: 'golang-github-openshift-oauth-proxy-2.1-2.git885c9f40.el7.src.rpm', - }, - }, - { - name: 'golang-github-openshift-prometheus-alert-buffer-0:0-2.gitceca8c1.el7', - category: 'product_version', - product: { - product_id: - 'golang-github-openshift-prometheus-alert-buffer-0:0-2.gitceca8c1.el7', - name: 'golang-github-openshift-prometheus-alert-buffer-0-2.gitceca8c1.el7.src.rpm', - }, - }, - { - name: 'golang-github-prometheus-alertmanager-0:0.14.0-1.git30af4d0.el7', - category: 'product_version', - product: { - product_id: - 'golang-github-prometheus-alertmanager-0:0.14.0-1.git30af4d0.el7', - name: 'golang-github-prometheus-alertmanager-0.14.0-1.git30af4d0.el7.src.rpm', - }, - }, - { - name: 'golang-github-prometheus-node_exporter-0:0.15.2-2.git98bc649.el7', - category: 'product_version', - product: { - product_id: - 'golang-github-prometheus-node_exporter-0:0.15.2-2.git98bc649.el7', - name: 'golang-github-prometheus-node_exporter-0.15.2-2.git98bc649.el7.src.rpm', - }, - }, - { - name: 'golang-github-prometheus-prometheus-0:2.1.0-1.git85f23d8.el7', - category: 'product_version', - product: { - product_id: - 'golang-github-prometheus-prometheus-0:2.1.0-1.git85f23d8.el7', - name: 'golang-github-prometheus-prometheus-2.1.0-1.git85f23d8.el7.src.rpm', - }, - }, - { - name: 'golang-github-prometheus-promu-0:0-2.git85ceabc.el7', - category: 'product_version', - product: { - product_id: 'golang-github-prometheus-promu-0:0-2.git85ceabc.el7', - name: 'golang-github-prometheus-promu-0-2.git85ceabc.el7.src.rpm', - }, - }, - { - name: 'google-cloud-sdk-0:183.0.0-3.el7', - category: 'product_version', - product: { - product_id: 'google-cloud-sdk-0:183.0.0-3.el7', - name: 'google-cloud-sdk-183.0.0-3.el7.src.rpm', - }, - }, - { - name: 'haproxy-0:1.8.1-5.el7', - category: 'product_version', - product: { - product_id: 'haproxy-0:1.8.1-5.el7', - name: 'haproxy-1.8.1-5.el7.src.rpm', - }, - }, - { - name: 'hawkular-openshift-agent-0:1.2.2-2.el7', - category: 'product_version', - product: { - product_id: 'hawkular-openshift-agent-0:1.2.2-2.el7', - name: 'hawkular-openshift-agent-1.2.2-2.el7.src.rpm', - }, - }, - { - name: 'heapster-0:1.3.0-3.el7', - category: 'product_version', - product: { - product_id: 'heapster-0:1.3.0-3.el7', - name: 'heapster-1.3.0-3.el7.src.rpm', - }, - }, - { - name: 'http-parser-0:2.7.1-4.el7', - category: 'product_version', - product: { - product_id: 'http-parser-0:2.7.1-4.el7', - name: 'http-parser-2.7.1-4.el7.src.rpm', - }, - }, - { - name: 'image-inspector-0:2.1.2-2.el7', - category: 'product_version', - product: { - product_id: 'image-inspector-0:2.1.2-2.el7', - name: 'image-inspector-2.1.2-2.el7.src.rpm', - }, - }, - { - name: 'jenkins-0:2.89.4.1519670652-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-0:2.89.4.1519670652-1.el7', - name: 'jenkins-2.89.4.1519670652-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-1-0:1.651.2-2.el7', - category: 'product_version', - product: { - product_id: 'jenkins-1-0:1.651.2-2.el7', - name: 'jenkins-1-1.651.2-2.el7.src.rpm', - }, - }, - { - name: 'jenkins-2-plugins-0:3.9.1519779801-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-2-plugins-0:3.9.1519779801-1.el7', - name: 'jenkins-2-plugins-3.9.1519779801-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-ace-editor-0:1.1-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-ace-editor-0:1.1-10.el7', - name: 'jenkins-plugin-ace-editor-1.1-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-authentication-tokens-0:1.3-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-authentication-tokens-0:1.3-1.el7', - name: 'jenkins-plugin-authentication-tokens-1.3-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-blueocean-0:1.1.2-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-blueocean-0:1.1.2-1.el7', - name: 'jenkins-plugin-blueocean-1.1.2-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-blueocean-autofavorite-0:0.7-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-blueocean-autofavorite-0:0.7-1.el7', - name: 'jenkins-plugin-blueocean-autofavorite-0.7-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-blueocean-commons-0:1.0.1-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-blueocean-commons-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-commons-1.0.1-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-blueocean-config-0:1.0.1-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-blueocean-config-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-config-1.0.1-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-blueocean-dashboard-0:1.0.1-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-blueocean-dashboard-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-dashboard-1.0.1-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-blueocean-display-url-0:2.0-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-blueocean-display-url-0:2.0-1.el7', - name: 'jenkins-plugin-blueocean-display-url-2.0-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-blueocean-events-0:1.0.1-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-blueocean-events-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-events-1.0.1-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-blueocean-git-pipeline-0:1.0.1-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-blueocean-git-pipeline-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-git-pipeline-1.0.1-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-blueocean-github-pipeline-0:1.0.1-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-blueocean-github-pipeline-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-github-pipeline-1.0.1-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-blueocean-i18n-0:1.0.1-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-blueocean-i18n-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-i18n-1.0.1-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-blueocean-jwt-0:1.0.1-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-blueocean-jwt-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-jwt-1.0.1-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-blueocean-personalization-0:1.0.1-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-blueocean-personalization-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-personalization-1.0.1-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-blueocean-pipeline-api-impl-0:1.0.1-1.el7', - category: 'product_version', - product: { - product_id: - 'jenkins-plugin-blueocean-pipeline-api-impl-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-pipeline-api-impl-1.0.1-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-blueocean-pipeline-editor-0:0.2.0-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-blueocean-pipeline-editor-0:0.2.0-1.el7', - name: 'jenkins-plugin-blueocean-pipeline-editor-0.2.0-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-blueocean-rest-0:1.0.1-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-blueocean-rest-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-rest-1.0.1-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-blueocean-rest-impl-0:1.0.1-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-blueocean-rest-impl-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-rest-impl-1.0.1-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-blueocean-web-0:1.0.1-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-blueocean-web-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-web-1.0.1-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-branch-api-0:2.0.9-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-branch-api-0:2.0.9-10.el7', - name: 'jenkins-plugin-branch-api-2.0.9-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-cloudbees-folder-0:6.0.4-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-cloudbees-folder-0:6.0.4-10.el7', - name: 'jenkins-plugin-cloudbees-folder-6.0.4-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-credentials-0:2.1.13-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-credentials-0:2.1.13-10.el7', - name: 'jenkins-plugin-credentials-2.1.13-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-credentials-binding-0:1.11-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-credentials-binding-0:1.11-1.el7', - name: 'jenkins-plugin-credentials-binding-1.11-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-display-url-api-0:2.0-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-display-url-api-0:2.0-10.el7', - name: 'jenkins-plugin-display-url-api-2.0-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-docker-commons-0:1.6-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-docker-commons-0:1.6-1.el7', - name: 'jenkins-plugin-docker-commons-1.6-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-docker-workflow-0:1.11-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-docker-workflow-0:1.11-1.el7', - name: 'jenkins-plugin-docker-workflow-1.11-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-durable-task-0:1.13-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-durable-task-0:1.13-10.el7', - name: 'jenkins-plugin-durable-task-1.13-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-favorite-0:2.0.4-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-favorite-0:2.0.4-1.el7', - name: 'jenkins-plugin-favorite-2.0.4-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-git-0:3.3.0-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-git-0:3.3.0-10.el7', - name: 'jenkins-plugin-git-3.3.0-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-git-client-0:2.4.5-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-git-client-0:2.4.5-10.el7', - name: 'jenkins-plugin-git-client-2.4.5-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-git-server-0:1.7-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-git-server-0:1.7-10.el7', - name: 'jenkins-plugin-git-server-1.7-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-github-0:1.27.0-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-github-0:1.27.0-1.el7', - name: 'jenkins-plugin-github-1.27.0-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-github-api-0:1.85-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-github-api-0:1.85-1.el7', - name: 'jenkins-plugin-github-api-1.85-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-github-branch-source-0:2.0.5-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-github-branch-source-0:2.0.5-1.el7', - name: 'jenkins-plugin-github-branch-source-2.0.5-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-handlebars-0:1.1.1-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-handlebars-0:1.1.1-10.el7', - name: 'jenkins-plugin-handlebars-1.1.1-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-icon-shim-0:2.0.3-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-icon-shim-0:2.0.3-10.el7', - name: 'jenkins-plugin-icon-shim-2.0.3-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-jackson2-api-0:2.7.3-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-jackson2-api-0:2.7.3-1.el7', - name: 'jenkins-plugin-jackson2-api-2.7.3-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-jquery-detached-0:1.2.1-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-jquery-detached-0:1.2.1-10.el7', - name: 'jenkins-plugin-jquery-detached-1.2.1-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-junit-0:1.20-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-junit-0:1.20-10.el7', - name: 'jenkins-plugin-junit-1.20-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-kubernetes-0:0.11-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-kubernetes-0:0.11-10.el7', - name: 'jenkins-plugin-kubernetes-0.11-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-mailer-0:1.20-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-mailer-0:1.20-10.el7', - name: 'jenkins-plugin-mailer-1.20-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-mapdb-api-0:1.0.9.0-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-mapdb-api-0:1.0.9.0-10.el7', - name: 'jenkins-plugin-mapdb-api-1.0.9.0-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-matrix-auth-0:1.5-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-matrix-auth-0:1.5-10.el7', - name: 'jenkins-plugin-matrix-auth-1.5-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-matrix-project-0:1.10-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-matrix-project-0:1.10-10.el7', - name: 'jenkins-plugin-matrix-project-1.10-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-mercurial-0:1.59-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-mercurial-0:1.59-10.el7', - name: 'jenkins-plugin-mercurial-1.59-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-metrics-0:3.1.2.9-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-metrics-0:3.1.2.9-1.el7', - name: 'jenkins-plugin-metrics-3.1.2.9-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-momentjs-0:1.1.1-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-momentjs-0:1.1.1-10.el7', - name: 'jenkins-plugin-momentjs-1.1.1-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-multiple-scms-0:0.6-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-multiple-scms-0:0.6-10.el7', - name: 'jenkins-plugin-multiple-scms-0.6-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-openshift-client-0:0.9.6-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-openshift-client-0:0.9.6-1.el7', - name: 'jenkins-plugin-openshift-client-0.9.6-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-openshift-login-0:0.12-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-openshift-login-0:0.12-10.el7', - name: 'jenkins-plugin-openshift-login-0.12-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-openshift-pipeline-0:1.0.47-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-openshift-pipeline-0:1.0.47-10.el7', - name: 'jenkins-plugin-openshift-pipeline-1.0.47-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-openshift-sync-0:0.1.24-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-openshift-sync-0:0.1.24-1.el7', - name: 'jenkins-plugin-openshift-sync-0.1.24-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-pipeline-build-step-0:2.1-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-pipeline-build-step-0:2.1-10.el7', - name: 'jenkins-plugin-pipeline-build-step-2.1-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-pipeline-graph-analysis-0:1.3-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-pipeline-graph-analysis-0:1.3-10.el7', - name: 'jenkins-plugin-pipeline-graph-analysis-1.3-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-pipeline-input-step-0:2.7-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-pipeline-input-step-0:2.7-10.el7', - name: 'jenkins-plugin-pipeline-input-step-2.7-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-pipeline-milestone-step-0:1.3.1-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-pipeline-milestone-step-0:1.3.1-1.el7', - name: 'jenkins-plugin-pipeline-milestone-step-1.3.1-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-pipeline-model-api-0:1.1.4-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-pipeline-model-api-0:1.1.4-1.el7', - name: 'jenkins-plugin-pipeline-model-api-1.1.4-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-pipeline-model-declarative-agent-0:1.1.1-1.el7', - category: 'product_version', - product: { - product_id: - 'jenkins-plugin-pipeline-model-declarative-agent-0:1.1.1-1.el7', - name: 'jenkins-plugin-pipeline-model-declarative-agent-1.1.1-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-pipeline-model-definition-0:1.1.4-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-pipeline-model-definition-0:1.1.4-1.el7', - name: 'jenkins-plugin-pipeline-model-definition-1.1.4-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-pipeline-model-extensions-0:1.1.4-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-pipeline-model-extensions-0:1.1.4-1.el7', - name: 'jenkins-plugin-pipeline-model-extensions-1.1.4-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-pipeline-rest-api-0:2.6-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-pipeline-rest-api-0:2.6-10.el7', - name: 'jenkins-plugin-pipeline-rest-api-2.6-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-pipeline-stage-step-0:2.2-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-pipeline-stage-step-0:2.2-10.el7', - name: 'jenkins-plugin-pipeline-stage-step-2.2-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-pipeline-stage-tags-metadata-0:1.1.4-1.el7', - category: 'product_version', - product: { - product_id: - 'jenkins-plugin-pipeline-stage-tags-metadata-0:1.1.4-1.el7', - name: 'jenkins-plugin-pipeline-stage-tags-metadata-1.1.4-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-pipeline-stage-view-0:2.6-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-pipeline-stage-view-0:2.6-10.el7', - name: 'jenkins-plugin-pipeline-stage-view-2.6-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-pipeline-utility-steps-0:1.3.0-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-pipeline-utility-steps-0:1.3.0-10.el7', - name: 'jenkins-plugin-pipeline-utility-steps-1.3.0-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-plain-credentials-0:1.4-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-plain-credentials-0:1.4-10.el7', - name: 'jenkins-plugin-plain-credentials-1.4-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-pubsub-light-0:1.8-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-pubsub-light-0:1.8-1.el7', - name: 'jenkins-plugin-pubsub-light-1.8-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-scm-api-0:2.1.1-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-scm-api-0:2.1.1-10.el7', - name: 'jenkins-plugin-scm-api-2.1.1-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-script-security-0:1.29-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-script-security-0:1.29-1.el7', - name: 'jenkins-plugin-script-security-1.29-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-sse-gateway-0:1.15-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-sse-gateway-0:1.15-1.el7', - name: 'jenkins-plugin-sse-gateway-1.15-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-ssh-credentials-0:1.13-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-ssh-credentials-0:1.13-10.el7', - name: 'jenkins-plugin-ssh-credentials-1.13-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-structs-0:1.6-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-structs-0:1.6-10.el7', - name: 'jenkins-plugin-structs-1.6-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-subversion-0:2.7.2-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-subversion-0:2.7.2-10.el7', - name: 'jenkins-plugin-subversion-2.7.2-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-token-macro-0:2.1-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-token-macro-0:2.1-1.el7', - name: 'jenkins-plugin-token-macro-2.1-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-variant-0:1.1-1.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-variant-0:1.1-1.el7', - name: 'jenkins-plugin-variant-1.1-1.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-workflow-aggregator-0:2.1-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-workflow-aggregator-0:2.1-10.el7', - name: 'jenkins-plugin-workflow-aggregator-2.1-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-workflow-api-0:2.13-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-workflow-api-0:2.13-10.el7', - name: 'jenkins-plugin-workflow-api-2.13-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-workflow-basic-steps-0:2.4-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-workflow-basic-steps-0:2.4-10.el7', - name: 'jenkins-plugin-workflow-basic-steps-2.4-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-workflow-cps-0:2.30-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-workflow-cps-0:2.30-10.el7', - name: 'jenkins-plugin-workflow-cps-2.30-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-workflow-cps-global-lib-0:2.8-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-workflow-cps-global-lib-0:2.8-10.el7', - name: 'jenkins-plugin-workflow-cps-global-lib-2.8-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-workflow-durable-task-step-0:2.11-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-workflow-durable-task-step-0:2.11-10.el7', - name: 'jenkins-plugin-workflow-durable-task-step-2.11-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-workflow-job-0:2.10-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-workflow-job-0:2.10-10.el7', - name: 'jenkins-plugin-workflow-job-2.10-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-workflow-multibranch-0:2.14-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-workflow-multibranch-0:2.14-10.el7', - name: 'jenkins-plugin-workflow-multibranch-2.14-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-workflow-remote-loader-0:1.4-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-workflow-remote-loader-0:1.4-10.el7', - name: 'jenkins-plugin-workflow-remote-loader-1.4-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-workflow-scm-step-0:2.4-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-workflow-scm-step-0:2.4-10.el7', - name: 'jenkins-plugin-workflow-scm-step-2.4-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-workflow-step-api-0:2.9-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-workflow-step-api-0:2.9-10.el7', - name: 'jenkins-plugin-workflow-step-api-2.9-10.el7.src.rpm', - }, - }, - { - name: 'jenkins-plugin-workflow-support-0:2.14-10.el7', - category: 'product_version', - product: { - product_id: 'jenkins-plugin-workflow-support-0:2.14-10.el7', - name: 'jenkins-plugin-workflow-support-2.14-10.el7.src.rpm', - }, - }, - { - name: 'kibana-0:4.6.4-4.el7', - category: 'product_version', - product: { - product_id: 'kibana-0:4.6.4-4.el7', - name: 'kibana-4.6.4-4.el7.src.rpm', - }, - }, - { - name: 'libuv-1:1.7.5-3.el7', - category: 'product_version', - product: { - product_id: 'libuv-1:1.7.5-3.el7', - name: 'libuv-1.7.5-3.el7.src.rpm', - }, - }, - { - name: 'mariadb-apb-role-0:1.1.10-1.el7', - category: 'product_version', - product: { - product_id: 'mariadb-apb-role-0:1.1.10-1.el7', - name: 'mariadb-apb-role-1.1.10-1.el7.src.rpm', - }, - }, - { - name: 'mediawiki-apb-role-0:1.1.7-1.el7', - category: 'product_version', - product: { - product_id: 'mediawiki-apb-role-0:1.1.7-1.el7', - name: 'mediawiki-apb-role-1.1.7-1.el7.src.rpm', - }, - }, - { - name: 'mediawiki-container-scripts-0:1.0.2-1.el7', - category: 'product_version', - product: { - product_id: 'mediawiki-container-scripts-0:1.0.2-1.el7', - name: 'mediawiki-container-scripts-1.0.2-1.el7.src.rpm', - }, - }, - { - name: 'mediawiki123-0:1.23.13-1.el7', - category: 'product_version', - product: { - product_id: 'mediawiki123-0:1.23.13-1.el7', - name: 'mediawiki123-1.23.13-1.el7.src.rpm', - }, - }, - { - name: 'mysql-apb-role-0:1.1.10-1.el7', - category: 'product_version', - product: { - product_id: 'mysql-apb-role-0:1.1.10-1.el7', - name: 'mysql-apb-role-1.1.10-1.el7.src.rpm', - }, - }, - { - name: 'nodejs-0:4.7.2-1.el7', - category: 'product_version', - product: { - product_id: 'nodejs-0:4.7.2-1.el7', - name: 'nodejs-4.7.2-1.el7.src.rpm', - }, - }, - { - name: 'nodejs-abbrev-0:1.0.7-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-abbrev-0:1.0.7-1.el7aos', - name: 'nodejs-abbrev-1.0.7-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-accepts-0:1.3.3-1.el7', - category: 'product_version', - product: { - product_id: 'nodejs-accepts-0:1.3.3-1.el7', - name: 'nodejs-accepts-1.3.3-1.el7.src.rpm', - }, - }, - { - name: 'nodejs-align-text-0:0.1.3-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-align-text-0:0.1.3-2.el7aos', - name: 'nodejs-align-text-0.1.3-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-amdefine-0:0.0.4-5.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-amdefine-0:0.0.4-5.el7aos', - name: 'nodejs-amdefine-0.0.4-5.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-ansi-regex-0:2.0.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-ansi-regex-0:2.0.0-1.el7aos', - name: 'nodejs-ansi-regex-2.0.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-ansi-styles-0:2.1.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-ansi-styles-0:2.1.0-1.el7aos', - name: 'nodejs-ansi-styles-2.1.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-argparse-0:1.0.3-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-argparse-0:1.0.3-1.el7aos', - name: 'nodejs-argparse-1.0.3-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-array-flatten-0:1.1.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-array-flatten-0:1.1.1-1.el7aos', - name: 'nodejs-array-flatten-1.1.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-asap-0:2.0.3-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-asap-0:2.0.3-1.el7aos', - name: 'nodejs-asap-2.0.3-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-asn1-0:0.1.11-4.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-asn1-0:0.1.11-4.el7aos', - name: 'nodejs-asn1-0.1.11-4.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-assert-plus-0:0.1.4-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-assert-plus-0:0.1.4-1.el7aos', - name: 'nodejs-assert-plus-0.1.4-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-async-0:1.4.2-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-async-0:1.4.2-1.el7aos', - name: 'nodejs-async-1.4.2-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-aws-sign2-0:0.5.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-aws-sign2-0:0.5.0-1.el7aos', - name: 'nodejs-aws-sign2-0.5.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-balanced-match-0:0.2.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-balanced-match-0:0.2.1-1.el7aos', - name: 'nodejs-balanced-match-0.2.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-base64url-0:1.0.4-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-base64url-0:1.0.4-2.el7aos', - name: 'nodejs-base64url-1.0.4-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-basic-auth-0:1.0.3-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-basic-auth-0:1.0.3-1.el7aos', - name: 'nodejs-basic-auth-1.0.3-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-bl-0:1.0.0-3.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-bl-0:1.0.0-3.el7aos', - name: 'nodejs-bl-1.0.0-3.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-bluebird-0:2.10.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-bluebird-0:2.10.0-1.el7aos', - name: 'nodejs-bluebird-2.10.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-body-parser-0:1.14.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-body-parser-0:1.14.1-1.el7aos', - name: 'nodejs-body-parser-1.14.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-boom-0:2.8.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-boom-0:2.8.0-1.el7aos', - name: 'nodejs-boom-2.8.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-brace-expansion-0:1.1.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-brace-expansion-0:1.1.1-1.el7aos', - name: 'nodejs-brace-expansion-1.1.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-bytes-0:2.1.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-bytes-0:2.1.0-1.el7aos', - name: 'nodejs-bytes-2.1.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-camelcase-0:1.2.1-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-camelcase-0:1.2.1-2.el7aos', - name: 'nodejs-camelcase-1.2.1-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-camelcase-keys-0:1.0.0-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-camelcase-keys-0:1.0.0-2.el7aos', - name: 'nodejs-camelcase-keys-1.0.0-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-caseless-0:0.11.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-caseless-0:0.11.0-1.el7aos', - name: 'nodejs-caseless-0.11.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-center-align-0:0.1.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-center-align-0:0.1.1-1.el7aos', - name: 'nodejs-center-align-0.1.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-chalk-0:1.1.1-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-chalk-0:1.1.1-2.el7aos', - name: 'nodejs-chalk-1.1.1-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-client-sessions-0:0.7.0-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-client-sessions-0:0.7.0-2.el7aos', - name: 'nodejs-client-sessions-0.7.0-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-cliui-0:2.1.0-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-cliui-0:2.1.0-2.el7aos', - name: 'nodejs-cliui-2.1.0-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-coffee-script-0:1.10.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-coffee-script-0:1.10.0-1.el7aos', - name: 'nodejs-coffee-script-1.10.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-colors-0:1.1.2-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-colors-0:1.1.2-1.el7aos', - name: 'nodejs-colors-1.1.2-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-combined-stream-0:1.0.5-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-combined-stream-0:1.0.5-1.el7aos', - name: 'nodejs-combined-stream-1.0.5-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-commander-0:2.8.1-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-commander-0:2.8.1-2.el7aos', - name: 'nodejs-commander-2.8.1-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-concat-map-0:0.0.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-concat-map-0:0.0.1-1.el7aos', - name: 'nodejs-concat-map-0.0.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-concat-stream-0:1.4.7-3.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-concat-stream-0:1.4.7-3.el7aos', - name: 'nodejs-concat-stream-1.4.7-3.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-content-disposition-0:0.5.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-content-disposition-0:0.5.0-1.el7aos', - name: 'nodejs-content-disposition-0.5.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-content-type-0:1.0.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-content-type-0:1.0.1-1.el7aos', - name: 'nodejs-content-type-1.0.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-cookie-0:0.2.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-cookie-0:0.2.0-1.el7aos', - name: 'nodejs-cookie-0.2.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-cookie-signature-0:1.0.6-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-cookie-signature-0:1.0.6-1.el7aos', - name: 'nodejs-cookie-signature-1.0.6-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-cookies-0:0.5.0-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-cookies-0:0.5.0-2.el7aos', - name: 'nodejs-cookies-0.5.0-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-core-util-is-0:1.0.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-core-util-is-0:1.0.1-1.el7aos', - name: 'nodejs-core-util-is-1.0.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-cryptiles-0:2.0.5-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-cryptiles-0:2.0.5-2.el7aos', - name: 'nodejs-cryptiles-2.0.5-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-ctype-0:0.5.3-3.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-ctype-0:0.5.3-3.el7aos', - name: 'nodejs-ctype-0.5.3-3.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-dateformat-0:1.0.6-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-dateformat-0:1.0.6-1.el7aos', - name: 'nodejs-dateformat-1.0.6-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-debug-0:2.2.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-debug-0:2.2.0-1.el7aos', - name: 'nodejs-debug-2.2.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-decamelize-0:1.0.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-decamelize-0:1.0.0-1.el7aos', - name: 'nodejs-decamelize-1.0.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-delayed-stream-0:1.0.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-delayed-stream-0:1.0.0-1.el7aos', - name: 'nodejs-delayed-stream-1.0.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-depd-0:1.1.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-depd-0:1.1.0-1.el7aos', - name: 'nodejs-depd-1.1.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-destroy-0:1.0.3-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-destroy-0:1.0.3-1.el7aos', - name: 'nodejs-destroy-1.0.3-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-ee-first-0:1.1.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-ee-first-0:1.1.1-1.el7aos', - name: 'nodejs-ee-first-1.1.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-errno-0:0.1.4-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-errno-0:0.1.4-1.el7aos', - name: 'nodejs-errno-0.1.4-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-escape-html-0:1.0.3-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-escape-html-0:1.0.3-1.el7aos', - name: 'nodejs-escape-html-1.0.3-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-escape-string-regexp-0:1.0.3-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-escape-string-regexp-0:1.0.3-1.el7aos', - name: 'nodejs-escape-string-regexp-1.0.3-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-esprima-0:2.7.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-esprima-0:2.7.0-1.el7aos', - name: 'nodejs-esprima-2.7.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-etag-0:1.7.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-etag-0:1.7.0-1.el7aos', - name: 'nodejs-etag-1.7.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-eventemitter2-0:0.4.14-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-eventemitter2-0:0.4.14-1.el7aos', - name: 'nodejs-eventemitter2-0.4.14-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-eventemitter3-0:1.1.1-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-eventemitter3-0:1.1.1-2.el7aos', - name: 'nodejs-eventemitter3-1.1.1-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-exit-0:0.1.2-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-exit-0:0.1.2-1.el7aos', - name: 'nodejs-exit-0.1.2-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-express-0:4.13.3-4.el7', - category: 'product_version', - product: { - product_id: 'nodejs-express-0:4.13.3-4.el7', - name: 'nodejs-express-4.13.3-4.el7.src.rpm', - }, - }, - { - name: 'nodejs-extend-0:3.0.0-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-extend-0:3.0.0-2.el7aos', - name: 'nodejs-extend-3.0.0-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-file-sync-cmp-0:0.1.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-file-sync-cmp-0:0.1.1-1.el7aos', - name: 'nodejs-file-sync-cmp-0.1.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-finalhandler-0:0.4.0-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-finalhandler-0:0.4.0-2.el7aos', - name: 'nodejs-finalhandler-0.4.0-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-findup-sync-0:0.3.0-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-findup-sync-0:0.3.0-2.el7aos', - name: 'nodejs-findup-sync-0.3.0-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-forever-agent-0:0.6.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-forever-agent-0:0.6.1-1.el7aos', - name: 'nodejs-forever-agent-0.6.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-form-data-0:1.0.0-rc3.1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-form-data-0:1.0.0-rc3.1.el7aos', - name: 'nodejs-form-data-1.0.0-rc3.1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-forwarded-0:0.1.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-forwarded-0:0.1.0-1.el7aos', - name: 'nodejs-forwarded-0.1.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-fresh-0:0.3.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-fresh-0:0.3.0-1.el7aos', - name: 'nodejs-fresh-0.3.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-generate-function-0:2.0.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-generate-function-0:2.0.0-1.el7aos', - name: 'nodejs-generate-function-2.0.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-generate-object-property-0:1.2.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-generate-object-property-0:1.2.0-1.el7aos', - name: 'nodejs-generate-object-property-1.2.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-getobject-0:0.1.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-getobject-0:0.1.0-1.el7aos', - name: 'nodejs-getobject-0.1.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-glob-0:5.0.15-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-glob-0:5.0.15-1.el7aos', - name: 'nodejs-glob-5.0.15-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-graceful-fs-0:4.1.2-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-graceful-fs-0:4.1.2-1.el7aos', - name: 'nodejs-graceful-fs-4.1.2-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-graceful-readlink-0:1.0.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-graceful-readlink-0:1.0.1-1.el7aos', - name: 'nodejs-graceful-readlink-1.0.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-grunt-0:0.4.5-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-grunt-0:0.4.5-1.el7aos', - name: 'nodejs-grunt-0.4.5-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-grunt-cli-0:0.1.13-3.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-grunt-cli-0:0.1.13-3.el7aos', - name: 'nodejs-grunt-cli-0.1.13-3.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-grunt-contrib-clean-0:0.7.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-grunt-contrib-clean-0:0.7.0-1.el7aos', - name: 'nodejs-grunt-contrib-clean-0.7.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-grunt-contrib-copy-0:0.8.2-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-grunt-contrib-copy-0:0.8.2-1.el7aos', - name: 'nodejs-grunt-contrib-copy-0.8.2-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-grunt-contrib-less-0:1.1.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-grunt-contrib-less-0:1.1.0-1.el7aos', - name: 'nodejs-grunt-contrib-less-1.1.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-grunt-legacy-log-0:0.1.2-3.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-grunt-legacy-log-0:0.1.2-3.el7aos', - name: 'nodejs-grunt-legacy-log-0.1.2-3.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-grunt-legacy-log-utils-0:0.1.1-3.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-grunt-legacy-log-utils-0:0.1.1-3.el7aos', - name: 'nodejs-grunt-legacy-log-utils-0.1.1-3.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-grunt-legacy-util-0:0.2.0-3.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-grunt-legacy-util-0:0.2.0-3.el7aos', - name: 'nodejs-grunt-legacy-util-0.2.0-3.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-har-validator-0:1.8.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-har-validator-0:1.8.0-1.el7aos', - name: 'nodejs-har-validator-1.8.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-has-ansi-0:2.0.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-has-ansi-0:2.0.0-1.el7aos', - name: 'nodejs-has-ansi-2.0.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-has-color-0:0.1.7-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-has-color-0:0.1.7-2.el7aos', - name: 'nodejs-has-color-0.1.7-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-has-flag-0:1.0.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-has-flag-0:1.0.0-1.el7aos', - name: 'nodejs-has-flag-1.0.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-hawk-0:3.1.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-hawk-0:3.1.0-1.el7aos', - name: 'nodejs-hawk-3.1.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-hoek-0:2.14.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-hoek-0:2.14.0-1.el7aos', - name: 'nodejs-hoek-2.14.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-hooker-0:0.2.3-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-hooker-0:0.2.3-1.el7aos', - name: 'nodejs-hooker-0.2.3-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-http-errors-0:1.3.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-http-errors-0:1.3.1-1.el7aos', - name: 'nodejs-http-errors-1.3.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-http-proxy-0:1.11.2-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-http-proxy-0:1.11.2-2.el7aos', - name: 'nodejs-http-proxy-1.11.2-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-http-signature-0:0.11.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-http-signature-0:0.11.0-1.el7aos', - name: 'nodejs-http-signature-0.11.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-iconv-lite-0:0.4.13-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-iconv-lite-0:0.4.13-1.el7aos', - name: 'nodejs-iconv-lite-0.4.13-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-image-size-0:0.4.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-image-size-0:0.4.0-1.el7aos', - name: 'nodejs-image-size-0.4.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-indent-string-0:2.1.0-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-indent-string-0:2.1.0-2.el7aos', - name: 'nodejs-indent-string-2.1.0-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-inflight-0:1.0.4-6.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-inflight-0:1.0.4-6.el7aos', - name: 'nodejs-inflight-1.0.4-6.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-inherits-0:2.0.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-inherits-0:2.0.1-1.el7aos', - name: 'nodejs-inherits-2.0.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-invert-kv-0:1.0.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-invert-kv-0:1.0.0-1.el7aos', - name: 'nodejs-invert-kv-1.0.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-ipaddr.js-0:1.0.3-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-ipaddr.js-0:1.0.3-1.el7aos', - name: 'nodejs-ipaddr.js-1.0.3-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-is-absolute-0:0.2.3-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-is-absolute-0:0.2.3-1.el7aos', - name: 'nodejs-is-absolute-0.2.3-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-is-buffer-0:1.0.2-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-is-buffer-0:1.0.2-1.el7aos', - name: 'nodejs-is-buffer-1.0.2-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-is-finite-0:1.0.1-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-is-finite-0:1.0.1-2.el7aos', - name: 'nodejs-is-finite-1.0.1-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-is-my-json-valid-0:2.12.2-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-is-my-json-valid-0:2.12.2-1.el7aos', - name: 'nodejs-is-my-json-valid-2.12.2-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-is-property-0:1.0.2-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-is-property-0:1.0.2-1.el7aos', - name: 'nodejs-is-property-1.0.2-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-is-relative-0:0.2.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-is-relative-0:0.2.1-1.el7aos', - name: 'nodejs-is-relative-0.2.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-is-unc-path-0:0.1.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-is-unc-path-0:0.1.1-1.el7aos', - name: 'nodejs-is-unc-path-0.1.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-is-windows-0:0.1.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-is-windows-0:0.1.0-1.el7aos', - name: 'nodejs-is-windows-0.1.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-isarray-0:0.0.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-isarray-0:0.0.1-1.el7aos', - name: 'nodejs-isarray-0.0.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-isstream-0:0.1.2-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-isstream-0:0.1.2-1.el7aos', - name: 'nodejs-isstream-0.1.2-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-js-yaml-0:3.4.3-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-js-yaml-0:3.4.3-1.el7aos', - name: 'nodejs-js-yaml-3.4.3-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-json-stringify-safe-0:5.0.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-json-stringify-safe-0:5.0.1-1.el7aos', - name: 'nodejs-json-stringify-safe-5.0.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-jsonpointer-0:2.0.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-jsonpointer-0:2.0.0-1.el7aos', - name: 'nodejs-jsonpointer-2.0.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-keygrip-0:1.0.1-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-keygrip-0:1.0.1-2.el7aos', - name: 'nodejs-keygrip-1.0.1-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-kind-of-0:3.0.2-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-kind-of-0:3.0.2-1.el7aos', - name: 'nodejs-kind-of-3.0.2-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-lcid-0:1.0.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-lcid-0:1.0.0-1.el7aos', - name: 'nodejs-lcid-1.0.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-less-0:2.5.3-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-less-0:2.5.3-2.el7aos', - name: 'nodejs-less-2.5.3-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-lodash-0:3.10.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-lodash-0:3.10.1-1.el7aos', - name: 'nodejs-lodash-3.10.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-longest-0:1.0.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-longest-0:1.0.1-1.el7aos', - name: 'nodejs-longest-1.0.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-lru-cache-0:4.0.2-1.el7', - category: 'product_version', - product: { - product_id: 'nodejs-lru-cache-0:4.0.2-1.el7', - name: 'nodejs-lru-cache-4.0.2-1.el7.src.rpm', - }, - }, - { - name: 'nodejs-map-obj-0:1.0.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-map-obj-0:1.0.1-1.el7aos', - name: 'nodejs-map-obj-1.0.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-media-typer-0:0.3.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-media-typer-0:0.3.0-1.el7aos', - name: 'nodejs-media-typer-0.3.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-meow-0:2.0.0-3.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-meow-0:2.0.0-3.el7aos', - name: 'nodejs-meow-2.0.0-3.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-merge-descriptors-0:1.0.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-merge-descriptors-0:1.0.0-1.el7aos', - name: 'nodejs-merge-descriptors-1.0.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-methods-0:1.1.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-methods-0:1.1.1-1.el7aos', - name: 'nodejs-methods-1.1.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-mime-0:1.3.4-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-mime-0:1.3.4-1.el7aos', - name: 'nodejs-mime-1.3.4-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-mime-db-0:1.23.0-1.el7', - category: 'product_version', - product: { - product_id: 'nodejs-mime-db-0:1.23.0-1.el7', - name: 'nodejs-mime-db-1.23.0-1.el7.src.rpm', - }, - }, - { - name: 'nodejs-mime-types-0:2.1.11-1.el7', - category: 'product_version', - product: { - product_id: 'nodejs-mime-types-0:2.1.11-1.el7', - name: 'nodejs-mime-types-2.1.11-1.el7.src.rpm', - }, - }, - { - name: 'nodejs-minimatch-0:3.0.2-1.el7', - category: 'product_version', - product: { - product_id: 'nodejs-minimatch-0:3.0.2-1.el7', - name: 'nodejs-minimatch-3.0.2-1.el7.src.rpm', - }, - }, - { - name: 'nodejs-minimist-0:1.2.0-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-minimist-0:1.2.0-2.el7aos', - name: 'nodejs-minimist-1.2.0-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-mkdirp-0:0.5.0-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-mkdirp-0:0.5.0-2.el7aos', - name: 'nodejs-mkdirp-0.5.0-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-morgan-0:1.6.1-3.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-morgan-0:1.6.1-3.el7aos', - name: 'nodejs-morgan-1.6.1-3.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-ms-0:0.7.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-ms-0:0.7.1-1.el7aos', - name: 'nodejs-ms-0.7.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-negotiator-0:0.6.1-1.el7', - category: 'product_version', - product: { - product_id: 'nodejs-negotiator-0:0.6.1-1.el7', - name: 'nodejs-negotiator-0.6.1-1.el7.src.rpm', - }, - }, - { - name: 'nodejs-node-uuid-0:1.4.7-1.el7', - category: 'product_version', - product: { - product_id: 'nodejs-node-uuid-0:1.4.7-1.el7', - name: 'nodejs-node-uuid-1.4.7-1.el7.src.rpm', - }, - }, - { - name: 'nodejs-nopt-0:3.0.4-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-nopt-0:3.0.4-1.el7aos', - name: 'nodejs-nopt-3.0.4-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-number-is-nan-0:1.0.0-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-number-is-nan-0:1.0.0-2.el7aos', - name: 'nodejs-number-is-nan-1.0.0-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-oauth-0:0.9.13-3.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-oauth-0:0.9.13-3.el7aos', - name: 'nodejs-oauth-0.9.13-3.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-oauth-sign-0:0.8.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-oauth-sign-0:0.8.0-1.el7aos', - name: 'nodejs-oauth-sign-0.8.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-object-assign-0:4.0.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-object-assign-0:4.0.1-1.el7aos', - name: 'nodejs-object-assign-4.0.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-on-finished-0:2.3.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-on-finished-0:2.3.0-1.el7aos', - name: 'nodejs-on-finished-2.3.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-on-headers-0:1.0.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-on-headers-0:1.0.0-1.el7aos', - name: 'nodejs-on-headers-1.0.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-once-0:1.3.2-5.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-once-0:1.3.2-5.el7aos', - name: 'nodejs-once-1.3.2-5.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-openshift-auth-proxy-0:0.1.1-1.el7', - category: 'product_version', - product: { - product_id: 'nodejs-openshift-auth-proxy-0:0.1.1-1.el7', - name: 'nodejs-openshift-auth-proxy-0.1.1-1.el7.src.rpm', - }, - }, - { - name: 'nodejs-os-locale-0:1.4.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-os-locale-0:1.4.0-1.el7aos', - name: 'nodejs-os-locale-1.4.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-packaging-0:7-5.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-packaging-0:7-5.el7aos', - name: 'nodejs-packaging-7-5.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-parse-duration-0:0.1.1-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-parse-duration-0:0.1.1-2.el7aos', - name: 'nodejs-parse-duration-0.1.1-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-parseurl-0:1.3.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-parseurl-0:1.3.0-1.el7aos', - name: 'nodejs-parseurl-1.3.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-passport-0:0.2.2-4.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-passport-0:0.2.2-4.el7aos', - name: 'nodejs-passport-0.2.2-4.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-passport-http-bearer-0:1.0.1-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-passport-http-bearer-0:1.0.1-2.el7aos', - name: 'nodejs-passport-http-bearer-1.0.1-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-passport-oauth2-0:1.1.2-4.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-passport-oauth2-0:1.1.2-4.el7aos', - name: 'nodejs-passport-oauth2-1.1.2-4.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-passport-strategy-0:1.0.0-4.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-passport-strategy-0:1.0.0-4.el7aos', - name: 'nodejs-passport-strategy-1.0.0-4.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-path-is-absolute-0:1.0.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-path-is-absolute-0:1.0.0-1.el7aos', - name: 'nodejs-path-is-absolute-1.0.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-path-to-regexp-0:1.2.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-path-to-regexp-0:1.2.1-1.el7aos', - name: 'nodejs-path-to-regexp-1.2.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-patternfly-0:2.2.0-2.el7', - category: 'product_version', - product: { - product_id: 'nodejs-patternfly-0:2.2.0-2.el7', - name: 'nodejs-patternfly-2.2.0-2.el7.src.rpm', - }, - }, - { - name: 'nodejs-pause-0:0.0.1-3.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-pause-0:0.0.1-3.el7aos', - name: 'nodejs-pause-0.0.1-3.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-process-nextick-args-0:1.0.2-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-process-nextick-args-0:1.0.2-1.el7aos', - name: 'nodejs-process-nextick-args-1.0.2-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-promise-0:7.1.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-promise-0:7.1.1-1.el7aos', - name: 'nodejs-promise-7.1.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-proxy-addr-0:1.0.8-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-proxy-addr-0:1.0.8-2.el7aos', - name: 'nodejs-proxy-addr-1.0.8-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-prr-0:1.0.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-prr-0:1.0.1-1.el7aos', - name: 'nodejs-prr-1.0.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-pseudomap-0:1.0.2-2.el7', - category: 'product_version', - product: { - product_id: 'nodejs-pseudomap-0:1.0.2-2.el7', - name: 'nodejs-pseudomap-1.0.2-2.el7.src.rpm', - }, - }, - { - name: 'nodejs-qs-0:5.2.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-qs-0:5.2.0-1.el7aos', - name: 'nodejs-qs-5.2.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-range-parser-0:1.0.2-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-range-parser-0:1.0.2-1.el7aos', - name: 'nodejs-range-parser-1.0.2-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-raw-body-0:2.1.4-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-raw-body-0:2.1.4-2.el7aos', - name: 'nodejs-raw-body-2.1.4-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-readable-stream-0:2.0.2-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-readable-stream-0:2.0.2-1.el7aos', - name: 'nodejs-readable-stream-2.0.2-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-repeat-string-0:1.5.2-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-repeat-string-0:1.5.2-1.el7aos', - name: 'nodejs-repeat-string-1.5.2-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-repeating-0:2.0.0-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-repeating-0:2.0.0-2.el7aos', - name: 'nodejs-repeating-2.0.0-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-request-0:2.61.0-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-request-0:2.61.0-2.el7aos', - name: 'nodejs-request-2.61.0-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-requires-port-0:0.0.1-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-requires-port-0:0.0.1-2.el7aos', - name: 'nodejs-requires-port-0.0.1-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-resolve-0:1.1.6-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-resolve-0:1.1.6-1.el7aos', - name: 'nodejs-resolve-1.1.6-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-right-align-0:0.1.3-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-right-align-0:0.1.3-1.el7aos', - name: 'nodejs-right-align-0.1.3-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-rimraf-0:2.4.4-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-rimraf-0:2.4.4-1.el7aos', - name: 'nodejs-rimraf-2.4.4-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-send-0:0.13.0-3.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-send-0:0.13.0-3.el7aos', - name: 'nodejs-send-0.13.0-3.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-serve-static-0:1.10.0-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-serve-static-0:1.10.0-2.el7aos', - name: 'nodejs-serve-static-1.10.0-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-sntp-0:1.0.9-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-sntp-0:1.0.9-2.el7aos', - name: 'nodejs-sntp-1.0.9-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-source-map-0:0.1.33-3.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-source-map-0:0.1.33-3.el7aos', - name: 'nodejs-source-map-0.1.33-3.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-sprintf-js-0:1.0.3-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-sprintf-js-0:1.0.3-1.el7aos', - name: 'nodejs-sprintf-js-1.0.3-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-statuses-0:1.2.1-3.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-statuses-0:1.2.1-3.el7aos', - name: 'nodejs-statuses-1.2.1-3.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-string_decoder-0:0.10.31-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-string_decoder-0:0.10.31-2.el7aos', - name: 'nodejs-string_decoder-0.10.31-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-stringstream-0:0.0.4-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-stringstream-0:0.0.4-1.el7aos', - name: 'nodejs-stringstream-0.0.4-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-strip-ansi-0:3.0.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-strip-ansi-0:3.0.0-1.el7aos', - name: 'nodejs-strip-ansi-3.0.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-supports-color-0:3.1.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-supports-color-0:3.1.1-1.el7aos', - name: 'nodejs-supports-color-3.1.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-tough-cookie-0:2.3.1-1.el7', - category: 'product_version', - product: { - product_id: 'nodejs-tough-cookie-0:2.3.1-1.el7', - name: 'nodejs-tough-cookie-2.3.1-1.el7.src.rpm', - }, - }, - { - name: 'nodejs-tunnel-agent-0:0.4.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-tunnel-agent-0:0.4.1-1.el7aos', - name: 'nodejs-tunnel-agent-0.4.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-type-is-0:1.6.9-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-type-is-0:1.6.9-1.el7aos', - name: 'nodejs-type-is-1.6.9-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-typedarray-0:0.0.6-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-typedarray-0:0.0.6-1.el7aos', - name: 'nodejs-typedarray-0.0.6-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-uid2-0:0.0.3-3.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-uid2-0:0.0.3-3.el7aos', - name: 'nodejs-uid2-0.0.3-3.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-unc-path-regex-0:0.1.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-unc-path-regex-0:0.1.1-1.el7aos', - name: 'nodejs-unc-path-regex-0.1.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-underscore-dot-string-0:3.2.2-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-underscore-dot-string-0:3.2.2-1.el7aos', - name: 'nodejs-underscore-dot-string-3.2.2-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-unpipe-0:1.0.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-unpipe-0:1.0.0-1.el7aos', - name: 'nodejs-unpipe-1.0.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-url-join-0:0.0.1-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-url-join-0:0.0.1-2.el7aos', - name: 'nodejs-url-join-0.0.1-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-util-deprecate-0:1.0.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-util-deprecate-0:1.0.1-1.el7aos', - name: 'nodejs-util-deprecate-1.0.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-utils-merge-0:1.0.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-utils-merge-0:1.0.0-1.el7aos', - name: 'nodejs-utils-merge-1.0.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-vary-0:1.0.1-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-vary-0:1.0.1-1.el7aos', - name: 'nodejs-vary-1.0.1-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-which-0:1.2.0-2.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-which-0:1.2.0-2.el7aos', - name: 'nodejs-which-1.2.0-2.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-window-size-0:0.1.2-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-window-size-0:0.1.2-1.el7aos', - name: 'nodejs-window-size-0.1.2-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-wordwrap-0:1.0.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-wordwrap-0:1.0.0-1.el7aos', - name: 'nodejs-wordwrap-1.0.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-wrappy-0:1.0.1-4.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-wrappy-0:1.0.1-4.el7aos', - name: 'nodejs-wrappy-1.0.1-4.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-xtend-0:4.0.0-4.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-xtend-0:4.0.0-4.el7aos', - name: 'nodejs-xtend-4.0.0-4.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-y18n-0:3.1.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-y18n-0:3.1.0-1.el7aos', - name: 'nodejs-y18n-3.1.0-1.el7aos.src.rpm', - }, - }, - { - name: 'nodejs-yallist-0:2.0.0-2.el7', - category: 'product_version', - product: { - product_id: 'nodejs-yallist-0:2.0.0-2.el7', - name: 'nodejs-yallist-2.0.0-2.el7.src.rpm', - }, - }, - { - name: 'nodejs-yargs-0:3.24.0-1.el7aos', - category: 'product_version', - product: { - product_id: 'nodejs-yargs-0:3.24.0-1.el7aos', - name: 'nodejs-yargs-3.24.0-1.el7aos.src.rpm', - }, - }, - { - name: 'openshift-ansible-0:3.9.14-1.git.0.ca2cfc3.el7', - category: 'product_version', - product: { - product_id: 'openshift-ansible-0:3.9.14-1.git.0.ca2cfc3.el7', - name: 'openshift-ansible-3.9.14-1.git.0.ca2cfc3.el7.src.rpm', - }, - }, - { - name: 'openshift-elasticsearch-plugin-0:2.4.4.21__redhat_1-1.el7', - category: 'product_version', - product: { - product_id: - 'openshift-elasticsearch-plugin-0:2.4.4.21__redhat_1-1.el7', - name: 'openshift-elasticsearch-plugin-2.4.4.21__redhat_1-1.el7.src.rpm', - }, - }, - { - name: 'openshift-enterprise-image-registry-0:3.8.0-1.git.216.b6b90bb.el7', - category: 'product_version', - product: { - product_id: - 'openshift-enterprise-image-registry-0:3.8.0-1.git.216.b6b90bb.el7', - name: 'openshift-enterprise-image-registry-3.8.0-1.git.216.b6b90bb.el7.src.rpm', - }, - }, - { - name: 'openshift-eventrouter-0:0.1-2.git5bd9251.el7', - category: 'product_version', - product: { - product_id: 'openshift-eventrouter-0:0.1-2.git5bd9251.el7', - name: 'openshift-eventrouter-0.1-2.git5bd9251.el7.src.rpm', - }, - }, - { - name: 'openshift-external-storage-0:0.0.1-8.git78d6339.el7', - category: 'product_version', - product: { - product_id: 'openshift-external-storage-0:0.0.1-8.git78d6339.el7', - name: 'openshift-external-storage-0.0.1-8.git78d6339.el7.src.rpm', - }, - }, - { - name: 'openvswitch-ovn-kubernetes-0:0.1.0-2.el7', - category: 'product_version', - product: { - product_id: 'openvswitch-ovn-kubernetes-0:0.1.0-2.el7', - name: 'openvswitch-ovn-kubernetes-0.1.0-2.el7.src.rpm', - }, - }, - { - name: 'origin-kibana-0:4.5.1-8.el7', - category: 'product_version', - product: { - product_id: 'origin-kibana-0:4.5.1-8.el7', - name: 'origin-kibana-4.5.1-8.el7.src.rpm', - }, - }, - { - name: 'perl-IO-String-0:1.08-20.el7', - category: 'product_version', - product: { - product_id: 'perl-IO-String-0:1.08-20.el7', - name: 'perl-IO-String-1.08-20.el7.src.rpm', - }, - }, - { - name: 'postgresql-apb-role-0:1.1.14-1.el7', - category: 'product_version', - product: { - product_id: 'postgresql-apb-role-0:1.1.14-1.el7', - name: 'postgresql-apb-role-1.1.14-1.el7.src.rpm', - }, - }, - { - name: 'python-boto-0:2.34.0-5.el7', - category: 'product_version', - product: { - product_id: 'python-boto-0:2.34.0-5.el7', - name: 'python-boto-2.34.0-5.el7.src.rpm', - }, - }, - { - name: 'python-boto3-0:1.4.0-1.el7', - category: 'product_version', - product: { - product_id: 'python-boto3-0:1.4.0-1.el7', - name: 'python-boto3-1.4.0-1.el7.src.rpm', - }, - }, - { - name: 'python-botocore-0:1.4.57-5.el7', - category: 'product_version', - product: { - product_id: 'python-botocore-0:1.4.57-5.el7', - name: 'python-botocore-1.4.57-5.el7.src.rpm', - }, - }, - { - name: 'python-cachetools-0:1.0.3-1.el7', - category: 'product_version', - product: { - product_id: 'python-cachetools-0:1.0.3-1.el7', - name: 'python-cachetools-1.0.3-1.el7.src.rpm', - }, - }, - { - name: 'python-certifi-0:2016.9.26-2.el7', - category: 'product_version', - product: { - product_id: 'python-certifi-0:2016.9.26-2.el7', - name: 'python-certifi-2016.9.26-2.el7.src.rpm', - }, - }, - { - name: 'python-clamd-0:1.0.2-4.el7', - category: 'product_version', - product: { - product_id: 'python-clamd-0:1.0.2-4.el7', - name: 'python-clamd-1.0.2-4.el7.src.rpm', - }, - }, - { - name: 'python-click-0:4.1-3.el7', - category: 'product_version', - product: { - product_id: 'python-click-0:4.1-3.el7', - name: 'python-click-4.1-3.el7.src.rpm', - }, - }, - { - name: 'python-crontab-0:2.0.2-1.el7', - category: 'product_version', - product: { - product_id: 'python-crontab-0:2.0.2-1.el7', - name: 'python-crontab-2.0.2-1.el7.src.rpm', - }, - }, - { - name: 'python-crypto-0:2.6.1-16.el7', - category: 'product_version', - product: { - product_id: 'python-crypto-0:2.6.1-16.el7', - name: 'python-crypto-2.6.1-16.el7.src.rpm', - }, - }, - { - name: 'python-dictdiffer-0:0.6.1-1.el7', - category: 'product_version', - product: { - product_id: 'python-dictdiffer-0:0.6.1-1.el7', - name: 'python-dictdiffer-0.6.1-1.el7.src.rpm', - }, - }, - { - name: 'python-docker-0:2.4.2-1.3.el7', - category: 'product_version', - product: { - product_id: 'python-docker-0:2.4.2-1.3.el7', - name: 'python-docker-2.4.2-1.3.el7.src.rpm', - }, - }, - { - name: 'python-elasticsearch-0:2.3.0-1.el7', - category: 'product_version', - product: { - product_id: 'python-elasticsearch-0:2.3.0-1.el7', - name: 'python-elasticsearch-2.3.0-1.el7.src.rpm', - }, - }, - { - name: 'python-futures-0:3.0.3-2.el7', - category: 'product_version', - product: { - product_id: 'python-futures-0:3.0.3-2.el7', - name: 'python-futures-3.0.3-2.el7.src.rpm', - }, - }, - { - name: 'python-google-auth-0:1.1.1-1.el7', - category: 'product_version', - product: { - product_id: 'python-google-auth-0:1.1.1-1.el7', - name: 'python-google-auth-1.1.1-1.el7.src.rpm', - }, - }, - { - name: 'python-httplib2-0:0.9.2-1.el7', - category: 'product_version', - product: { - product_id: 'python-httplib2-0:0.9.2-1.el7', - name: 'python-httplib2-0.9.2-1.el7.src.rpm', - }, - }, - { - name: 'python-jmespath-0:0.9.0-3.el7', - category: 'product_version', - product: { - product_id: 'python-jmespath-0:0.9.0-3.el7', - name: 'python-jmespath-0.9.0-3.el7.src.rpm', - }, - }, - { - name: 'python-jwt-0:1.4.0-2.1.el7', - category: 'product_version', - product: { - product_id: 'python-jwt-0:1.4.0-2.1.el7', - name: 'python-jwt-1.4.0-2.1.el7.src.rpm', - }, - }, - { - name: 'python-keyczar-0:0.71c-2.el7aos', - category: 'product_version', - product: { - product_id: 'python-keyczar-0:0.71c-2.el7aos', - name: 'python-keyczar-0.71c-2.el7aos.src.rpm', - }, - }, - { - name: 'python-kubernetes-0:5.0.0-1.el7', - category: 'product_version', - product: { - product_id: 'python-kubernetes-0:5.0.0-1.el7', - name: 'python-kubernetes-5.0.0-1.el7.src.rpm', - }, - }, - { - name: 'python-libcloud-0:2.2.1-20180102gitd701bf9.el7', - category: 'product_version', - product: { - product_id: 'python-libcloud-0:2.2.1-20180102gitd701bf9.el7', - name: 'python-libcloud-2.2.1-20180102gitd701bf9.el7.src.rpm', - }, - }, - { - name: 'python-mock-0:1.0.1-9.2.el7', - category: 'product_version', - product: { - product_id: 'python-mock-0:1.0.1-9.2.el7', - name: 'python-mock-1.0.1-9.2.el7.src.rpm', - }, - }, - { - name: 'python-oauthlib-0:0.6.0-2.el7', - category: 'product_version', - product: { - product_id: 'python-oauthlib-0:0.6.0-2.el7', - name: 'python-oauthlib-0.6.0-2.el7.src.rpm', - }, - }, - { - name: 'python-openshift-1:0.5.0-8.el7', - category: 'product_version', - product: { - product_id: 'python-openshift-1:0.5.0-8.el7', - name: 'python-openshift-0.5.0-8.el7.src.rpm', - }, - }, - { - name: 'python-paramiko-0:2.1.1-2.el7', - category: 'product_version', - product: { - product_id: 'python-paramiko-0:2.1.1-2.el7', - name: 'python-paramiko-2.1.1-2.el7.src.rpm', - }, - }, - { - name: 'python-passlib-0:1.6.5-2.el7', - category: 'product_version', - product: { - product_id: 'python-passlib-0:1.6.5-2.el7', - name: 'python-passlib-1.6.5-2.el7.src.rpm', - }, - }, - { - name: 'python-py-0:1.4.32-2.el7', - category: 'product_version', - product: { - product_id: 'python-py-0:1.4.32-2.el7', - name: 'python-py-1.4.32-2.el7.src.rpm', - }, - }, - { - name: 'python-pysocks-0:1.5.7-4.el7', - category: 'product_version', - product: { - product_id: 'python-pysocks-0:1.5.7-4.el7', - name: 'python-pysocks-1.5.7-4.el7.src.rpm', - }, - }, - { - name: 'python-requests-oauthlib-0:0.4.0-7.el7', - category: 'product_version', - product: { - product_id: 'python-requests-oauthlib-0:0.4.0-7.el7', - name: 'python-requests-oauthlib-0.4.0-7.el7.src.rpm', - }, - }, - { - name: 'python-rsa-0:3.4.1-1.el7', - category: 'product_version', - product: { - product_id: 'python-rsa-0:3.4.1-1.el7', - name: 'python-rsa-3.4.1-1.el7.src.rpm', - }, - }, - { - name: 'python-ruamel-ordereddict-0:0.4.9-5.el7', - category: 'product_version', - product: { - product_id: 'python-ruamel-ordereddict-0:0.4.9-5.el7', - name: 'python-ruamel-ordereddict-0.4.9-5.el7.src.rpm', - }, - }, - { - name: 'python-ruamel-yaml-0:0.15.23-2.el7', - category: 'product_version', - product: { - product_id: 'python-ruamel-yaml-0:0.15.23-2.el7', - name: 'python-ruamel-yaml-0.15.23-2.el7.src.rpm', - }, - }, - { - name: 'python-s3transfer-0:0.1.3-1.el7', - category: 'product_version', - product: { - product_id: 'python-s3transfer-0:0.1.3-1.el7', - name: 'python-s3transfer-0.1.3-1.el7.src.rpm', - }, - }, - { - name: 'python-setuptools-0:17.1.1-4.el7', - category: 'product_version', - product: { - product_id: 'python-setuptools-0:17.1.1-4.el7', - name: 'python-setuptools-17.1.1-4.el7.src.rpm', - }, - }, - { - name: 'python-string_utils-0:0.6.0-2.el7', - category: 'product_version', - product: { - product_id: 'python-string_utils-0:0.6.0-2.el7', - name: 'python-string_utils-0.6.0-2.el7.src.rpm', - }, - }, - { - name: 'python-typing-0:3.5.2.2-3.el7', - category: 'product_version', - product: { - product_id: 'python-typing-0:3.5.2.2-3.el7', - name: 'python-typing-3.5.2.2-3.el7.src.rpm', - }, - }, - { - name: 'python-urllib3-0:1.21.1-1.el7', - category: 'product_version', - product: { - product_id: 'python-urllib3-0:1.21.1-1.el7', - name: 'python-urllib3-1.21.1-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-activesupport-1:4.2.10-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-activesupport-1:4.2.10-1.el7', - name: 'rubygem-activesupport-4.2.10-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-addressable-0:2.5.2-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-addressable-0:2.5.2-1.el7', - name: 'rubygem-addressable-2.5.2-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-concurrent-ruby-0:1.0.5-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-concurrent-ruby-0:1.0.5-1.el7', - name: 'rubygem-concurrent-ruby-1.0.5-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-cool.io-0:1.5.3-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-cool.io-0:1.5.3-1.el7', - name: 'rubygem-cool.io-1.5.3-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-docker-api-0:1.22.4-2.el7', - category: 'product_version', - product: { - product_id: 'rubygem-docker-api-0:1.22.4-2.el7', - name: 'rubygem-docker-api-1.22.4-2.el7.src.rpm', - }, - }, - { - name: 'rubygem-domain_name-0:0.5.20170404-2.el7', - category: 'product_version', - product: { - product_id: 'rubygem-domain_name-0:0.5.20170404-2.el7', - name: 'rubygem-domain_name-0.5.20170404-2.el7.src.rpm', - }, - }, - { - name: 'rubygem-elasticsearch-0:2.0.2-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-elasticsearch-0:2.0.2-1.el7', - name: 'rubygem-elasticsearch-2.0.2-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-elasticsearch-api-0:2.0.2-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-elasticsearch-api-0:2.0.2-1.el7', - name: 'rubygem-elasticsearch-api-2.0.2-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-elasticsearch-transport-0:2.0.2-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-elasticsearch-transport-0:2.0.2-1.el7', - name: 'rubygem-elasticsearch-transport-2.0.2-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-excon-0:0.60.0-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-excon-0:0.60.0-1.el7', - name: 'rubygem-excon-0.60.0-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-faraday-0:0.13.1-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-faraday-0:0.13.1-1.el7', - name: 'rubygem-faraday-0.13.1-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-ffi-0:1.9.23-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-ffi-0:1.9.23-1.el7', - name: 'rubygem-ffi-1.9.23-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-fluent-mixin-config-placeholders-0:0.4.0-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-fluent-mixin-config-placeholders-0:0.4.0-1.el7', - name: 'rubygem-fluent-mixin-config-placeholders-0.4.0-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-fluent-plugin-docker_metadata_filter-0:0.1.1-2.el7', - category: 'product_version', - product: { - product_id: - 'rubygem-fluent-plugin-docker_metadata_filter-0:0.1.1-2.el7', - name: 'rubygem-fluent-plugin-docker_metadata_filter-0.1.1-2.el7.src.rpm', - }, - }, - { - name: 'rubygem-fluent-plugin-elasticsearch-0:1.13.2-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-fluent-plugin-elasticsearch-0:1.13.2-1.el7', - name: 'rubygem-fluent-plugin-elasticsearch-1.13.2-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-fluent-plugin-flatten-hash-0:0.4.0-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-fluent-plugin-flatten-hash-0:0.4.0-1.el7', - name: 'rubygem-fluent-plugin-flatten-hash-0.4.0-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7', - category: 'product_version', - product: { - product_id: - 'rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7', - name: 'rubygem-fluent-plugin-kubernetes_metadata_filter-1.0.1-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-fluent-plugin-record-modifier-0:0.6.2-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-fluent-plugin-record-modifier-0:0.6.2-1.el7', - name: 'rubygem-fluent-plugin-record-modifier-0.6.2-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-fluent-plugin-remote-syslog-0:1.1-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-fluent-plugin-remote-syslog-0:1.1-1.el7', - name: 'rubygem-fluent-plugin-remote-syslog-1.1-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-fluent-plugin-rewrite-tag-filter-0:1.5.6-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-fluent-plugin-rewrite-tag-filter-0:1.5.6-1.el7', - name: 'rubygem-fluent-plugin-rewrite-tag-filter-1.5.6-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-fluent-plugin-secure-forward-0:0.4.5-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-fluent-plugin-secure-forward-0:0.4.5-1.el7', - name: 'rubygem-fluent-plugin-secure-forward-0.4.5-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-fluent-plugin-systemd-0:0.0.9-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-fluent-plugin-systemd-0:0.0.9-1.el7', - name: 'rubygem-fluent-plugin-systemd-0.0.9-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-fluent-plugin-viaq_data_model-0:0.0.13-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-fluent-plugin-viaq_data_model-0:0.0.13-1.el7', - name: 'rubygem-fluent-plugin-viaq_data_model-0.0.13-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-http-0:0.9.8-2.el7', - category: 'product_version', - product: { - product_id: 'rubygem-http-0:0.9.8-2.el7', - name: 'rubygem-http-0.9.8-2.el7.src.rpm', - }, - }, - { - name: 'rubygem-http-cookie-0:1.0.3-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-http-cookie-0:1.0.3-1.el7', - name: 'rubygem-http-cookie-1.0.3-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-http-form_data-0:1.0.3-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-http-form_data-0:1.0.3-1.el7', - name: 'rubygem-http-form_data-1.0.3-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-http_parser.rb-0:0.6.0-4.el7', - category: 'product_version', - product: { - product_id: 'rubygem-http_parser.rb-0:0.6.0-4.el7', - name: 'rubygem-http_parser.rb-0.6.0-4.el7.src.rpm', - }, - }, - { - name: 'rubygem-i18n-0:0.9.5-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-i18n-0:0.9.5-1.el7', - name: 'rubygem-i18n-0.9.5-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-kubeclient-0:1.1.4-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-kubeclient-0:1.1.4-1.el7', - name: 'rubygem-kubeclient-1.1.4-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-lru_redux-0:1.1.0-2.el7', - category: 'product_version', - product: { - product_id: 'rubygem-lru_redux-0:1.1.0-2.el7', - name: 'rubygem-lru_redux-1.1.0-2.el7.src.rpm', - }, - }, - { - name: 'rubygem-mime-types-0:3.1-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-mime-types-0:3.1-1.el7', - name: 'rubygem-mime-types-3.1-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-mime-types-data-0:3.2016.0521-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-mime-types-data-0:3.2016.0521-1.el7', - name: 'rubygem-mime-types-data-3.2016.0521-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-minitest-0:5.10.3-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-minitest-0:5.10.3-1.el7', - name: 'rubygem-minitest-5.10.3-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-msgpack-0:1.2.2-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-msgpack-0:1.2.2-1.el7', - name: 'rubygem-msgpack-1.2.2-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-multi_json-0:1.13.1-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-multi_json-0:1.13.1-1.el7', - name: 'rubygem-multi_json-1.13.1-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-multipart-post-0:2.0.0-3.el7', - category: 'product_version', - product: { - product_id: 'rubygem-multipart-post-0:2.0.0-3.el7', - name: 'rubygem-multipart-post-2.0.0-3.el7.src.rpm', - }, - }, - { - name: 'rubygem-netrc-0:0.11.0-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-netrc-0:0.11.0-1.el7', - name: 'rubygem-netrc-0.11.0-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-proxifier-0:1.0.3-2.el7', - category: 'product_version', - product: { - product_id: 'rubygem-proxifier-0:1.0.3-2.el7', - name: 'rubygem-proxifier-1.0.3-2.el7.src.rpm', - }, - }, - { - name: 'rubygem-public_suffix-0:2.0.5-5.el7', - category: 'product_version', - product: { - product_id: 'rubygem-public_suffix-0:2.0.5-5.el7', - name: 'rubygem-public_suffix-2.0.5-5.el7.src.rpm', - }, - }, - { - name: 'rubygem-recursive-open-struct-0:1.0.0-2.el7', - category: 'product_version', - product: { - product_id: 'rubygem-recursive-open-struct-0:1.0.0-2.el7', - name: 'rubygem-recursive-open-struct-1.0.0-2.el7.src.rpm', - }, - }, - { - name: 'rubygem-resolve-hostname-0:0.1.0-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-resolve-hostname-0:0.1.0-1.el7', - name: 'rubygem-resolve-hostname-0.1.0-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-rest-client-0:2.0.2-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-rest-client-0:2.0.2-1.el7', - name: 'rubygem-rest-client-2.0.2-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-sigdump-0:0.2.4-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-sigdump-0:0.2.4-1.el7', - name: 'rubygem-sigdump-0.2.4-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-string-scrub-0:0.0.5-4.el7', - category: 'product_version', - product: { - product_id: 'rubygem-string-scrub-0:0.0.5-4.el7', - name: 'rubygem-string-scrub-0.0.5-4.el7.src.rpm', - }, - }, - { - name: 'rubygem-syslog_protocol-0:0.9.2-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-syslog_protocol-0:0.9.2-1.el7', - name: 'rubygem-syslog_protocol-0.9.2-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-systemd-journal-0:1.3.1-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-systemd-journal-0:1.3.1-1.el7', - name: 'rubygem-systemd-journal-1.3.1-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-thread_safe-0:0.3.6-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-thread_safe-0:0.3.6-1.el7', - name: 'rubygem-thread_safe-0.3.6-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-tzinfo-0:1.2.5-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-tzinfo-0:1.2.5-1.el7', - name: 'rubygem-tzinfo-1.2.5-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-tzinfo-data-0:1.2018.3-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-tzinfo-data-0:1.2018.3-1.el7', - name: 'rubygem-tzinfo-data-1.2018.3-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-unf-0:0.1.4-5.el7', - category: 'product_version', - product: { - product_id: 'rubygem-unf-0:0.1.4-5.el7', - name: 'rubygem-unf-0.1.4-5.el7.src.rpm', - }, - }, - { - name: 'rubygem-unf_ext-0:0.0.7.5-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-unf_ext-0:0.0.7.5-1.el7', - name: 'rubygem-unf_ext-0.0.7.5-1.el7.src.rpm', - }, - }, - { - name: 'rubygem-uuidtools-0:2.1.5-2.el7', - category: 'product_version', - product: { - product_id: 'rubygem-uuidtools-0:2.1.5-2.el7', - name: 'rubygem-uuidtools-2.1.5-2.el7.src.rpm', - }, - }, - { - name: 'rubygem-yajl-ruby-0:1.3.1-1.el7', - category: 'product_version', - product: { - product_id: 'rubygem-yajl-ruby-0:1.3.1-1.el7', - name: 'rubygem-yajl-ruby-1.3.1-1.el7.src.rpm', - }, - }, - { - name: 'runc-0:1.0.0-24.rc4.dev.gitc6e4a1e.el7', - category: 'product_version', - product: { - product_id: 'runc-0:1.0.0-24.rc4.dev.gitc6e4a1e.el7', - name: 'runc-1.0.0-24.rc4.dev.gitc6e4a1e.el7.src.rpm', - }, - }, - { - name: 'scons-0:2.5.1-1.el7', - category: 'product_version', - product: { - product_id: 'scons-0:2.5.1-1.el7', - name: 'scons-2.5.1-1.el7.src.rpm', - }, - }, - { - name: 'search-guard-2-0:2.4.4.10_redhat_1-3.el7', - category: 'product_version', - product: { - product_id: 'search-guard-2-0:2.4.4.10_redhat_1-3.el7', - name: 'search-guard-2-2.4.4.10_redhat_1-3.el7.src.rpm', - }, - }, - { - name: 'sshpass-0:1.06-2.el7', - category: 'product_version', - product: { - product_id: 'sshpass-0:1.06-2.el7', - name: 'sshpass-1.06-2.el7.src.rpm', - }, - }, - { - name: 'thrift-0:0.9.1-15.el7', - category: 'product_version', - product: { - product_id: 'thrift-0:0.9.1-15.el7', - name: 'thrift-0.9.1-15.el7.src.rpm', - }, - }, - { - name: 'v8-1:3.14.5.10-25.el7', - category: 'product_version', - product: { - product_id: 'v8-1:3.14.5.10-25.el7', - name: 'v8-3.14.5.10-25.el7.src.rpm', - }, - }, - ], - relationships: [ - { - product_reference: 'ansible-asb-modules-0:0.1.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:ansible-asb-modules-0:0.1.1-1.el7', - name: 'ansible-asb-modules-0:0.1.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'ansible-kubernetes-modules-0:0.4.0-8.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:ansible-kubernetes-modules-0:0.4.0-8.el7', - name: 'ansible-kubernetes-modules-0:0.4.0-8.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'ansible-service-broker-0:1.1.16-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.16-1.el7', - name: 'ansible-service-broker-0:1.1.16-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'apb-0:1.1.15-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:apb-0:1.1.15-1.el7', - name: 'apb-0:1.1.15-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'apb-base-scripts-0:1.1.5-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:apb-base-scripts-0:1.1.5-1.el7', - name: 'apb-base-scripts-0:1.1.5-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'atomic-openshift-0:3.9.14-1.git.0.4efa2ca.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.14-1.git.0.4efa2ca.el7', - name: 'atomic-openshift-0:3.9.14-1.git.0.4efa2ca.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'atomic-openshift-web-console-0:3.9.14-1.git.229.04c20c2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.14-1.git.229.04c20c2.el7', - name: 'atomic-openshift-web-console-0:3.9.14-1.git.229.04c20c2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'cockpit-0:160-3.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:cockpit-0:160-3.el7', - name: 'cockpit-0:160-3.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'containernetworking-plugins-0:0.5.2-5.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-5.el7', - name: 'containernetworking-plugins-0:0.5.2-5.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'cri-o-0:1.9.10-1.git8723732.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:cri-o-0:1.9.10-1.git8723732.el7', - name: 'cri-o-0:1.9.10-1.git8723732.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'cri-tools-0:1.0.0-2.alpha.0.git653cc8c.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-2.alpha.0.git653cc8c.el7', - name: 'cri-tools-0:1.0.0-2.alpha.0.git653cc8c.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'dumb-init-0:1.1.3-12.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:dumb-init-0:1.1.3-12.el7', - name: 'dumb-init-0:1.1.3-12.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'elastic-curator-0:3.5.0-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:elastic-curator-0:3.5.0-2.el7', - name: 'elastic-curator-0:3.5.0-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'elasticsearch-0:2.4.4-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:elasticsearch-0:2.4.4-1.el7', - name: 'elasticsearch-0:2.4.4-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'elasticsearch-cloud-kubernetes-0:2.4.4.01_redhat_1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:elasticsearch-cloud-kubernetes-0:2.4.4.01_redhat_1-1.el7', - name: 'elasticsearch-cloud-kubernetes-0:2.4.4.01_redhat_1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'fluentd-0:0.12.42-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:fluentd-0:0.12.42-1.el7', - name: 'fluentd-0:0.12.42-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'golang-github-openshift-oauth-proxy-0:2.1-2.git885c9f40.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-2.git885c9f40.el7', - name: 'golang-github-openshift-oauth-proxy-0:2.1-2.git885c9f40.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'golang-github-openshift-prometheus-alert-buffer-0:0-2.gitceca8c1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-2.gitceca8c1.el7', - name: 'golang-github-openshift-prometheus-alert-buffer-0:0-2.gitceca8c1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'golang-github-prometheus-alertmanager-0:0.14.0-1.git30af4d0.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-1.git30af4d0.el7', - name: 'golang-github-prometheus-alertmanager-0:0.14.0-1.git30af4d0.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'golang-github-prometheus-node_exporter-0:0.15.2-2.git98bc649.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:0.15.2-2.git98bc649.el7', - name: 'golang-github-prometheus-node_exporter-0:0.15.2-2.git98bc649.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'golang-github-prometheus-prometheus-0:2.1.0-1.git85f23d8.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.1.0-1.git85f23d8.el7', - name: 'golang-github-prometheus-prometheus-0:2.1.0-1.git85f23d8.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'golang-github-prometheus-promu-0:0-2.git85ceabc.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-2.git85ceabc.el7', - name: 'golang-github-prometheus-promu-0:0-2.git85ceabc.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'google-cloud-sdk-0:183.0.0-3.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:google-cloud-sdk-0:183.0.0-3.el7', - name: 'google-cloud-sdk-0:183.0.0-3.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'haproxy-0:1.8.1-5.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:haproxy-0:1.8.1-5.el7', - name: 'haproxy-0:1.8.1-5.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'hawkular-openshift-agent-0:1.2.2-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-2.el7', - name: 'hawkular-openshift-agent-0:1.2.2-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'heapster-0:1.3.0-3.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-3.el7', - name: 'heapster-0:1.3.0-3.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'http-parser-0:2.7.1-4.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:http-parser-0:2.7.1-4.el7', - name: 'http-parser-0:2.7.1-4.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'image-inspector-0:2.1.2-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.2-2.el7', - name: 'image-inspector-0:2.1.2-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-1-0:1.651.2-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:jenkins-1-0:1.651.2-2.el7', - name: 'jenkins-1-0:1.651.2-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-2-plugins-0:3.9.1519779801-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-2-plugins-0:3.9.1519779801-1.el7', - name: 'jenkins-2-plugins-0:3.9.1519779801-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-0:2.89.4.1519670652-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:jenkins-0:2.89.4.1519670652-1.el7', - name: 'jenkins-0:2.89.4.1519670652-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-ace-editor-0:1.1-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-ace-editor-0:1.1-10.el7', - name: 'jenkins-plugin-ace-editor-0:1.1-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-authentication-tokens-0:1.3-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-authentication-tokens-0:1.3-1.el7', - name: 'jenkins-plugin-authentication-tokens-0:1.3-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-blueocean-0:1.1.2-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-0:1.1.2-1.el7', - name: 'jenkins-plugin-blueocean-0:1.1.2-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-blueocean-autofavorite-0:0.7-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-autofavorite-0:0.7-1.el7', - name: 'jenkins-plugin-blueocean-autofavorite-0:0.7-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-blueocean-commons-0:1.0.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-commons-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-commons-0:1.0.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-blueocean-config-0:1.0.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-config-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-config-0:1.0.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-blueocean-dashboard-0:1.0.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-dashboard-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-dashboard-0:1.0.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-blueocean-display-url-0:2.0-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-display-url-0:2.0-1.el7', - name: 'jenkins-plugin-blueocean-display-url-0:2.0-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-blueocean-events-0:1.0.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-events-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-events-0:1.0.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'jenkins-plugin-blueocean-git-pipeline-0:1.0.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-git-pipeline-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-git-pipeline-0:1.0.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'jenkins-plugin-blueocean-github-pipeline-0:1.0.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-github-pipeline-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-github-pipeline-0:1.0.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-blueocean-i18n-0:1.0.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-i18n-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-i18n-0:1.0.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-blueocean-jwt-0:1.0.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-jwt-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-jwt-0:1.0.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'jenkins-plugin-blueocean-personalization-0:1.0.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-personalization-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-personalization-0:1.0.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'jenkins-plugin-blueocean-pipeline-api-impl-0:1.0.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-pipeline-api-impl-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-pipeline-api-impl-0:1.0.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'jenkins-plugin-blueocean-pipeline-editor-0:0.2.0-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-pipeline-editor-0:0.2.0-1.el7', - name: 'jenkins-plugin-blueocean-pipeline-editor-0:0.2.0-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-blueocean-rest-0:1.0.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-rest-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-rest-0:1.0.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-blueocean-rest-impl-0:1.0.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-rest-impl-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-rest-impl-0:1.0.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-blueocean-web-0:1.0.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-web-0:1.0.1-1.el7', - name: 'jenkins-plugin-blueocean-web-0:1.0.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-branch-api-0:2.0.9-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-branch-api-0:2.0.9-10.el7', - name: 'jenkins-plugin-branch-api-0:2.0.9-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-cloudbees-folder-0:6.0.4-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-cloudbees-folder-0:6.0.4-10.el7', - name: 'jenkins-plugin-cloudbees-folder-0:6.0.4-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-credentials-0:2.1.13-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-credentials-0:2.1.13-10.el7', - name: 'jenkins-plugin-credentials-0:2.1.13-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-credentials-binding-0:1.11-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-credentials-binding-0:1.11-1.el7', - name: 'jenkins-plugin-credentials-binding-0:1.11-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-display-url-api-0:2.0-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-display-url-api-0:2.0-10.el7', - name: 'jenkins-plugin-display-url-api-0:2.0-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-docker-commons-0:1.6-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-docker-commons-0:1.6-1.el7', - name: 'jenkins-plugin-docker-commons-0:1.6-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-docker-workflow-0:1.11-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-docker-workflow-0:1.11-1.el7', - name: 'jenkins-plugin-docker-workflow-0:1.11-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-durable-task-0:1.13-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-durable-task-0:1.13-10.el7', - name: 'jenkins-plugin-durable-task-0:1.13-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-favorite-0:2.0.4-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-favorite-0:2.0.4-1.el7', - name: 'jenkins-plugin-favorite-0:2.0.4-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-git-0:3.3.0-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:jenkins-plugin-git-0:3.3.0-10.el7', - name: 'jenkins-plugin-git-0:3.3.0-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-git-client-0:2.4.5-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-git-client-0:2.4.5-10.el7', - name: 'jenkins-plugin-git-client-0:2.4.5-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-git-server-0:1.7-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-git-server-0:1.7-10.el7', - name: 'jenkins-plugin-git-server-0:1.7-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-github-0:1.27.0-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-github-0:1.27.0-1.el7', - name: 'jenkins-plugin-github-0:1.27.0-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-github-api-0:1.85-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-github-api-0:1.85-1.el7', - name: 'jenkins-plugin-github-api-0:1.85-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-github-branch-source-0:2.0.5-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-github-branch-source-0:2.0.5-1.el7', - name: 'jenkins-plugin-github-branch-source-0:2.0.5-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-handlebars-0:1.1.1-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-handlebars-0:1.1.1-10.el7', - name: 'jenkins-plugin-handlebars-0:1.1.1-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-icon-shim-0:2.0.3-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-icon-shim-0:2.0.3-10.el7', - name: 'jenkins-plugin-icon-shim-0:2.0.3-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-jackson2-api-0:2.7.3-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-jackson2-api-0:2.7.3-1.el7', - name: 'jenkins-plugin-jackson2-api-0:2.7.3-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-jquery-detached-0:1.2.1-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-jquery-detached-0:1.2.1-10.el7', - name: 'jenkins-plugin-jquery-detached-0:1.2.1-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-junit-0:1.20-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-junit-0:1.20-10.el7', - name: 'jenkins-plugin-junit-0:1.20-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-kubernetes-0:0.11-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-kubernetes-0:0.11-10.el7', - name: 'jenkins-plugin-kubernetes-0:0.11-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-mailer-0:1.20-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-mailer-0:1.20-10.el7', - name: 'jenkins-plugin-mailer-0:1.20-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-mapdb-api-0:1.0.9.0-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-mapdb-api-0:1.0.9.0-10.el7', - name: 'jenkins-plugin-mapdb-api-0:1.0.9.0-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-matrix-auth-0:1.5-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-matrix-auth-0:1.5-10.el7', - name: 'jenkins-plugin-matrix-auth-0:1.5-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-matrix-project-0:1.10-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-matrix-project-0:1.10-10.el7', - name: 'jenkins-plugin-matrix-project-0:1.10-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-mercurial-0:1.59-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-mercurial-0:1.59-10.el7', - name: 'jenkins-plugin-mercurial-0:1.59-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-metrics-0:3.1.2.9-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-metrics-0:3.1.2.9-1.el7', - name: 'jenkins-plugin-metrics-0:3.1.2.9-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-momentjs-0:1.1.1-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-momentjs-0:1.1.1-10.el7', - name: 'jenkins-plugin-momentjs-0:1.1.1-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-multiple-scms-0:0.6-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-multiple-scms-0:0.6-10.el7', - name: 'jenkins-plugin-multiple-scms-0:0.6-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-openshift-client-0:0.9.6-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-openshift-client-0:0.9.6-1.el7', - name: 'jenkins-plugin-openshift-client-0:0.9.6-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-openshift-login-0:0.12-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-openshift-login-0:0.12-10.el7', - name: 'jenkins-plugin-openshift-login-0:0.12-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-openshift-pipeline-0:1.0.47-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-openshift-pipeline-0:1.0.47-10.el7', - name: 'jenkins-plugin-openshift-pipeline-0:1.0.47-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-openshift-sync-0:0.1.24-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-openshift-sync-0:0.1.24-1.el7', - name: 'jenkins-plugin-openshift-sync-0:0.1.24-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-pipeline-build-step-0:2.1-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-build-step-0:2.1-10.el7', - name: 'jenkins-plugin-pipeline-build-step-0:2.1-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'jenkins-plugin-pipeline-graph-analysis-0:1.3-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-graph-analysis-0:1.3-10.el7', - name: 'jenkins-plugin-pipeline-graph-analysis-0:1.3-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-pipeline-input-step-0:2.7-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-input-step-0:2.7-10.el7', - name: 'jenkins-plugin-pipeline-input-step-0:2.7-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'jenkins-plugin-pipeline-milestone-step-0:1.3.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-milestone-step-0:1.3.1-1.el7', - name: 'jenkins-plugin-pipeline-milestone-step-0:1.3.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-pipeline-model-api-0:1.1.4-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-model-api-0:1.1.4-1.el7', - name: 'jenkins-plugin-pipeline-model-api-0:1.1.4-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'jenkins-plugin-pipeline-model-declarative-agent-0:1.1.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-model-declarative-agent-0:1.1.1-1.el7', - name: 'jenkins-plugin-pipeline-model-declarative-agent-0:1.1.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'jenkins-plugin-pipeline-model-definition-0:1.1.4-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-model-definition-0:1.1.4-1.el7', - name: 'jenkins-plugin-pipeline-model-definition-0:1.1.4-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'jenkins-plugin-pipeline-model-extensions-0:1.1.4-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-model-extensions-0:1.1.4-1.el7', - name: 'jenkins-plugin-pipeline-model-extensions-0:1.1.4-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-pipeline-rest-api-0:2.6-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-rest-api-0:2.6-10.el7', - name: 'jenkins-plugin-pipeline-rest-api-0:2.6-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-pipeline-stage-step-0:2.2-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-stage-step-0:2.2-10.el7', - name: 'jenkins-plugin-pipeline-stage-step-0:2.2-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'jenkins-plugin-pipeline-stage-tags-metadata-0:1.1.4-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-stage-tags-metadata-0:1.1.4-1.el7', - name: 'jenkins-plugin-pipeline-stage-tags-metadata-0:1.1.4-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-pipeline-stage-view-0:2.6-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-stage-view-0:2.6-10.el7', - name: 'jenkins-plugin-pipeline-stage-view-0:2.6-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'jenkins-plugin-pipeline-utility-steps-0:1.3.0-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-utility-steps-0:1.3.0-10.el7', - name: 'jenkins-plugin-pipeline-utility-steps-0:1.3.0-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-plain-credentials-0:1.4-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-plain-credentials-0:1.4-10.el7', - name: 'jenkins-plugin-plain-credentials-0:1.4-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-pubsub-light-0:1.8-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pubsub-light-0:1.8-1.el7', - name: 'jenkins-plugin-pubsub-light-0:1.8-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-scm-api-0:2.1.1-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-scm-api-0:2.1.1-10.el7', - name: 'jenkins-plugin-scm-api-0:2.1.1-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-script-security-0:1.29-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-script-security-0:1.29-1.el7', - name: 'jenkins-plugin-script-security-0:1.29-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-sse-gateway-0:1.15-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-sse-gateway-0:1.15-1.el7', - name: 'jenkins-plugin-sse-gateway-0:1.15-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-ssh-credentials-0:1.13-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-ssh-credentials-0:1.13-10.el7', - name: 'jenkins-plugin-ssh-credentials-0:1.13-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-structs-0:1.6-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-structs-0:1.6-10.el7', - name: 'jenkins-plugin-structs-0:1.6-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-subversion-0:2.7.2-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-subversion-0:2.7.2-10.el7', - name: 'jenkins-plugin-subversion-0:2.7.2-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-token-macro-0:2.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-token-macro-0:2.1-1.el7', - name: 'jenkins-plugin-token-macro-0:2.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-variant-0:1.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-variant-0:1.1-1.el7', - name: 'jenkins-plugin-variant-0:1.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-workflow-aggregator-0:2.1-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-aggregator-0:2.1-10.el7', - name: 'jenkins-plugin-workflow-aggregator-0:2.1-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-workflow-api-0:2.13-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-api-0:2.13-10.el7', - name: 'jenkins-plugin-workflow-api-0:2.13-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-workflow-basic-steps-0:2.4-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-basic-steps-0:2.4-10.el7', - name: 'jenkins-plugin-workflow-basic-steps-0:2.4-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-workflow-cps-0:2.30-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-cps-0:2.30-10.el7', - name: 'jenkins-plugin-workflow-cps-0:2.30-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'jenkins-plugin-workflow-cps-global-lib-0:2.8-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-cps-global-lib-0:2.8-10.el7', - name: 'jenkins-plugin-workflow-cps-global-lib-0:2.8-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'jenkins-plugin-workflow-durable-task-step-0:2.11-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-durable-task-step-0:2.11-10.el7', - name: 'jenkins-plugin-workflow-durable-task-step-0:2.11-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-workflow-job-0:2.10-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-job-0:2.10-10.el7', - name: 'jenkins-plugin-workflow-job-0:2.10-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-workflow-multibranch-0:2.14-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-multibranch-0:2.14-10.el7', - name: 'jenkins-plugin-workflow-multibranch-0:2.14-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-workflow-remote-loader-0:1.4-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-remote-loader-0:1.4-10.el7', - name: 'jenkins-plugin-workflow-remote-loader-0:1.4-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-workflow-scm-step-0:2.4-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-scm-step-0:2.4-10.el7', - name: 'jenkins-plugin-workflow-scm-step-0:2.4-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-workflow-step-api-0:2.9-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-step-api-0:2.9-10.el7', - name: 'jenkins-plugin-workflow-step-api-0:2.9-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'jenkins-plugin-workflow-support-0:2.14-10.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-support-0:2.14-10.el7', - name: 'jenkins-plugin-workflow-support-0:2.14-10.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'kibana-0:4.6.4-4.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:kibana-0:4.6.4-4.el7', - name: 'kibana-0:4.6.4-4.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'libuv-1:1.7.5-3.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:libuv-1:1.7.5-3.el7', - name: 'libuv-1:1.7.5-3.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'mariadb-apb-role-0:1.1.10-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:mariadb-apb-role-0:1.1.10-1.el7', - name: 'mariadb-apb-role-0:1.1.10-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'mediawiki-apb-role-0:1.1.7-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:mediawiki-apb-role-0:1.1.7-1.el7', - name: 'mediawiki-apb-role-0:1.1.7-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'mediawiki-container-scripts-0:1.0.2-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:mediawiki-container-scripts-0:1.0.2-1.el7', - name: 'mediawiki-container-scripts-0:1.0.2-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'mediawiki123-0:1.23.13-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:mediawiki123-0:1.23.13-1.el7', - name: 'mediawiki123-0:1.23.13-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'mysql-apb-role-0:1.1.10-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.10-1.el7', - name: 'mysql-apb-role-0:1.1.10-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-0:4.7.2-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-0:4.7.2-1.el7', - name: 'nodejs-0:4.7.2-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-abbrev-0:1.0.7-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-abbrev-0:1.0.7-1.el7aos', - name: 'nodejs-abbrev-0:1.0.7-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-accepts-0:1.3.3-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-accepts-0:1.3.3-1.el7', - name: 'nodejs-accepts-0:1.3.3-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-align-text-0:0.1.3-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-align-text-0:0.1.3-2.el7aos', - name: 'nodejs-align-text-0:0.1.3-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-amdefine-0:0.0.4-5.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-amdefine-0:0.0.4-5.el7aos', - name: 'nodejs-amdefine-0:0.0.4-5.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-ansi-regex-0:2.0.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-ansi-regex-0:2.0.0-1.el7aos', - name: 'nodejs-ansi-regex-0:2.0.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-ansi-styles-0:2.1.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-ansi-styles-0:2.1.0-1.el7aos', - name: 'nodejs-ansi-styles-0:2.1.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-argparse-0:1.0.3-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-argparse-0:1.0.3-1.el7aos', - name: 'nodejs-argparse-0:1.0.3-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-array-flatten-0:1.1.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-array-flatten-0:1.1.1-1.el7aos', - name: 'nodejs-array-flatten-0:1.1.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-asap-0:2.0.3-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-asap-0:2.0.3-1.el7aos', - name: 'nodejs-asap-0:2.0.3-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-asn1-0:0.1.11-4.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-asn1-0:0.1.11-4.el7aos', - name: 'nodejs-asn1-0:0.1.11-4.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-assert-plus-0:0.1.4-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-assert-plus-0:0.1.4-1.el7aos', - name: 'nodejs-assert-plus-0:0.1.4-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-async-0:1.4.2-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-async-0:1.4.2-1.el7aos', - name: 'nodejs-async-0:1.4.2-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-aws-sign2-0:0.5.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-aws-sign2-0:0.5.0-1.el7aos', - name: 'nodejs-aws-sign2-0:0.5.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-balanced-match-0:0.2.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-balanced-match-0:0.2.1-1.el7aos', - name: 'nodejs-balanced-match-0:0.2.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-base64url-0:1.0.4-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-base64url-0:1.0.4-2.el7aos', - name: 'nodejs-base64url-0:1.0.4-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-basic-auth-0:1.0.3-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-basic-auth-0:1.0.3-1.el7aos', - name: 'nodejs-basic-auth-0:1.0.3-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-bl-0:1.0.0-3.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-bl-0:1.0.0-3.el7aos', - name: 'nodejs-bl-0:1.0.0-3.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-bluebird-0:2.10.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-bluebird-0:2.10.0-1.el7aos', - name: 'nodejs-bluebird-0:2.10.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-body-parser-0:1.14.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-body-parser-0:1.14.1-1.el7aos', - name: 'nodejs-body-parser-0:1.14.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-boom-0:2.8.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-boom-0:2.8.0-1.el7aos', - name: 'nodejs-boom-0:2.8.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-brace-expansion-0:1.1.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-brace-expansion-0:1.1.1-1.el7aos', - name: 'nodejs-brace-expansion-0:1.1.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-bytes-0:2.1.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-bytes-0:2.1.0-1.el7aos', - name: 'nodejs-bytes-0:2.1.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-camelcase-0:1.2.1-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-camelcase-0:1.2.1-2.el7aos', - name: 'nodejs-camelcase-0:1.2.1-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-camelcase-keys-0:1.0.0-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-camelcase-keys-0:1.0.0-2.el7aos', - name: 'nodejs-camelcase-keys-0:1.0.0-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-caseless-0:0.11.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-caseless-0:0.11.0-1.el7aos', - name: 'nodejs-caseless-0:0.11.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-center-align-0:0.1.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-center-align-0:0.1.1-1.el7aos', - name: 'nodejs-center-align-0:0.1.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-chalk-0:1.1.1-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-chalk-0:1.1.1-2.el7aos', - name: 'nodejs-chalk-0:1.1.1-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-client-sessions-0:0.7.0-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-client-sessions-0:0.7.0-2.el7aos', - name: 'nodejs-client-sessions-0:0.7.0-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-cliui-0:2.1.0-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-cliui-0:2.1.0-2.el7aos', - name: 'nodejs-cliui-0:2.1.0-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-coffee-script-0:1.10.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-coffee-script-0:1.10.0-1.el7aos', - name: 'nodejs-coffee-script-0:1.10.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-colors-0:1.1.2-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-colors-0:1.1.2-1.el7aos', - name: 'nodejs-colors-0:1.1.2-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-combined-stream-0:1.0.5-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-combined-stream-0:1.0.5-1.el7aos', - name: 'nodejs-combined-stream-0:1.0.5-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-commander-0:2.8.1-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-commander-0:2.8.1-2.el7aos', - name: 'nodejs-commander-0:2.8.1-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-concat-map-0:0.0.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-concat-map-0:0.0.1-1.el7aos', - name: 'nodejs-concat-map-0:0.0.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-concat-stream-0:1.4.7-3.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-concat-stream-0:1.4.7-3.el7aos', - name: 'nodejs-concat-stream-0:1.4.7-3.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-content-disposition-0:0.5.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-content-disposition-0:0.5.0-1.el7aos', - name: 'nodejs-content-disposition-0:0.5.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-content-type-0:1.0.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-content-type-0:1.0.1-1.el7aos', - name: 'nodejs-content-type-0:1.0.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-cookie-0:0.2.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-cookie-0:0.2.0-1.el7aos', - name: 'nodejs-cookie-0:0.2.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-cookie-signature-0:1.0.6-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-cookie-signature-0:1.0.6-1.el7aos', - name: 'nodejs-cookie-signature-0:1.0.6-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-cookies-0:0.5.0-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-cookies-0:0.5.0-2.el7aos', - name: 'nodejs-cookies-0:0.5.0-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-core-util-is-0:1.0.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-core-util-is-0:1.0.1-1.el7aos', - name: 'nodejs-core-util-is-0:1.0.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-cryptiles-0:2.0.5-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-cryptiles-0:2.0.5-2.el7aos', - name: 'nodejs-cryptiles-0:2.0.5-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-ctype-0:0.5.3-3.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-ctype-0:0.5.3-3.el7aos', - name: 'nodejs-ctype-0:0.5.3-3.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-dateformat-0:1.0.6-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-dateformat-0:1.0.6-1.el7aos', - name: 'nodejs-dateformat-0:1.0.6-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-debug-0:2.2.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-debug-0:2.2.0-1.el7aos', - name: 'nodejs-debug-0:2.2.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-decamelize-0:1.0.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-decamelize-0:1.0.0-1.el7aos', - name: 'nodejs-decamelize-0:1.0.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-delayed-stream-0:1.0.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-delayed-stream-0:1.0.0-1.el7aos', - name: 'nodejs-delayed-stream-0:1.0.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-depd-0:1.1.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-depd-0:1.1.0-1.el7aos', - name: 'nodejs-depd-0:1.1.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-destroy-0:1.0.3-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-destroy-0:1.0.3-1.el7aos', - name: 'nodejs-destroy-0:1.0.3-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-ee-first-0:1.1.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-ee-first-0:1.1.1-1.el7aos', - name: 'nodejs-ee-first-0:1.1.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-errno-0:0.1.4-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-errno-0:0.1.4-1.el7aos', - name: 'nodejs-errno-0:0.1.4-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-escape-html-0:1.0.3-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-escape-html-0:1.0.3-1.el7aos', - name: 'nodejs-escape-html-0:1.0.3-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-escape-string-regexp-0:1.0.3-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-escape-string-regexp-0:1.0.3-1.el7aos', - name: 'nodejs-escape-string-regexp-0:1.0.3-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-esprima-0:2.7.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-esprima-0:2.7.0-1.el7aos', - name: 'nodejs-esprima-0:2.7.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-etag-0:1.7.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-etag-0:1.7.0-1.el7aos', - name: 'nodejs-etag-0:1.7.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-eventemitter2-0:0.4.14-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-eventemitter2-0:0.4.14-1.el7aos', - name: 'nodejs-eventemitter2-0:0.4.14-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-eventemitter3-0:1.1.1-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-eventemitter3-0:1.1.1-2.el7aos', - name: 'nodejs-eventemitter3-0:1.1.1-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-exit-0:0.1.2-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-exit-0:0.1.2-1.el7aos', - name: 'nodejs-exit-0:0.1.2-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-express-0:4.13.3-4.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-express-0:4.13.3-4.el7', - name: 'nodejs-express-0:4.13.3-4.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-extend-0:3.0.0-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-extend-0:3.0.0-2.el7aos', - name: 'nodejs-extend-0:3.0.0-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-file-sync-cmp-0:0.1.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-file-sync-cmp-0:0.1.1-1.el7aos', - name: 'nodejs-file-sync-cmp-0:0.1.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-finalhandler-0:0.4.0-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-finalhandler-0:0.4.0-2.el7aos', - name: 'nodejs-finalhandler-0:0.4.0-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-findup-sync-0:0.3.0-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-findup-sync-0:0.3.0-2.el7aos', - name: 'nodejs-findup-sync-0:0.3.0-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-forever-agent-0:0.6.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-forever-agent-0:0.6.1-1.el7aos', - name: 'nodejs-forever-agent-0:0.6.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-form-data-0:1.0.0-rc3.1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-form-data-0:1.0.0-rc3.1.el7aos', - name: 'nodejs-form-data-0:1.0.0-rc3.1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-forwarded-0:0.1.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-forwarded-0:0.1.0-1.el7aos', - name: 'nodejs-forwarded-0:0.1.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-fresh-0:0.3.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-fresh-0:0.3.0-1.el7aos', - name: 'nodejs-fresh-0:0.3.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-generate-function-0:2.0.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-generate-function-0:2.0.0-1.el7aos', - name: 'nodejs-generate-function-0:2.0.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-generate-object-property-0:1.2.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-generate-object-property-0:1.2.0-1.el7aos', - name: 'nodejs-generate-object-property-0:1.2.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-getobject-0:0.1.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-getobject-0:0.1.0-1.el7aos', - name: 'nodejs-getobject-0:0.1.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-glob-0:5.0.15-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-glob-0:5.0.15-1.el7aos', - name: 'nodejs-glob-0:5.0.15-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-graceful-fs-0:4.1.2-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-graceful-fs-0:4.1.2-1.el7aos', - name: 'nodejs-graceful-fs-0:4.1.2-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-graceful-readlink-0:1.0.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-graceful-readlink-0:1.0.1-1.el7aos', - name: 'nodejs-graceful-readlink-0:1.0.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-grunt-0:0.4.5-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-grunt-0:0.4.5-1.el7aos', - name: 'nodejs-grunt-0:0.4.5-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-grunt-cli-0:0.1.13-3.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-grunt-cli-0:0.1.13-3.el7aos', - name: 'nodejs-grunt-cli-0:0.1.13-3.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-grunt-contrib-clean-0:0.7.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-grunt-contrib-clean-0:0.7.0-1.el7aos', - name: 'nodejs-grunt-contrib-clean-0:0.7.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-grunt-contrib-copy-0:0.8.2-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-grunt-contrib-copy-0:0.8.2-1.el7aos', - name: 'nodejs-grunt-contrib-copy-0:0.8.2-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-grunt-contrib-less-0:1.1.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-grunt-contrib-less-0:1.1.0-1.el7aos', - name: 'nodejs-grunt-contrib-less-0:1.1.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-grunt-legacy-log-0:0.1.2-3.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-grunt-legacy-log-0:0.1.2-3.el7aos', - name: 'nodejs-grunt-legacy-log-0:0.1.2-3.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-grunt-legacy-log-utils-0:0.1.1-3.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-grunt-legacy-log-utils-0:0.1.1-3.el7aos', - name: 'nodejs-grunt-legacy-log-utils-0:0.1.1-3.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-grunt-legacy-util-0:0.2.0-3.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-grunt-legacy-util-0:0.2.0-3.el7aos', - name: 'nodejs-grunt-legacy-util-0:0.2.0-3.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-har-validator-0:1.8.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-har-validator-0:1.8.0-1.el7aos', - name: 'nodejs-har-validator-0:1.8.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-has-ansi-0:2.0.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-has-ansi-0:2.0.0-1.el7aos', - name: 'nodejs-has-ansi-0:2.0.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-has-color-0:0.1.7-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-has-color-0:0.1.7-2.el7aos', - name: 'nodejs-has-color-0:0.1.7-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-has-flag-0:1.0.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-has-flag-0:1.0.0-1.el7aos', - name: 'nodejs-has-flag-0:1.0.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-hawk-0:3.1.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-hawk-0:3.1.0-1.el7aos', - name: 'nodejs-hawk-0:3.1.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-hoek-0:2.14.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-hoek-0:2.14.0-1.el7aos', - name: 'nodejs-hoek-0:2.14.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-hooker-0:0.2.3-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-hooker-0:0.2.3-1.el7aos', - name: 'nodejs-hooker-0:0.2.3-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-http-errors-0:1.3.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-http-errors-0:1.3.1-1.el7aos', - name: 'nodejs-http-errors-0:1.3.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-http-proxy-0:1.11.2-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-http-proxy-0:1.11.2-2.el7aos', - name: 'nodejs-http-proxy-0:1.11.2-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-http-signature-0:0.11.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-http-signature-0:0.11.0-1.el7aos', - name: 'nodejs-http-signature-0:0.11.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-iconv-lite-0:0.4.13-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-iconv-lite-0:0.4.13-1.el7aos', - name: 'nodejs-iconv-lite-0:0.4.13-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-image-size-0:0.4.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-image-size-0:0.4.0-1.el7aos', - name: 'nodejs-image-size-0:0.4.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-indent-string-0:2.1.0-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-indent-string-0:2.1.0-2.el7aos', - name: 'nodejs-indent-string-0:2.1.0-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-inflight-0:1.0.4-6.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-inflight-0:1.0.4-6.el7aos', - name: 'nodejs-inflight-0:1.0.4-6.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-inherits-0:2.0.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-inherits-0:2.0.1-1.el7aos', - name: 'nodejs-inherits-0:2.0.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-invert-kv-0:1.0.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-invert-kv-0:1.0.0-1.el7aos', - name: 'nodejs-invert-kv-0:1.0.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-ipaddr.js-0:1.0.3-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-ipaddr.js-0:1.0.3-1.el7aos', - name: 'nodejs-ipaddr.js-0:1.0.3-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-is-absolute-0:0.2.3-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-is-absolute-0:0.2.3-1.el7aos', - name: 'nodejs-is-absolute-0:0.2.3-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-is-buffer-0:1.0.2-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-is-buffer-0:1.0.2-1.el7aos', - name: 'nodejs-is-buffer-0:1.0.2-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-is-finite-0:1.0.1-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-is-finite-0:1.0.1-2.el7aos', - name: 'nodejs-is-finite-0:1.0.1-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-is-my-json-valid-0:2.12.2-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-is-my-json-valid-0:2.12.2-1.el7aos', - name: 'nodejs-is-my-json-valid-0:2.12.2-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-is-property-0:1.0.2-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-is-property-0:1.0.2-1.el7aos', - name: 'nodejs-is-property-0:1.0.2-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-is-relative-0:0.2.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-is-relative-0:0.2.1-1.el7aos', - name: 'nodejs-is-relative-0:0.2.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-is-unc-path-0:0.1.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-is-unc-path-0:0.1.1-1.el7aos', - name: 'nodejs-is-unc-path-0:0.1.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-is-windows-0:0.1.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-is-windows-0:0.1.0-1.el7aos', - name: 'nodejs-is-windows-0:0.1.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-isarray-0:0.0.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-isarray-0:0.0.1-1.el7aos', - name: 'nodejs-isarray-0:0.0.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-isstream-0:0.1.2-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-isstream-0:0.1.2-1.el7aos', - name: 'nodejs-isstream-0:0.1.2-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-js-yaml-0:3.4.3-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-js-yaml-0:3.4.3-1.el7aos', - name: 'nodejs-js-yaml-0:3.4.3-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-json-stringify-safe-0:5.0.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-json-stringify-safe-0:5.0.1-1.el7aos', - name: 'nodejs-json-stringify-safe-0:5.0.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-jsonpointer-0:2.0.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-jsonpointer-0:2.0.0-1.el7aos', - name: 'nodejs-jsonpointer-0:2.0.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-keygrip-0:1.0.1-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-keygrip-0:1.0.1-2.el7aos', - name: 'nodejs-keygrip-0:1.0.1-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-kind-of-0:3.0.2-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-kind-of-0:3.0.2-1.el7aos', - name: 'nodejs-kind-of-0:3.0.2-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-lcid-0:1.0.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-lcid-0:1.0.0-1.el7aos', - name: 'nodejs-lcid-0:1.0.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-less-0:2.5.3-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-less-0:2.5.3-2.el7aos', - name: 'nodejs-less-0:2.5.3-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-lodash-0:3.10.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-lodash-0:3.10.1-1.el7aos', - name: 'nodejs-lodash-0:3.10.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-longest-0:1.0.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-longest-0:1.0.1-1.el7aos', - name: 'nodejs-longest-0:1.0.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-lru-cache-0:4.0.2-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-lru-cache-0:4.0.2-1.el7', - name: 'nodejs-lru-cache-0:4.0.2-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-map-obj-0:1.0.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-map-obj-0:1.0.1-1.el7aos', - name: 'nodejs-map-obj-0:1.0.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-media-typer-0:0.3.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-media-typer-0:0.3.0-1.el7aos', - name: 'nodejs-media-typer-0:0.3.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-meow-0:2.0.0-3.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-meow-0:2.0.0-3.el7aos', - name: 'nodejs-meow-0:2.0.0-3.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-merge-descriptors-0:1.0.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-merge-descriptors-0:1.0.0-1.el7aos', - name: 'nodejs-merge-descriptors-0:1.0.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-methods-0:1.1.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-methods-0:1.1.1-1.el7aos', - name: 'nodejs-methods-0:1.1.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-mime-0:1.3.4-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-mime-0:1.3.4-1.el7aos', - name: 'nodejs-mime-0:1.3.4-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-mime-db-0:1.23.0-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-mime-db-0:1.23.0-1.el7', - name: 'nodejs-mime-db-0:1.23.0-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-mime-types-0:2.1.11-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-mime-types-0:2.1.11-1.el7', - name: 'nodejs-mime-types-0:2.1.11-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-minimatch-0:3.0.2-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-minimatch-0:3.0.2-1.el7', - name: 'nodejs-minimatch-0:3.0.2-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-minimist-0:1.2.0-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-minimist-0:1.2.0-2.el7aos', - name: 'nodejs-minimist-0:1.2.0-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-mkdirp-0:0.5.0-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-mkdirp-0:0.5.0-2.el7aos', - name: 'nodejs-mkdirp-0:0.5.0-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-morgan-0:1.6.1-3.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-morgan-0:1.6.1-3.el7aos', - name: 'nodejs-morgan-0:1.6.1-3.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-ms-0:0.7.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-ms-0:0.7.1-1.el7aos', - name: 'nodejs-ms-0:0.7.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-negotiator-0:0.6.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-negotiator-0:0.6.1-1.el7', - name: 'nodejs-negotiator-0:0.6.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-node-uuid-0:1.4.7-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-node-uuid-0:1.4.7-1.el7', - name: 'nodejs-node-uuid-0:1.4.7-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-nopt-0:3.0.4-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-nopt-0:3.0.4-1.el7aos', - name: 'nodejs-nopt-0:3.0.4-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-number-is-nan-0:1.0.0-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-number-is-nan-0:1.0.0-2.el7aos', - name: 'nodejs-number-is-nan-0:1.0.0-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-oauth-0:0.9.13-3.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-oauth-0:0.9.13-3.el7aos', - name: 'nodejs-oauth-0:0.9.13-3.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-oauth-sign-0:0.8.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-oauth-sign-0:0.8.0-1.el7aos', - name: 'nodejs-oauth-sign-0:0.8.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-object-assign-0:4.0.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-object-assign-0:4.0.1-1.el7aos', - name: 'nodejs-object-assign-0:4.0.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-on-finished-0:2.3.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-on-finished-0:2.3.0-1.el7aos', - name: 'nodejs-on-finished-0:2.3.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-on-headers-0:1.0.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-on-headers-0:1.0.0-1.el7aos', - name: 'nodejs-on-headers-0:1.0.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-once-0:1.3.2-5.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-once-0:1.3.2-5.el7aos', - name: 'nodejs-once-0:1.3.2-5.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-openshift-auth-proxy-0:0.1.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-openshift-auth-proxy-0:0.1.1-1.el7', - name: 'nodejs-openshift-auth-proxy-0:0.1.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-os-locale-0:1.4.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-os-locale-0:1.4.0-1.el7aos', - name: 'nodejs-os-locale-0:1.4.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-packaging-0:7-5.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-packaging-0:7-5.el7aos', - name: 'nodejs-packaging-0:7-5.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-parse-duration-0:0.1.1-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-parse-duration-0:0.1.1-2.el7aos', - name: 'nodejs-parse-duration-0:0.1.1-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-parseurl-0:1.3.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-parseurl-0:1.3.0-1.el7aos', - name: 'nodejs-parseurl-0:1.3.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-passport-0:0.2.2-4.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-passport-0:0.2.2-4.el7aos', - name: 'nodejs-passport-0:0.2.2-4.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-passport-http-bearer-0:1.0.1-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-passport-http-bearer-0:1.0.1-2.el7aos', - name: 'nodejs-passport-http-bearer-0:1.0.1-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-passport-oauth2-0:1.1.2-4.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-passport-oauth2-0:1.1.2-4.el7aos', - name: 'nodejs-passport-oauth2-0:1.1.2-4.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-passport-strategy-0:1.0.0-4.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-passport-strategy-0:1.0.0-4.el7aos', - name: 'nodejs-passport-strategy-0:1.0.0-4.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-path-is-absolute-0:1.0.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-path-is-absolute-0:1.0.0-1.el7aos', - name: 'nodejs-path-is-absolute-0:1.0.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-path-to-regexp-0:1.2.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-path-to-regexp-0:1.2.1-1.el7aos', - name: 'nodejs-path-to-regexp-0:1.2.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-patternfly-0:2.2.0-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-patternfly-0:2.2.0-2.el7', - name: 'nodejs-patternfly-0:2.2.0-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-pause-0:0.0.1-3.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-pause-0:0.0.1-3.el7aos', - name: 'nodejs-pause-0:0.0.1-3.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-process-nextick-args-0:1.0.2-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-process-nextick-args-0:1.0.2-1.el7aos', - name: 'nodejs-process-nextick-args-0:1.0.2-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-promise-0:7.1.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-promise-0:7.1.1-1.el7aos', - name: 'nodejs-promise-0:7.1.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-proxy-addr-0:1.0.8-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-proxy-addr-0:1.0.8-2.el7aos', - name: 'nodejs-proxy-addr-0:1.0.8-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-prr-0:1.0.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-prr-0:1.0.1-1.el7aos', - name: 'nodejs-prr-0:1.0.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-pseudomap-0:1.0.2-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-pseudomap-0:1.0.2-2.el7', - name: 'nodejs-pseudomap-0:1.0.2-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-qs-0:5.2.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-qs-0:5.2.0-1.el7aos', - name: 'nodejs-qs-0:5.2.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-range-parser-0:1.0.2-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-range-parser-0:1.0.2-1.el7aos', - name: 'nodejs-range-parser-0:1.0.2-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-raw-body-0:2.1.4-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-raw-body-0:2.1.4-2.el7aos', - name: 'nodejs-raw-body-0:2.1.4-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-readable-stream-0:2.0.2-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-readable-stream-0:2.0.2-1.el7aos', - name: 'nodejs-readable-stream-0:2.0.2-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-repeat-string-0:1.5.2-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-repeat-string-0:1.5.2-1.el7aos', - name: 'nodejs-repeat-string-0:1.5.2-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-repeating-0:2.0.0-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-repeating-0:2.0.0-2.el7aos', - name: 'nodejs-repeating-0:2.0.0-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-request-0:2.61.0-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-request-0:2.61.0-2.el7aos', - name: 'nodejs-request-0:2.61.0-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-requires-port-0:0.0.1-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-requires-port-0:0.0.1-2.el7aos', - name: 'nodejs-requires-port-0:0.0.1-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-resolve-0:1.1.6-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-resolve-0:1.1.6-1.el7aos', - name: 'nodejs-resolve-0:1.1.6-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-right-align-0:0.1.3-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-right-align-0:0.1.3-1.el7aos', - name: 'nodejs-right-align-0:0.1.3-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-rimraf-0:2.4.4-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-rimraf-0:2.4.4-1.el7aos', - name: 'nodejs-rimraf-0:2.4.4-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-send-0:0.13.0-3.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-send-0:0.13.0-3.el7aos', - name: 'nodejs-send-0:0.13.0-3.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-serve-static-0:1.10.0-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-serve-static-0:1.10.0-2.el7aos', - name: 'nodejs-serve-static-0:1.10.0-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-sntp-0:1.0.9-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-sntp-0:1.0.9-2.el7aos', - name: 'nodejs-sntp-0:1.0.9-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-source-map-0:0.1.33-3.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-source-map-0:0.1.33-3.el7aos', - name: 'nodejs-source-map-0:0.1.33-3.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-sprintf-js-0:1.0.3-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-sprintf-js-0:1.0.3-1.el7aos', - name: 'nodejs-sprintf-js-0:1.0.3-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-statuses-0:1.2.1-3.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-statuses-0:1.2.1-3.el7aos', - name: 'nodejs-statuses-0:1.2.1-3.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-stringstream-0:0.0.4-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-stringstream-0:0.0.4-1.el7aos', - name: 'nodejs-stringstream-0:0.0.4-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-string_decoder-0:0.10.31-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-string_decoder-0:0.10.31-2.el7aos', - name: 'nodejs-string_decoder-0:0.10.31-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-strip-ansi-0:3.0.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-strip-ansi-0:3.0.0-1.el7aos', - name: 'nodejs-strip-ansi-0:3.0.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-supports-color-0:3.1.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-supports-color-0:3.1.1-1.el7aos', - name: 'nodejs-supports-color-0:3.1.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-tough-cookie-0:2.3.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-tough-cookie-0:2.3.1-1.el7', - name: 'nodejs-tough-cookie-0:2.3.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-tunnel-agent-0:0.4.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-tunnel-agent-0:0.4.1-1.el7aos', - name: 'nodejs-tunnel-agent-0:0.4.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-type-is-0:1.6.9-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-type-is-0:1.6.9-1.el7aos', - name: 'nodejs-type-is-0:1.6.9-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-typedarray-0:0.0.6-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-typedarray-0:0.0.6-1.el7aos', - name: 'nodejs-typedarray-0:0.0.6-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-uid2-0:0.0.3-3.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-uid2-0:0.0.3-3.el7aos', - name: 'nodejs-uid2-0:0.0.3-3.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-unc-path-regex-0:0.1.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-unc-path-regex-0:0.1.1-1.el7aos', - name: 'nodejs-unc-path-regex-0:0.1.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-underscore-dot-string-0:3.2.2-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-underscore-dot-string-0:3.2.2-1.el7aos', - name: 'nodejs-underscore-dot-string-0:3.2.2-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-unpipe-0:1.0.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-unpipe-0:1.0.0-1.el7aos', - name: 'nodejs-unpipe-0:1.0.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-url-join-0:0.0.1-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-url-join-0:0.0.1-2.el7aos', - name: 'nodejs-url-join-0:0.0.1-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-util-deprecate-0:1.0.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-util-deprecate-0:1.0.1-1.el7aos', - name: 'nodejs-util-deprecate-0:1.0.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-utils-merge-0:1.0.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-utils-merge-0:1.0.0-1.el7aos', - name: 'nodejs-utils-merge-0:1.0.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-vary-0:1.0.1-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-vary-0:1.0.1-1.el7aos', - name: 'nodejs-vary-0:1.0.1-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-which-0:1.2.0-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-which-0:1.2.0-2.el7aos', - name: 'nodejs-which-0:1.2.0-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-window-size-0:0.1.2-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:nodejs-window-size-0:0.1.2-1.el7aos', - name: 'nodejs-window-size-0:0.1.2-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-wordwrap-0:1.0.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-wordwrap-0:1.0.0-1.el7aos', - name: 'nodejs-wordwrap-0:1.0.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-wrappy-0:1.0.1-4.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-wrappy-0:1.0.1-4.el7aos', - name: 'nodejs-wrappy-0:1.0.1-4.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-xtend-0:4.0.0-4.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-xtend-0:4.0.0-4.el7aos', - name: 'nodejs-xtend-0:4.0.0-4.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-y18n-0:3.1.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-y18n-0:3.1.0-1.el7aos', - name: 'nodejs-y18n-0:3.1.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-yallist-0:2.0.0-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-yallist-0:2.0.0-2.el7', - name: 'nodejs-yallist-0:2.0.0-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'nodejs-yargs-0:3.24.0-1.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:nodejs-yargs-0:3.24.0-1.el7aos', - name: 'nodejs-yargs-0:3.24.0-1.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'openshift-ansible-0:3.9.14-1.git.0.ca2cfc3.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.14-1.git.0.ca2cfc3.el7', - name: 'openshift-ansible-0:3.9.14-1.git.0.ca2cfc3.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'openshift-elasticsearch-plugin-0:2.4.4.21__redhat_1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.21__redhat_1-1.el7', - name: 'openshift-elasticsearch-plugin-0:2.4.4.21__redhat_1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'openshift-enterprise-image-registry-0:3.8.0-1.git.216.b6b90bb.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-1.git.216.b6b90bb.el7', - name: 'openshift-enterprise-image-registry-0:3.8.0-1.git.216.b6b90bb.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'openshift-eventrouter-0:0.1-2.git5bd9251.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-2.git5bd9251.el7', - name: 'openshift-eventrouter-0:0.1-2.git5bd9251.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'openshift-external-storage-0:0.0.1-8.git78d6339.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-8.git78d6339.el7', - name: 'openshift-external-storage-0:0.0.1-8.git78d6339.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'openvswitch-ovn-kubernetes-0:0.1.0-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-2.el7', - name: 'openvswitch-ovn-kubernetes-0:0.1.0-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'origin-kibana-0:4.5.1-8.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:origin-kibana-0:4.5.1-8.el7', - name: 'origin-kibana-0:4.5.1-8.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'perl-IO-String-0:1.08-20.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:perl-IO-String-0:1.08-20.el7', - name: 'perl-IO-String-0:1.08-20.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'postgresql-apb-role-0:1.1.14-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:postgresql-apb-role-0:1.1.14-1.el7', - name: 'postgresql-apb-role-0:1.1.14-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-boto-0:2.34.0-5.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-boto-0:2.34.0-5.el7', - name: 'python-boto-0:2.34.0-5.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-boto3-0:1.4.0-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-boto3-0:1.4.0-1.el7', - name: 'python-boto3-0:1.4.0-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-botocore-0:1.4.57-5.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-botocore-0:1.4.57-5.el7', - name: 'python-botocore-0:1.4.57-5.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-cachetools-0:1.0.3-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-cachetools-0:1.0.3-1.el7', - name: 'python-cachetools-0:1.0.3-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-certifi-0:2016.9.26-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-certifi-0:2016.9.26-2.el7', - name: 'python-certifi-0:2016.9.26-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-clamd-0:1.0.2-4.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-clamd-0:1.0.2-4.el7', - name: 'python-clamd-0:1.0.2-4.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-click-0:4.1-3.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-click-0:4.1-3.el7', - name: 'python-click-0:4.1-3.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-crontab-0:2.0.2-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-crontab-0:2.0.2-1.el7', - name: 'python-crontab-0:2.0.2-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-crypto-0:2.6.1-16.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-crypto-0:2.6.1-16.el7', - name: 'python-crypto-0:2.6.1-16.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-dictdiffer-0:0.6.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-dictdiffer-0:0.6.1-1.el7', - name: 'python-dictdiffer-0:0.6.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-docker-0:2.4.2-1.3.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-docker-0:2.4.2-1.3.el7', - name: 'python-docker-0:2.4.2-1.3.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-elasticsearch-0:2.3.0-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:python-elasticsearch-0:2.3.0-1.el7', - name: 'python-elasticsearch-0:2.3.0-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-futures-0:3.0.3-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-futures-0:3.0.3-2.el7', - name: 'python-futures-0:3.0.3-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-google-auth-0:1.1.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-google-auth-0:1.1.1-1.el7', - name: 'python-google-auth-0:1.1.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-httplib2-0:0.9.2-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-httplib2-0:0.9.2-1.el7', - name: 'python-httplib2-0:0.9.2-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-jmespath-0:0.9.0-3.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-jmespath-0:0.9.0-3.el7', - name: 'python-jmespath-0:0.9.0-3.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-jwt-0:1.4.0-2.1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-jwt-0:1.4.0-2.1.el7', - name: 'python-jwt-0:1.4.0-2.1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-keyczar-0:0.71c-2.el7aos', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-keyczar-0:0.71c-2.el7aos', - name: 'python-keyczar-0:0.71c-2.el7aos as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-kubernetes-0:5.0.0-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-kubernetes-0:5.0.0-1.el7', - name: 'python-kubernetes-0:5.0.0-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-libcloud-0:2.2.1-20180102gitd701bf9.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:python-libcloud-0:2.2.1-20180102gitd701bf9.el7', - name: 'python-libcloud-0:2.2.1-20180102gitd701bf9.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-mock-0:1.0.1-9.2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-mock-0:1.0.1-9.2.el7', - name: 'python-mock-0:1.0.1-9.2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-oauthlib-0:0.6.0-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-oauthlib-0:0.6.0-2.el7', - name: 'python-oauthlib-0:0.6.0-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-openshift-1:0.5.0-8.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-openshift-1:0.5.0-8.el7', - name: 'python-openshift-1:0.5.0-8.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-paramiko-0:2.1.1-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-paramiko-0:2.1.1-2.el7', - name: 'python-paramiko-0:2.1.1-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-passlib-0:1.6.5-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-passlib-0:1.6.5-2.el7', - name: 'python-passlib-0:1.6.5-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-py-0:1.4.32-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-py-0:1.4.32-2.el7', - name: 'python-py-0:1.4.32-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-pysocks-0:1.5.7-4.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-pysocks-0:1.5.7-4.el7', - name: 'python-pysocks-0:1.5.7-4.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-requests-oauthlib-0:0.4.0-7.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:python-requests-oauthlib-0:0.4.0-7.el7', - name: 'python-requests-oauthlib-0:0.4.0-7.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-rsa-0:3.4.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-rsa-0:3.4.1-1.el7', - name: 'python-rsa-0:3.4.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-ruamel-ordereddict-0:0.4.9-5.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:python-ruamel-ordereddict-0:0.4.9-5.el7', - name: 'python-ruamel-ordereddict-0:0.4.9-5.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-ruamel-yaml-0:0.15.23-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:python-ruamel-yaml-0:0.15.23-2.el7', - name: 'python-ruamel-yaml-0:0.15.23-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-s3transfer-0:0.1.3-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-s3transfer-0:0.1.3-1.el7', - name: 'python-s3transfer-0:0.1.3-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-setuptools-0:17.1.1-4.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-setuptools-0:17.1.1-4.el7', - name: 'python-setuptools-0:17.1.1-4.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-string_utils-0:0.6.0-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-string_utils-0:0.6.0-2.el7', - name: 'python-string_utils-0:0.6.0-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-typing-0:3.5.2.2-3.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-typing-0:3.5.2.2-3.el7', - name: 'python-typing-0:3.5.2.2-3.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'python-urllib3-0:1.21.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:python-urllib3-0:1.21.1-1.el7', - name: 'python-urllib3-0:1.21.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-activesupport-1:4.2.10-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-activesupport-1:4.2.10-1.el7', - name: 'rubygem-activesupport-1:4.2.10-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-addressable-0:2.5.2-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-addressable-0:2.5.2-1.el7', - name: 'rubygem-addressable-0:2.5.2-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-concurrent-ruby-0:1.0.5-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-concurrent-ruby-0:1.0.5-1.el7', - name: 'rubygem-concurrent-ruby-0:1.0.5-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-cool.io-0:1.5.3-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-cool.io-0:1.5.3-1.el7', - name: 'rubygem-cool.io-0:1.5.3-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-docker-api-0:1.22.4-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-docker-api-0:1.22.4-2.el7', - name: 'rubygem-docker-api-0:1.22.4-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-domain_name-0:0.5.20170404-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-domain_name-0:0.5.20170404-2.el7', - name: 'rubygem-domain_name-0:0.5.20170404-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-elasticsearch-0:2.0.2-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-elasticsearch-0:2.0.2-1.el7', - name: 'rubygem-elasticsearch-0:2.0.2-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-elasticsearch-api-0:2.0.2-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-elasticsearch-api-0:2.0.2-1.el7', - name: 'rubygem-elasticsearch-api-0:2.0.2-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-elasticsearch-transport-0:2.0.2-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-elasticsearch-transport-0:2.0.2-1.el7', - name: 'rubygem-elasticsearch-transport-0:2.0.2-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-excon-0:0.60.0-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-excon-0:0.60.0-1.el7', - name: 'rubygem-excon-0:0.60.0-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-faraday-0:0.13.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-faraday-0:0.13.1-1.el7', - name: 'rubygem-faraday-0:0.13.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-ffi-0:1.9.23-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-ffi-0:1.9.23-1.el7', - name: 'rubygem-ffi-0:1.9.23-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'rubygem-fluent-mixin-config-placeholders-0:0.4.0-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-fluent-mixin-config-placeholders-0:0.4.0-1.el7', - name: 'rubygem-fluent-mixin-config-placeholders-0:0.4.0-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'rubygem-fluent-plugin-docker_metadata_filter-0:0.1.1-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-docker_metadata_filter-0:0.1.1-2.el7', - name: 'rubygem-fluent-plugin-docker_metadata_filter-0:0.1.1-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-fluent-plugin-elasticsearch-0:1.13.2-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.13.2-1.el7', - name: 'rubygem-fluent-plugin-elasticsearch-0:1.13.2-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-fluent-plugin-flatten-hash-0:0.4.0-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-flatten-hash-0:0.4.0-1.el7', - name: 'rubygem-fluent-plugin-flatten-hash-0:0.4.0-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7', - name: 'rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'rubygem-fluent-plugin-record-modifier-0:0.6.2-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-record-modifier-0:0.6.2-1.el7', - name: 'rubygem-fluent-plugin-record-modifier-0:0.6.2-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-fluent-plugin-remote-syslog-0:1.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-remote-syslog-0:1.1-1.el7', - name: 'rubygem-fluent-plugin-remote-syslog-0:1.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'rubygem-fluent-plugin-rewrite-tag-filter-0:1.5.6-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-rewrite-tag-filter-0:1.5.6-1.el7', - name: 'rubygem-fluent-plugin-rewrite-tag-filter-0:1.5.6-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-fluent-plugin-secure-forward-0:0.4.5-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-secure-forward-0:0.4.5-1.el7', - name: 'rubygem-fluent-plugin-secure-forward-0:0.4.5-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-fluent-plugin-systemd-0:0.0.9-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7', - name: 'rubygem-fluent-plugin-systemd-0:0.0.9-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: - 'rubygem-fluent-plugin-viaq_data_model-0:0.0.13-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-viaq_data_model-0:0.0.13-1.el7', - name: 'rubygem-fluent-plugin-viaq_data_model-0:0.0.13-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-http-0:0.9.8-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-http-0:0.9.8-2.el7', - name: 'rubygem-http-0:0.9.8-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-http-cookie-0:1.0.3-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-http-cookie-0:1.0.3-1.el7', - name: 'rubygem-http-cookie-0:1.0.3-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-http-form_data-0:1.0.3-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-http-form_data-0:1.0.3-1.el7', - name: 'rubygem-http-form_data-0:1.0.3-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-http_parser.rb-0:0.6.0-4.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-http_parser.rb-0:0.6.0-4.el7', - name: 'rubygem-http_parser.rb-0:0.6.0-4.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-i18n-0:0.9.5-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-i18n-0:0.9.5-1.el7', - name: 'rubygem-i18n-0:0.9.5-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-kubeclient-0:1.1.4-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-kubeclient-0:1.1.4-1.el7', - name: 'rubygem-kubeclient-0:1.1.4-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-lru_redux-0:1.1.0-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-lru_redux-0:1.1.0-2.el7', - name: 'rubygem-lru_redux-0:1.1.0-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-mime-types-0:3.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-mime-types-0:3.1-1.el7', - name: 'rubygem-mime-types-0:3.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-mime-types-data-0:3.2016.0521-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-mime-types-data-0:3.2016.0521-1.el7', - name: 'rubygem-mime-types-data-0:3.2016.0521-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-minitest-0:5.10.3-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-minitest-0:5.10.3-1.el7', - name: 'rubygem-minitest-0:5.10.3-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-msgpack-0:1.2.2-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-msgpack-0:1.2.2-1.el7', - name: 'rubygem-msgpack-0:1.2.2-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-multipart-post-0:2.0.0-3.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-multipart-post-0:2.0.0-3.el7', - name: 'rubygem-multipart-post-0:2.0.0-3.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-multi_json-0:1.13.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-multi_json-0:1.13.1-1.el7', - name: 'rubygem-multi_json-0:1.13.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-netrc-0:0.11.0-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-netrc-0:0.11.0-1.el7', - name: 'rubygem-netrc-0:0.11.0-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-proxifier-0:1.0.3-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-proxifier-0:1.0.3-2.el7', - name: 'rubygem-proxifier-0:1.0.3-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-public_suffix-0:2.0.5-5.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-public_suffix-0:2.0.5-5.el7', - name: 'rubygem-public_suffix-0:2.0.5-5.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-recursive-open-struct-0:1.0.0-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-recursive-open-struct-0:1.0.0-2.el7', - name: 'rubygem-recursive-open-struct-0:1.0.0-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-resolve-hostname-0:0.1.0-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-resolve-hostname-0:0.1.0-1.el7', - name: 'rubygem-resolve-hostname-0:0.1.0-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-rest-client-0:2.0.2-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-rest-client-0:2.0.2-1.el7', - name: 'rubygem-rest-client-0:2.0.2-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-sigdump-0:0.2.4-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-sigdump-0:0.2.4-1.el7', - name: 'rubygem-sigdump-0:0.2.4-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-string-scrub-0:0.0.5-4.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-string-scrub-0:0.0.5-4.el7', - name: 'rubygem-string-scrub-0:0.0.5-4.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-syslog_protocol-0:0.9.2-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-syslog_protocol-0:0.9.2-1.el7', - name: 'rubygem-syslog_protocol-0:0.9.2-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-systemd-journal-0:1.3.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-systemd-journal-0:1.3.1-1.el7', - name: 'rubygem-systemd-journal-0:1.3.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-thread_safe-0:0.3.6-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-thread_safe-0:0.3.6-1.el7', - name: 'rubygem-thread_safe-0:0.3.6-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-tzinfo-0:1.2.5-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-tzinfo-0:1.2.5-1.el7', - name: 'rubygem-tzinfo-0:1.2.5-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-tzinfo-data-0:1.2018.3-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:rubygem-tzinfo-data-0:1.2018.3-1.el7', - name: 'rubygem-tzinfo-data-0:1.2018.3-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-unf-0:0.1.4-5.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-unf-0:0.1.4-5.el7', - name: 'rubygem-unf-0:0.1.4-5.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-unf_ext-0:0.0.7.5-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-unf_ext-0:0.0.7.5-1.el7', - name: 'rubygem-unf_ext-0:0.0.7.5-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-uuidtools-0:2.1.5-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-uuidtools-0:2.1.5-2.el7', - name: 'rubygem-uuidtools-0:2.1.5-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'rubygem-yajl-ruby-0:1.3.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:rubygem-yajl-ruby-0:1.3.1-1.el7', - name: 'rubygem-yajl-ruby-0:1.3.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'runc-0:1.0.0-24.rc4.dev.gitc6e4a1e.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:runc-0:1.0.0-24.rc4.dev.gitc6e4a1e.el7', - name: 'runc-0:1.0.0-24.rc4.dev.gitc6e4a1e.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'scons-0:2.5.1-1.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:scons-0:2.5.1-1.el7', - name: 'scons-0:2.5.1-1.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'search-guard-2-0:2.4.4.10_redhat_1-3.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: - '7Server-RH7-RHOSE-3.9:search-guard-2-0:2.4.4.10_redhat_1-3.el7', - name: 'search-guard-2-0:2.4.4.10_redhat_1-3.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'sshpass-0:1.06-2.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:sshpass-0:1.06-2.el7', - name: 'sshpass-0:1.06-2.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'thrift-0:0.9.1-15.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:thrift-0:0.9.1-15.el7', - name: 'thrift-0:0.9.1-15.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - { - product_reference: 'v8-1:3.14.5.10-25.el7', - category: 'default_component_of', - relates_to_product_reference: '7Server-RH7-RHOSE-3.9', - full_product_name: { - product_id: '7Server-RH7-RHOSE-3.9:v8-1:3.14.5.10-25.el7', - name: 'v8-1:3.14.5.10-25.el7 as a component of Red Hat OpenShift Container Platform 3.9', - }, - }, - ], - }, - vulnerabilities: [ - { - notes: [ - { - title: 'Vulnerability Description', - category: 'general', - text: 'atomic-openshift: image import whitelist can be bypassed by creating an imagestream or using oc tag', - }, - ], - discovery_date: '2018-04-11T00:00:00Z', - release_date: '2018-03-28T00:00:00Z', - involvements: [ - { - party: 'vendor', - status: 'completed', - }, - ], - cve: 'CVE-2017-15137', - product_status: { - fixed: [ - '7Server-RH7-RHOSE-3.9:ansible-asb-modules-0:0.1.1-1.el7', - '7Server-RH7-RHOSE-3.9:ansible-kubernetes-modules-0:0.4.0-8.el7', - '7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.16-1.el7', - '7Server-RH7-RHOSE-3.9:apb-0:1.1.15-1.el7', - '7Server-RH7-RHOSE-3.9:apb-base-scripts-0:1.1.5-1.el7', - '7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.14-1.git.0.4efa2ca.el7', - '7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.14-1.git.229.04c20c2.el7', - '7Server-RH7-RHOSE-3.9:cockpit-0:160-3.el7', - '7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-5.el7', - '7Server-RH7-RHOSE-3.9:cri-o-0:1.9.10-1.git8723732.el7', - '7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-2.alpha.0.git653cc8c.el7', - '7Server-RH7-RHOSE-3.9:dumb-init-0:1.1.3-12.el7', - '7Server-RH7-RHOSE-3.9:elastic-curator-0:3.5.0-2.el7', - '7Server-RH7-RHOSE-3.9:elasticsearch-0:2.4.4-1.el7', - '7Server-RH7-RHOSE-3.9:elasticsearch-cloud-kubernetes-0:2.4.4.01_redhat_1-1.el7', - '7Server-RH7-RHOSE-3.9:fluentd-0:0.12.42-1.el7', - '7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-2.git885c9f40.el7', - '7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-2.gitceca8c1.el7', - '7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-1.git30af4d0.el7', - '7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:0.15.2-2.git98bc649.el7', - '7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.1.0-1.git85f23d8.el7', - '7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-2.git85ceabc.el7', - '7Server-RH7-RHOSE-3.9:google-cloud-sdk-0:183.0.0-3.el7', - '7Server-RH7-RHOSE-3.9:haproxy-0:1.8.1-5.el7', - '7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-2.el7', - '7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-3.el7', - '7Server-RH7-RHOSE-3.9:http-parser-0:2.7.1-4.el7', - '7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.2-2.el7', - '7Server-RH7-RHOSE-3.9:jenkins-0:2.89.4.1519670652-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-1-0:1.651.2-2.el7', - '7Server-RH7-RHOSE-3.9:jenkins-2-plugins-0:3.9.1519779801-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-ace-editor-0:1.1-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-authentication-tokens-0:1.3-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-0:1.1.2-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-autofavorite-0:0.7-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-commons-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-config-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-dashboard-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-display-url-0:2.0-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-events-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-git-pipeline-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-github-pipeline-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-i18n-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-jwt-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-personalization-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-pipeline-api-impl-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-pipeline-editor-0:0.2.0-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-rest-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-rest-impl-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-web-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-branch-api-0:2.0.9-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-cloudbees-folder-0:6.0.4-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-credentials-0:2.1.13-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-credentials-binding-0:1.11-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-display-url-api-0:2.0-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-docker-commons-0:1.6-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-docker-workflow-0:1.11-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-durable-task-0:1.13-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-favorite-0:2.0.4-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-git-0:3.3.0-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-git-client-0:2.4.5-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-git-server-0:1.7-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-github-0:1.27.0-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-github-api-0:1.85-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-github-branch-source-0:2.0.5-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-handlebars-0:1.1.1-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-icon-shim-0:2.0.3-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-jackson2-api-0:2.7.3-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-jquery-detached-0:1.2.1-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-junit-0:1.20-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-kubernetes-0:0.11-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-mailer-0:1.20-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-mapdb-api-0:1.0.9.0-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-matrix-auth-0:1.5-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-matrix-project-0:1.10-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-mercurial-0:1.59-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-metrics-0:3.1.2.9-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-momentjs-0:1.1.1-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-multiple-scms-0:0.6-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-openshift-client-0:0.9.6-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-openshift-login-0:0.12-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-openshift-pipeline-0:1.0.47-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-openshift-sync-0:0.1.24-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-build-step-0:2.1-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-graph-analysis-0:1.3-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-input-step-0:2.7-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-milestone-step-0:1.3.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-model-api-0:1.1.4-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-model-declarative-agent-0:1.1.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-model-definition-0:1.1.4-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-model-extensions-0:1.1.4-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-rest-api-0:2.6-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-stage-step-0:2.2-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-stage-tags-metadata-0:1.1.4-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-stage-view-0:2.6-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-utility-steps-0:1.3.0-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-plain-credentials-0:1.4-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pubsub-light-0:1.8-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-scm-api-0:2.1.1-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-script-security-0:1.29-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-sse-gateway-0:1.15-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-ssh-credentials-0:1.13-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-structs-0:1.6-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-subversion-0:2.7.2-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-token-macro-0:2.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-variant-0:1.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-aggregator-0:2.1-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-api-0:2.13-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-basic-steps-0:2.4-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-cps-0:2.30-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-cps-global-lib-0:2.8-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-durable-task-step-0:2.11-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-job-0:2.10-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-multibranch-0:2.14-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-remote-loader-0:1.4-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-scm-step-0:2.4-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-step-api-0:2.9-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-support-0:2.14-10.el7', - '7Server-RH7-RHOSE-3.9:kibana-0:4.6.4-4.el7', - '7Server-RH7-RHOSE-3.9:libuv-1:1.7.5-3.el7', - '7Server-RH7-RHOSE-3.9:mariadb-apb-role-0:1.1.10-1.el7', - '7Server-RH7-RHOSE-3.9:mediawiki-apb-role-0:1.1.7-1.el7', - '7Server-RH7-RHOSE-3.9:mediawiki-container-scripts-0:1.0.2-1.el7', - '7Server-RH7-RHOSE-3.9:mediawiki123-0:1.23.13-1.el7', - '7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.10-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-0:4.7.2-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-abbrev-0:1.0.7-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-accepts-0:1.3.3-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-align-text-0:0.1.3-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-amdefine-0:0.0.4-5.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-ansi-regex-0:2.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-ansi-styles-0:2.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-argparse-0:1.0.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-array-flatten-0:1.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-asap-0:2.0.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-asn1-0:0.1.11-4.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-assert-plus-0:0.1.4-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-async-0:1.4.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-aws-sign2-0:0.5.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-balanced-match-0:0.2.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-base64url-0:1.0.4-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-basic-auth-0:1.0.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-bl-0:1.0.0-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-bluebird-0:2.10.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-body-parser-0:1.14.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-boom-0:2.8.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-brace-expansion-0:1.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-bytes-0:2.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-camelcase-0:1.2.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-camelcase-keys-0:1.0.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-caseless-0:0.11.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-center-align-0:0.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-chalk-0:1.1.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-client-sessions-0:0.7.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-cliui-0:2.1.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-coffee-script-0:1.10.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-colors-0:1.1.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-combined-stream-0:1.0.5-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-commander-0:2.8.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-concat-map-0:0.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-concat-stream-0:1.4.7-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-content-disposition-0:0.5.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-content-type-0:1.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-cookie-0:0.2.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-cookie-signature-0:1.0.6-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-cookies-0:0.5.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-core-util-is-0:1.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-cryptiles-0:2.0.5-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-ctype-0:0.5.3-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-dateformat-0:1.0.6-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-debug-0:2.2.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-decamelize-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-delayed-stream-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-depd-0:1.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-destroy-0:1.0.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-ee-first-0:1.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-errno-0:0.1.4-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-escape-html-0:1.0.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-escape-string-regexp-0:1.0.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-esprima-0:2.7.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-etag-0:1.7.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-eventemitter2-0:0.4.14-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-eventemitter3-0:1.1.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-exit-0:0.1.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-express-0:4.13.3-4.el7', - '7Server-RH7-RHOSE-3.9:nodejs-extend-0:3.0.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-file-sync-cmp-0:0.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-finalhandler-0:0.4.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-findup-sync-0:0.3.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-forever-agent-0:0.6.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-form-data-0:1.0.0-rc3.1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-forwarded-0:0.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-fresh-0:0.3.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-generate-function-0:2.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-generate-object-property-0:1.2.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-getobject-0:0.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-glob-0:5.0.15-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-graceful-fs-0:4.1.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-graceful-readlink-0:1.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-grunt-0:0.4.5-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-grunt-cli-0:0.1.13-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-grunt-contrib-clean-0:0.7.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-grunt-contrib-copy-0:0.8.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-grunt-contrib-less-0:1.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-grunt-legacy-log-0:0.1.2-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-grunt-legacy-log-utils-0:0.1.1-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-grunt-legacy-util-0:0.2.0-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-har-validator-0:1.8.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-has-ansi-0:2.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-has-color-0:0.1.7-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-has-flag-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-hawk-0:3.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-hoek-0:2.14.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-hooker-0:0.2.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-http-errors-0:1.3.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-http-proxy-0:1.11.2-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-http-signature-0:0.11.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-iconv-lite-0:0.4.13-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-image-size-0:0.4.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-indent-string-0:2.1.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-inflight-0:1.0.4-6.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-inherits-0:2.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-invert-kv-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-ipaddr.js-0:1.0.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-is-absolute-0:0.2.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-is-buffer-0:1.0.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-is-finite-0:1.0.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-is-my-json-valid-0:2.12.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-is-property-0:1.0.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-is-relative-0:0.2.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-is-unc-path-0:0.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-is-windows-0:0.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-isarray-0:0.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-isstream-0:0.1.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-js-yaml-0:3.4.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-json-stringify-safe-0:5.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-jsonpointer-0:2.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-keygrip-0:1.0.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-kind-of-0:3.0.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-lcid-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-less-0:2.5.3-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-lodash-0:3.10.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-longest-0:1.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-lru-cache-0:4.0.2-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-map-obj-0:1.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-media-typer-0:0.3.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-meow-0:2.0.0-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-merge-descriptors-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-methods-0:1.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-mime-0:1.3.4-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-mime-db-0:1.23.0-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-mime-types-0:2.1.11-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-minimatch-0:3.0.2-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-minimist-0:1.2.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-mkdirp-0:0.5.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-morgan-0:1.6.1-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-ms-0:0.7.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-negotiator-0:0.6.1-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-node-uuid-0:1.4.7-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-nopt-0:3.0.4-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-number-is-nan-0:1.0.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-oauth-0:0.9.13-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-oauth-sign-0:0.8.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-object-assign-0:4.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-on-finished-0:2.3.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-on-headers-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-once-0:1.3.2-5.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-openshift-auth-proxy-0:0.1.1-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-os-locale-0:1.4.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-packaging-0:7-5.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-parse-duration-0:0.1.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-parseurl-0:1.3.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-passport-0:0.2.2-4.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-passport-http-bearer-0:1.0.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-passport-oauth2-0:1.1.2-4.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-passport-strategy-0:1.0.0-4.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-path-is-absolute-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-path-to-regexp-0:1.2.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-patternfly-0:2.2.0-2.el7', - '7Server-RH7-RHOSE-3.9:nodejs-pause-0:0.0.1-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-process-nextick-args-0:1.0.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-promise-0:7.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-proxy-addr-0:1.0.8-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-prr-0:1.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-pseudomap-0:1.0.2-2.el7', - '7Server-RH7-RHOSE-3.9:nodejs-qs-0:5.2.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-range-parser-0:1.0.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-raw-body-0:2.1.4-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-readable-stream-0:2.0.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-repeat-string-0:1.5.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-repeating-0:2.0.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-request-0:2.61.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-requires-port-0:0.0.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-resolve-0:1.1.6-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-right-align-0:0.1.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-rimraf-0:2.4.4-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-send-0:0.13.0-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-serve-static-0:1.10.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-sntp-0:1.0.9-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-source-map-0:0.1.33-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-sprintf-js-0:1.0.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-statuses-0:1.2.1-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-string_decoder-0:0.10.31-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-stringstream-0:0.0.4-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-strip-ansi-0:3.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-supports-color-0:3.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-tough-cookie-0:2.3.1-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-tunnel-agent-0:0.4.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-type-is-0:1.6.9-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-typedarray-0:0.0.6-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-uid2-0:0.0.3-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-unc-path-regex-0:0.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-underscore-dot-string-0:3.2.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-unpipe-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-url-join-0:0.0.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-util-deprecate-0:1.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-utils-merge-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-vary-0:1.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-which-0:1.2.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-window-size-0:0.1.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-wordwrap-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-wrappy-0:1.0.1-4.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-xtend-0:4.0.0-4.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-y18n-0:3.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-yallist-0:2.0.0-2.el7', - '7Server-RH7-RHOSE-3.9:nodejs-yargs-0:3.24.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.14-1.git.0.ca2cfc3.el7', - '7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.21__redhat_1-1.el7', - '7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-1.git.216.b6b90bb.el7', - '7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-2.git5bd9251.el7', - '7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-8.git78d6339.el7', - '7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-2.el7', - '7Server-RH7-RHOSE-3.9:origin-kibana-0:4.5.1-8.el7', - '7Server-RH7-RHOSE-3.9:perl-IO-String-0:1.08-20.el7', - '7Server-RH7-RHOSE-3.9:postgresql-apb-role-0:1.1.14-1.el7', - '7Server-RH7-RHOSE-3.9:python-boto-0:2.34.0-5.el7', - '7Server-RH7-RHOSE-3.9:python-boto3-0:1.4.0-1.el7', - '7Server-RH7-RHOSE-3.9:python-botocore-0:1.4.57-5.el7', - '7Server-RH7-RHOSE-3.9:python-cachetools-0:1.0.3-1.el7', - '7Server-RH7-RHOSE-3.9:python-certifi-0:2016.9.26-2.el7', - '7Server-RH7-RHOSE-3.9:python-clamd-0:1.0.2-4.el7', - '7Server-RH7-RHOSE-3.9:python-click-0:4.1-3.el7', - '7Server-RH7-RHOSE-3.9:python-crontab-0:2.0.2-1.el7', - '7Server-RH7-RHOSE-3.9:python-crypto-0:2.6.1-16.el7', - '7Server-RH7-RHOSE-3.9:python-dictdiffer-0:0.6.1-1.el7', - '7Server-RH7-RHOSE-3.9:python-docker-0:2.4.2-1.3.el7', - '7Server-RH7-RHOSE-3.9:python-elasticsearch-0:2.3.0-1.el7', - '7Server-RH7-RHOSE-3.9:python-futures-0:3.0.3-2.el7', - '7Server-RH7-RHOSE-3.9:python-google-auth-0:1.1.1-1.el7', - '7Server-RH7-RHOSE-3.9:python-httplib2-0:0.9.2-1.el7', - '7Server-RH7-RHOSE-3.9:python-jmespath-0:0.9.0-3.el7', - '7Server-RH7-RHOSE-3.9:python-jwt-0:1.4.0-2.1.el7', - '7Server-RH7-RHOSE-3.9:python-keyczar-0:0.71c-2.el7aos', - '7Server-RH7-RHOSE-3.9:python-kubernetes-0:5.0.0-1.el7', - '7Server-RH7-RHOSE-3.9:python-libcloud-0:2.2.1-20180102gitd701bf9.el7', - '7Server-RH7-RHOSE-3.9:python-mock-0:1.0.1-9.2.el7', - '7Server-RH7-RHOSE-3.9:python-oauthlib-0:0.6.0-2.el7', - '7Server-RH7-RHOSE-3.9:python-openshift-1:0.5.0-8.el7', - '7Server-RH7-RHOSE-3.9:python-paramiko-0:2.1.1-2.el7', - '7Server-RH7-RHOSE-3.9:python-passlib-0:1.6.5-2.el7', - '7Server-RH7-RHOSE-3.9:python-py-0:1.4.32-2.el7', - '7Server-RH7-RHOSE-3.9:python-pysocks-0:1.5.7-4.el7', - '7Server-RH7-RHOSE-3.9:python-requests-oauthlib-0:0.4.0-7.el7', - '7Server-RH7-RHOSE-3.9:python-rsa-0:3.4.1-1.el7', - '7Server-RH7-RHOSE-3.9:python-ruamel-ordereddict-0:0.4.9-5.el7', - '7Server-RH7-RHOSE-3.9:python-ruamel-yaml-0:0.15.23-2.el7', - '7Server-RH7-RHOSE-3.9:python-s3transfer-0:0.1.3-1.el7', - '7Server-RH7-RHOSE-3.9:python-setuptools-0:17.1.1-4.el7', - '7Server-RH7-RHOSE-3.9:python-string_utils-0:0.6.0-2.el7', - '7Server-RH7-RHOSE-3.9:python-typing-0:3.5.2.2-3.el7', - '7Server-RH7-RHOSE-3.9:python-urllib3-0:1.21.1-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-activesupport-1:4.2.10-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-addressable-0:2.5.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-concurrent-ruby-0:1.0.5-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-cool.io-0:1.5.3-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-docker-api-0:1.22.4-2.el7', - '7Server-RH7-RHOSE-3.9:rubygem-domain_name-0:0.5.20170404-2.el7', - '7Server-RH7-RHOSE-3.9:rubygem-elasticsearch-0:2.0.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-elasticsearch-api-0:2.0.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-elasticsearch-transport-0:2.0.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-excon-0:0.60.0-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-faraday-0:0.13.1-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-ffi-0:1.9.23-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-mixin-config-placeholders-0:0.4.0-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-docker_metadata_filter-0:0.1.1-2.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.13.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-flatten-hash-0:0.4.0-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-record-modifier-0:0.6.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-remote-syslog-0:1.1-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-rewrite-tag-filter-0:1.5.6-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-secure-forward-0:0.4.5-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-viaq_data_model-0:0.0.13-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-http-0:0.9.8-2.el7', - '7Server-RH7-RHOSE-3.9:rubygem-http-cookie-0:1.0.3-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-http-form_data-0:1.0.3-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-http_parser.rb-0:0.6.0-4.el7', - '7Server-RH7-RHOSE-3.9:rubygem-i18n-0:0.9.5-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-kubeclient-0:1.1.4-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-lru_redux-0:1.1.0-2.el7', - '7Server-RH7-RHOSE-3.9:rubygem-mime-types-0:3.1-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-mime-types-data-0:3.2016.0521-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-minitest-0:5.10.3-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-msgpack-0:1.2.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-multi_json-0:1.13.1-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-multipart-post-0:2.0.0-3.el7', - '7Server-RH7-RHOSE-3.9:rubygem-netrc-0:0.11.0-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-proxifier-0:1.0.3-2.el7', - '7Server-RH7-RHOSE-3.9:rubygem-public_suffix-0:2.0.5-5.el7', - '7Server-RH7-RHOSE-3.9:rubygem-recursive-open-struct-0:1.0.0-2.el7', - '7Server-RH7-RHOSE-3.9:rubygem-resolve-hostname-0:0.1.0-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-rest-client-0:2.0.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-sigdump-0:0.2.4-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-string-scrub-0:0.0.5-4.el7', - '7Server-RH7-RHOSE-3.9:rubygem-syslog_protocol-0:0.9.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-systemd-journal-0:1.3.1-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-thread_safe-0:0.3.6-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-tzinfo-0:1.2.5-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-tzinfo-data-0:1.2018.3-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-unf-0:0.1.4-5.el7', - '7Server-RH7-RHOSE-3.9:rubygem-unf_ext-0:0.0.7.5-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-uuidtools-0:2.1.5-2.el7', - '7Server-RH7-RHOSE-3.9:rubygem-yajl-ruby-0:1.3.1-1.el7', - '7Server-RH7-RHOSE-3.9:runc-0:1.0.0-24.rc4.dev.gitc6e4a1e.el7', - '7Server-RH7-RHOSE-3.9:scons-0:2.5.1-1.el7', - '7Server-RH7-RHOSE-3.9:search-guard-2-0:2.4.4.10_redhat_1-3.el7', - '7Server-RH7-RHOSE-3.9:sshpass-0:1.06-2.el7', - '7Server-RH7-RHOSE-3.9:thrift-0:0.9.1-15.el7', - '7Server-RH7-RHOSE-3.9:v8-1:3.14.5.10-25.el7', - ], - }, - threats: [ - { - details: 'Moderate', - category: 'impact', - }, - ], - remediations: [ - { - details: - 'Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor instructions on new installations, see the following documentation:\n\nhttps://docs.openshift.com/container-platform/3.9/install_config/install/planning.html\n\nFor instructions on how to properly upgrade existing clusters to OpenShift\nContainer Platform 3.9, see the following documentation:\n\nhttps://docs.openshift.com/container-platform/3.9/upgrading/index.html', - category: 'vendor_fix', - url: 'https://access.redhat.com/errata/RHBA-2018:0489', - product_ids: ['7Server-RH7-RHOSE-3.9'], - }, - ], - acknowledgments: [ - { - names: ['Ben Parees'], - organization: 'Red Hat', - summary: 'This issue was discovered by Ben Parees (Red Hat).', - }, - ], - }, - { - notes: [ - { - title: 'Vulnerability Description', - category: 'general', - text: 'atomic-openshift: cluster-reader can escalate to creating builds via webhooks in any project', - }, - ], - discovery_date: '2018-04-11T00:00:00Z', - release_date: '2018-04-11T00:00:00Z', - involvements: [ - { - party: 'vendor', - status: 'completed', - }, - ], - cve: 'CVE-2017-15138', - product_status: { - fixed: [ - '7Server-RH7-RHOSE-3.9:ansible-asb-modules-0:0.1.1-1.el7', - '7Server-RH7-RHOSE-3.9:ansible-kubernetes-modules-0:0.4.0-8.el7', - '7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.16-1.el7', - '7Server-RH7-RHOSE-3.9:apb-0:1.1.15-1.el7', - '7Server-RH7-RHOSE-3.9:apb-base-scripts-0:1.1.5-1.el7', - '7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.14-1.git.0.4efa2ca.el7', - '7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.14-1.git.229.04c20c2.el7', - '7Server-RH7-RHOSE-3.9:cockpit-0:160-3.el7', - '7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-5.el7', - '7Server-RH7-RHOSE-3.9:cri-o-0:1.9.10-1.git8723732.el7', - '7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-2.alpha.0.git653cc8c.el7', - '7Server-RH7-RHOSE-3.9:dumb-init-0:1.1.3-12.el7', - '7Server-RH7-RHOSE-3.9:elastic-curator-0:3.5.0-2.el7', - '7Server-RH7-RHOSE-3.9:elasticsearch-0:2.4.4-1.el7', - '7Server-RH7-RHOSE-3.9:elasticsearch-cloud-kubernetes-0:2.4.4.01_redhat_1-1.el7', - '7Server-RH7-RHOSE-3.9:fluentd-0:0.12.42-1.el7', - '7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-2.git885c9f40.el7', - '7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-2.gitceca8c1.el7', - '7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-1.git30af4d0.el7', - '7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:0.15.2-2.git98bc649.el7', - '7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.1.0-1.git85f23d8.el7', - '7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-2.git85ceabc.el7', - '7Server-RH7-RHOSE-3.9:google-cloud-sdk-0:183.0.0-3.el7', - '7Server-RH7-RHOSE-3.9:haproxy-0:1.8.1-5.el7', - '7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-2.el7', - '7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-3.el7', - '7Server-RH7-RHOSE-3.9:http-parser-0:2.7.1-4.el7', - '7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.2-2.el7', - '7Server-RH7-RHOSE-3.9:jenkins-0:2.89.4.1519670652-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-1-0:1.651.2-2.el7', - '7Server-RH7-RHOSE-3.9:jenkins-2-plugins-0:3.9.1519779801-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-ace-editor-0:1.1-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-authentication-tokens-0:1.3-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-0:1.1.2-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-autofavorite-0:0.7-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-commons-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-config-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-dashboard-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-display-url-0:2.0-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-events-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-git-pipeline-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-github-pipeline-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-i18n-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-jwt-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-personalization-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-pipeline-api-impl-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-pipeline-editor-0:0.2.0-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-rest-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-rest-impl-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-blueocean-web-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-branch-api-0:2.0.9-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-cloudbees-folder-0:6.0.4-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-credentials-0:2.1.13-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-credentials-binding-0:1.11-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-display-url-api-0:2.0-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-docker-commons-0:1.6-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-docker-workflow-0:1.11-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-durable-task-0:1.13-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-favorite-0:2.0.4-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-git-0:3.3.0-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-git-client-0:2.4.5-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-git-server-0:1.7-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-github-0:1.27.0-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-github-api-0:1.85-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-github-branch-source-0:2.0.5-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-handlebars-0:1.1.1-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-icon-shim-0:2.0.3-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-jackson2-api-0:2.7.3-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-jquery-detached-0:1.2.1-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-junit-0:1.20-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-kubernetes-0:0.11-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-mailer-0:1.20-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-mapdb-api-0:1.0.9.0-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-matrix-auth-0:1.5-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-matrix-project-0:1.10-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-mercurial-0:1.59-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-metrics-0:3.1.2.9-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-momentjs-0:1.1.1-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-multiple-scms-0:0.6-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-openshift-client-0:0.9.6-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-openshift-login-0:0.12-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-openshift-pipeline-0:1.0.47-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-openshift-sync-0:0.1.24-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-build-step-0:2.1-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-graph-analysis-0:1.3-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-input-step-0:2.7-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-milestone-step-0:1.3.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-model-api-0:1.1.4-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-model-declarative-agent-0:1.1.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-model-definition-0:1.1.4-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-model-extensions-0:1.1.4-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-rest-api-0:2.6-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-stage-step-0:2.2-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-stage-tags-metadata-0:1.1.4-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-stage-view-0:2.6-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pipeline-utility-steps-0:1.3.0-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-plain-credentials-0:1.4-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-pubsub-light-0:1.8-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-scm-api-0:2.1.1-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-script-security-0:1.29-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-sse-gateway-0:1.15-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-ssh-credentials-0:1.13-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-structs-0:1.6-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-subversion-0:2.7.2-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-token-macro-0:2.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-variant-0:1.1-1.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-aggregator-0:2.1-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-api-0:2.13-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-basic-steps-0:2.4-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-cps-0:2.30-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-cps-global-lib-0:2.8-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-durable-task-step-0:2.11-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-job-0:2.10-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-multibranch-0:2.14-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-remote-loader-0:1.4-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-scm-step-0:2.4-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-step-api-0:2.9-10.el7', - '7Server-RH7-RHOSE-3.9:jenkins-plugin-workflow-support-0:2.14-10.el7', - '7Server-RH7-RHOSE-3.9:kibana-0:4.6.4-4.el7', - '7Server-RH7-RHOSE-3.9:libuv-1:1.7.5-3.el7', - '7Server-RH7-RHOSE-3.9:mariadb-apb-role-0:1.1.10-1.el7', - '7Server-RH7-RHOSE-3.9:mediawiki-apb-role-0:1.1.7-1.el7', - '7Server-RH7-RHOSE-3.9:mediawiki-container-scripts-0:1.0.2-1.el7', - '7Server-RH7-RHOSE-3.9:mediawiki123-0:1.23.13-1.el7', - '7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.10-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-0:4.7.2-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-abbrev-0:1.0.7-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-accepts-0:1.3.3-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-align-text-0:0.1.3-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-amdefine-0:0.0.4-5.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-ansi-regex-0:2.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-ansi-styles-0:2.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-argparse-0:1.0.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-array-flatten-0:1.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-asap-0:2.0.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-asn1-0:0.1.11-4.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-assert-plus-0:0.1.4-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-async-0:1.4.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-aws-sign2-0:0.5.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-balanced-match-0:0.2.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-base64url-0:1.0.4-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-basic-auth-0:1.0.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-bl-0:1.0.0-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-bluebird-0:2.10.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-body-parser-0:1.14.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-boom-0:2.8.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-brace-expansion-0:1.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-bytes-0:2.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-camelcase-0:1.2.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-camelcase-keys-0:1.0.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-caseless-0:0.11.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-center-align-0:0.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-chalk-0:1.1.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-client-sessions-0:0.7.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-cliui-0:2.1.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-coffee-script-0:1.10.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-colors-0:1.1.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-combined-stream-0:1.0.5-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-commander-0:2.8.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-concat-map-0:0.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-concat-stream-0:1.4.7-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-content-disposition-0:0.5.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-content-type-0:1.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-cookie-0:0.2.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-cookie-signature-0:1.0.6-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-cookies-0:0.5.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-core-util-is-0:1.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-cryptiles-0:2.0.5-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-ctype-0:0.5.3-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-dateformat-0:1.0.6-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-debug-0:2.2.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-decamelize-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-delayed-stream-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-depd-0:1.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-destroy-0:1.0.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-ee-first-0:1.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-errno-0:0.1.4-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-escape-html-0:1.0.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-escape-string-regexp-0:1.0.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-esprima-0:2.7.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-etag-0:1.7.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-eventemitter2-0:0.4.14-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-eventemitter3-0:1.1.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-exit-0:0.1.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-express-0:4.13.3-4.el7', - '7Server-RH7-RHOSE-3.9:nodejs-extend-0:3.0.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-file-sync-cmp-0:0.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-finalhandler-0:0.4.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-findup-sync-0:0.3.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-forever-agent-0:0.6.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-form-data-0:1.0.0-rc3.1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-forwarded-0:0.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-fresh-0:0.3.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-generate-function-0:2.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-generate-object-property-0:1.2.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-getobject-0:0.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-glob-0:5.0.15-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-graceful-fs-0:4.1.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-graceful-readlink-0:1.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-grunt-0:0.4.5-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-grunt-cli-0:0.1.13-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-grunt-contrib-clean-0:0.7.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-grunt-contrib-copy-0:0.8.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-grunt-contrib-less-0:1.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-grunt-legacy-log-0:0.1.2-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-grunt-legacy-log-utils-0:0.1.1-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-grunt-legacy-util-0:0.2.0-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-har-validator-0:1.8.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-has-ansi-0:2.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-has-color-0:0.1.7-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-has-flag-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-hawk-0:3.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-hoek-0:2.14.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-hooker-0:0.2.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-http-errors-0:1.3.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-http-proxy-0:1.11.2-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-http-signature-0:0.11.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-iconv-lite-0:0.4.13-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-image-size-0:0.4.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-indent-string-0:2.1.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-inflight-0:1.0.4-6.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-inherits-0:2.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-invert-kv-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-ipaddr.js-0:1.0.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-is-absolute-0:0.2.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-is-buffer-0:1.0.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-is-finite-0:1.0.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-is-my-json-valid-0:2.12.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-is-property-0:1.0.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-is-relative-0:0.2.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-is-unc-path-0:0.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-is-windows-0:0.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-isarray-0:0.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-isstream-0:0.1.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-js-yaml-0:3.4.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-json-stringify-safe-0:5.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-jsonpointer-0:2.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-keygrip-0:1.0.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-kind-of-0:3.0.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-lcid-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-less-0:2.5.3-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-lodash-0:3.10.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-longest-0:1.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-lru-cache-0:4.0.2-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-map-obj-0:1.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-media-typer-0:0.3.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-meow-0:2.0.0-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-merge-descriptors-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-methods-0:1.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-mime-0:1.3.4-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-mime-db-0:1.23.0-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-mime-types-0:2.1.11-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-minimatch-0:3.0.2-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-minimist-0:1.2.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-mkdirp-0:0.5.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-morgan-0:1.6.1-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-ms-0:0.7.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-negotiator-0:0.6.1-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-node-uuid-0:1.4.7-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-nopt-0:3.0.4-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-number-is-nan-0:1.0.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-oauth-0:0.9.13-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-oauth-sign-0:0.8.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-object-assign-0:4.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-on-finished-0:2.3.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-on-headers-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-once-0:1.3.2-5.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-openshift-auth-proxy-0:0.1.1-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-os-locale-0:1.4.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-packaging-0:7-5.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-parse-duration-0:0.1.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-parseurl-0:1.3.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-passport-0:0.2.2-4.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-passport-http-bearer-0:1.0.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-passport-oauth2-0:1.1.2-4.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-passport-strategy-0:1.0.0-4.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-path-is-absolute-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-path-to-regexp-0:1.2.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-patternfly-0:2.2.0-2.el7', - '7Server-RH7-RHOSE-3.9:nodejs-pause-0:0.0.1-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-process-nextick-args-0:1.0.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-promise-0:7.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-proxy-addr-0:1.0.8-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-prr-0:1.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-pseudomap-0:1.0.2-2.el7', - '7Server-RH7-RHOSE-3.9:nodejs-qs-0:5.2.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-range-parser-0:1.0.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-raw-body-0:2.1.4-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-readable-stream-0:2.0.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-repeat-string-0:1.5.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-repeating-0:2.0.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-request-0:2.61.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-requires-port-0:0.0.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-resolve-0:1.1.6-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-right-align-0:0.1.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-rimraf-0:2.4.4-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-send-0:0.13.0-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-serve-static-0:1.10.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-sntp-0:1.0.9-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-source-map-0:0.1.33-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-sprintf-js-0:1.0.3-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-statuses-0:1.2.1-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-string_decoder-0:0.10.31-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-stringstream-0:0.0.4-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-strip-ansi-0:3.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-supports-color-0:3.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-tough-cookie-0:2.3.1-1.el7', - '7Server-RH7-RHOSE-3.9:nodejs-tunnel-agent-0:0.4.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-type-is-0:1.6.9-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-typedarray-0:0.0.6-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-uid2-0:0.0.3-3.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-unc-path-regex-0:0.1.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-underscore-dot-string-0:3.2.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-unpipe-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-url-join-0:0.0.1-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-util-deprecate-0:1.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-utils-merge-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-vary-0:1.0.1-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-which-0:1.2.0-2.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-window-size-0:0.1.2-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-wordwrap-0:1.0.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-wrappy-0:1.0.1-4.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-xtend-0:4.0.0-4.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-y18n-0:3.1.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:nodejs-yallist-0:2.0.0-2.el7', - '7Server-RH7-RHOSE-3.9:nodejs-yargs-0:3.24.0-1.el7aos', - '7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.14-1.git.0.ca2cfc3.el7', - '7Server-RH7-RHOSE-3.9:openshift-elasticsearch-plugin-0:2.4.4.21__redhat_1-1.el7', - '7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-1.git.216.b6b90bb.el7', - '7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-2.git5bd9251.el7', - '7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-8.git78d6339.el7', - '7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-2.el7', - '7Server-RH7-RHOSE-3.9:origin-kibana-0:4.5.1-8.el7', - '7Server-RH7-RHOSE-3.9:perl-IO-String-0:1.08-20.el7', - '7Server-RH7-RHOSE-3.9:postgresql-apb-role-0:1.1.14-1.el7', - '7Server-RH7-RHOSE-3.9:python-boto-0:2.34.0-5.el7', - '7Server-RH7-RHOSE-3.9:python-boto3-0:1.4.0-1.el7', - '7Server-RH7-RHOSE-3.9:python-botocore-0:1.4.57-5.el7', - '7Server-RH7-RHOSE-3.9:python-cachetools-0:1.0.3-1.el7', - '7Server-RH7-RHOSE-3.9:python-certifi-0:2016.9.26-2.el7', - '7Server-RH7-RHOSE-3.9:python-clamd-0:1.0.2-4.el7', - '7Server-RH7-RHOSE-3.9:python-click-0:4.1-3.el7', - '7Server-RH7-RHOSE-3.9:python-crontab-0:2.0.2-1.el7', - '7Server-RH7-RHOSE-3.9:python-crypto-0:2.6.1-16.el7', - '7Server-RH7-RHOSE-3.9:python-dictdiffer-0:0.6.1-1.el7', - '7Server-RH7-RHOSE-3.9:python-docker-0:2.4.2-1.3.el7', - '7Server-RH7-RHOSE-3.9:python-elasticsearch-0:2.3.0-1.el7', - '7Server-RH7-RHOSE-3.9:python-futures-0:3.0.3-2.el7', - '7Server-RH7-RHOSE-3.9:python-google-auth-0:1.1.1-1.el7', - '7Server-RH7-RHOSE-3.9:python-httplib2-0:0.9.2-1.el7', - '7Server-RH7-RHOSE-3.9:python-jmespath-0:0.9.0-3.el7', - '7Server-RH7-RHOSE-3.9:python-jwt-0:1.4.0-2.1.el7', - '7Server-RH7-RHOSE-3.9:python-keyczar-0:0.71c-2.el7aos', - '7Server-RH7-RHOSE-3.9:python-kubernetes-0:5.0.0-1.el7', - '7Server-RH7-RHOSE-3.9:python-libcloud-0:2.2.1-20180102gitd701bf9.el7', - '7Server-RH7-RHOSE-3.9:python-mock-0:1.0.1-9.2.el7', - '7Server-RH7-RHOSE-3.9:python-oauthlib-0:0.6.0-2.el7', - '7Server-RH7-RHOSE-3.9:python-openshift-1:0.5.0-8.el7', - '7Server-RH7-RHOSE-3.9:python-paramiko-0:2.1.1-2.el7', - '7Server-RH7-RHOSE-3.9:python-passlib-0:1.6.5-2.el7', - '7Server-RH7-RHOSE-3.9:python-py-0:1.4.32-2.el7', - '7Server-RH7-RHOSE-3.9:python-pysocks-0:1.5.7-4.el7', - '7Server-RH7-RHOSE-3.9:python-requests-oauthlib-0:0.4.0-7.el7', - '7Server-RH7-RHOSE-3.9:python-rsa-0:3.4.1-1.el7', - '7Server-RH7-RHOSE-3.9:python-ruamel-ordereddict-0:0.4.9-5.el7', - '7Server-RH7-RHOSE-3.9:python-ruamel-yaml-0:0.15.23-2.el7', - '7Server-RH7-RHOSE-3.9:python-s3transfer-0:0.1.3-1.el7', - '7Server-RH7-RHOSE-3.9:python-setuptools-0:17.1.1-4.el7', - '7Server-RH7-RHOSE-3.9:python-string_utils-0:0.6.0-2.el7', - '7Server-RH7-RHOSE-3.9:python-typing-0:3.5.2.2-3.el7', - '7Server-RH7-RHOSE-3.9:python-urllib3-0:1.21.1-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-activesupport-1:4.2.10-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-addressable-0:2.5.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-concurrent-ruby-0:1.0.5-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-cool.io-0:1.5.3-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-docker-api-0:1.22.4-2.el7', - '7Server-RH7-RHOSE-3.9:rubygem-domain_name-0:0.5.20170404-2.el7', - '7Server-RH7-RHOSE-3.9:rubygem-elasticsearch-0:2.0.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-elasticsearch-api-0:2.0.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-elasticsearch-transport-0:2.0.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-excon-0:0.60.0-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-faraday-0:0.13.1-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-ffi-0:1.9.23-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-mixin-config-placeholders-0:0.4.0-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-docker_metadata_filter-0:0.1.1-2.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-elasticsearch-0:1.13.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-flatten-hash-0:0.4.0-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-record-modifier-0:0.6.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-remote-syslog-0:1.1-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-rewrite-tag-filter-0:1.5.6-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-secure-forward-0:0.4.5-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-systemd-0:0.0.9-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-fluent-plugin-viaq_data_model-0:0.0.13-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-http-0:0.9.8-2.el7', - '7Server-RH7-RHOSE-3.9:rubygem-http-cookie-0:1.0.3-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-http-form_data-0:1.0.3-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-http_parser.rb-0:0.6.0-4.el7', - '7Server-RH7-RHOSE-3.9:rubygem-i18n-0:0.9.5-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-kubeclient-0:1.1.4-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-lru_redux-0:1.1.0-2.el7', - '7Server-RH7-RHOSE-3.9:rubygem-mime-types-0:3.1-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-mime-types-data-0:3.2016.0521-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-minitest-0:5.10.3-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-msgpack-0:1.2.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-multi_json-0:1.13.1-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-multipart-post-0:2.0.0-3.el7', - '7Server-RH7-RHOSE-3.9:rubygem-netrc-0:0.11.0-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-proxifier-0:1.0.3-2.el7', - '7Server-RH7-RHOSE-3.9:rubygem-public_suffix-0:2.0.5-5.el7', - '7Server-RH7-RHOSE-3.9:rubygem-recursive-open-struct-0:1.0.0-2.el7', - '7Server-RH7-RHOSE-3.9:rubygem-resolve-hostname-0:0.1.0-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-rest-client-0:2.0.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-sigdump-0:0.2.4-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-string-scrub-0:0.0.5-4.el7', - '7Server-RH7-RHOSE-3.9:rubygem-syslog_protocol-0:0.9.2-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-systemd-journal-0:1.3.1-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-thread_safe-0:0.3.6-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-tzinfo-0:1.2.5-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-tzinfo-data-0:1.2018.3-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-unf-0:0.1.4-5.el7', - '7Server-RH7-RHOSE-3.9:rubygem-unf_ext-0:0.0.7.5-1.el7', - '7Server-RH7-RHOSE-3.9:rubygem-uuidtools-0:2.1.5-2.el7', - '7Server-RH7-RHOSE-3.9:rubygem-yajl-ruby-0:1.3.1-1.el7', - '7Server-RH7-RHOSE-3.9:runc-0:1.0.0-24.rc4.dev.gitc6e4a1e.el7', - '7Server-RH7-RHOSE-3.9:scons-0:2.5.1-1.el7', - '7Server-RH7-RHOSE-3.9:search-guard-2-0:2.4.4.10_redhat_1-3.el7', - '7Server-RH7-RHOSE-3.9:sshpass-0:1.06-2.el7', - '7Server-RH7-RHOSE-3.9:thrift-0:0.9.1-15.el7', - '7Server-RH7-RHOSE-3.9:v8-1:3.14.5.10-25.el7', - ], - }, - threats: [ - { - details: 'Moderate', - category: 'impact', - }, - ], - remediations: [ - { - details: - 'Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor instructions on new installations, see the following documentation:\n\nhttps://docs.openshift.com/container-platform/3.9/install_config/install/planning.html\n\nFor instructions on how to properly upgrade existing clusters to OpenShift\nContainer Platform 3.9, see the following documentation:\n\nhttps://docs.openshift.com/container-platform/3.9/upgrading/index.html', - category: 'vendor_fix', - url: 'https://access.redhat.com/errata/RHBA-2018:0489', - product_ids: ['7Server-RH7-RHOSE-3.9:v8-1:3.14.5.10-25.el7'], - }, - ], - acknowledgments: [ - { - names: ['Jessica Forrester'], - organization: 'Red Hat', - summary: 'This issue was discovered by Jessica Forrester (Red Hat).', - }, - ], - }, - ], -} diff --git a/csaf-validator-lib/tests/urlHelper.js b/csaf-validator-lib/tests/urlHelper.js deleted file mode 100644 index a4c6a76..0000000 --- a/csaf-validator-lib/tests/urlHelper.js +++ /dev/null @@ -1,60 +0,0 @@ -import { isCanonicalUrl } from '../lib/shared/urlHelper.js' -import { expect } from 'chai' - -describe('test url helper', function () { - it('test isCanonicalUrl', function () { - expect( - isCanonicalUrl( - { - url: 'https://example.com/.well-known/csaf/clear/2024/oasis_csaf_tc-csaf_2_1-2024-6-2-47-12.json', - category: 'self', - }, - 'OASIS_CSAF_TC-CSAF_2.1-2024-6-2-47-12' - ), - 'Valid canonical URL' - ).to.be.true - - expect( - isCanonicalUrl( - { - url: 'https://example.com/.well-known/csaf/clear/2024/oasis_csaf_tc-csaf_2_1-2024-6-2-47-12.json', - category: 'not_self', - }, - 'OASIS_CSAF_TC-CSAF_2.1-2024-6-2-47-12' - ), - 'Invalid canonical URL - category not self' - ).to.be.false - }) - - expect( - isCanonicalUrl( - { - url: 'http://example.com/.well-known/csaf/clear/2024/oasis_csaf_tc-csaf_2_1-2024-6-2-47-12.json', - category: 'self', - }, - 'OASIS_CSAF_TC-CSAF_2.1-2024-6-2-47-12' - ), - 'Invalid canonical URL - url starts not with https://' - ).to.be.false - - expect( - isCanonicalUrl( - { - category: 'self', - }, - 'OASIS_CSAF_TC-CSAF_2.1-2024-6-2-47-12' - ), - 'Invalid canonical URL - no URL ' - ).to.be.false - - expect( - isCanonicalUrl( - { - url: 'https://example.com/.well-known/csaf/clear/2024/oasis_csaf_tc-csaf_2_1-2024-6-2-47-12_invalid.json', - category: 'self', - }, - 'OASIS_CSAF_TC-CSAF_2.1-2024-6-2-47-12' - ), - 'Valid canonical URL - URL ends not with valid filename' - ).to.be.false -}) diff --git a/csaf-validator-lib/tests/validate.js b/csaf-validator-lib/tests/validate.js deleted file mode 100644 index 81a2c42..0000000 --- a/csaf-validator-lib/tests/validate.js +++ /dev/null @@ -1,22 +0,0 @@ -import { expect } from 'chai' -import validateStrict from '../validateStrict.js' - -describe('validateStrict', function () { - it('throws if an unknown test function is passed and strict mode is used', async function () { - try { - await validateStrict( - [ - function () { - return {} - }, - ], - {} - ) - expect.fail() - } catch (/** @type {any} */ e) { - expect(e.message).to.contain( - 'Execution of test functions not defined in the library is prohibited.' - ) - } - }) -}) diff --git a/csaf-validator-lib/tsconfig.json b/csaf-validator-lib/tsconfig.json deleted file mode 100644 index c73fd42..0000000 --- a/csaf-validator-lib/tsconfig.json +++ /dev/null @@ -1,104 +0,0 @@ -{ - "compilerOptions": { - /* Visit https://aka.ms/tsconfig.json to read more about this file */ - - /* Projects */ - // "incremental": true, /* Enable incremental compilation */ - "composite": true /* Enable constraints that allow a TypeScript project to be used with project references. */, - // "tsBuildInfoFile": "./", /* Specify the folder for .tsbuildinfo incremental compilation files. */ - // "disableSourceOfProjectReferenceRedirect": true, /* Disable preferring source files instead of declaration files when referencing composite projects */ - // "disableSolutionSearching": true, /* Opt a project out of multi-project reference checking when editing. */ - // "disableReferencedProjectLoad": true, /* Reduce the number of projects loaded automatically by TypeScript. */ - - /* Language and Environment */ - "target": "esnext" /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */, - // "lib": [], /* Specify a set of bundled library declaration files that describe the target runtime environment. */ - // "jsx": "preserve", /* Specify what JSX code is generated. */ - // "experimentalDecorators": true, /* Enable experimental support for TC39 stage 2 draft decorators. */ - // "emitDecoratorMetadata": true, /* Emit design-type metadata for decorated declarations in source files. */ - // "jsxFactory": "", /* Specify the JSX factory function used when targeting React JSX emit, e.g. 'React.createElement' or 'h' */ - // "jsxFragmentFactory": "", /* Specify the JSX Fragment reference used for fragments when targeting React JSX emit e.g. 'React.Fragment' or 'Fragment'. */ - // "jsxImportSource": "", /* Specify module specifier used to import the JSX factory functions when using `jsx: react-jsx*`.` */ - // "reactNamespace": "", /* Specify the object invoked for `createElement`. This only applies when targeting `react` JSX emit. */ - // "noLib": true, /* Disable including any library files, including the default lib.d.ts. */ - // "useDefineForClassFields": true, /* Emit ECMAScript-standard-compliant class fields. */ - - /* Modules */ - "module": "nodenext" /* Specify what module code is generated. */, - "types": ["node", "mocha"], - // "rootDir": "./", /* Specify the root folder within your source files. */ - "moduleResolution": "nodenext" /* Specify how TypeScript looks up a file from a given module specifier. */, - // "baseUrl": "./", /* Specify the base directory to resolve non-relative module names. */ - // "paths": {}, /* Specify a set of entries that re-map imports to additional lookup locations. */ - // "rootDirs": [], /* Allow multiple folders to be treated as one when resolving modules. */ - // "typeRoots": [], /* Specify multiple folders that act like `./node_modules/@types`. */ - // "types": [], /* Specify type package names to be included without being referenced in a source file. */ - // "allowUmdGlobalAccess": true, /* Allow accessing UMD globals from modules. */ - // "resolveJsonModule": true /* Enable importing .json files */, - // "noResolve": true, /* Disallow `import`s, `require`s or ``s from expanding the number of files TypeScript should add to a project. */ - - /* JavaScript Support */ - "allowJs": true /* Allow JavaScript files to be a part of your program. Use the `checkJS` option to get errors from these files. */, - "checkJs": true /* Enable error reporting in type-checked JavaScript files. */, - // "maxNodeModuleJsDepth": 1, /* Specify the maximum folder depth used for checking JavaScript files from `node_modules`. Only applicable with `allowJs`. */ - - /* Emit */ - // "declaration": true, /* Generate .d.ts files from TypeScript and JavaScript files in your project. */ - // "declarationMap": true, /* Create sourcemaps for d.ts files. */ - "emitDeclarationOnly": true /* Only output d.ts files and not JavaScript files. */, - // "sourceMap": true, /* Create source map files for emitted JavaScript files. */ - // "outFile": "./", /* Specify a file that bundles all outputs into one JavaScript file. If `declaration` is true, also designates a file that bundles all .d.ts output. */ - "outDir": "./build/" /* Specify an output folder for all emitted files. */, - // "removeComments": true, /* Disable emitting comments. */ - // "noEmit": true, /* Disable emitting files from a compilation. */ - // "importHelpers": true, /* Allow importing helper functions from tslib once per project, instead of including them per-file. */ - // "importsNotUsedAsValues": "remove", /* Specify emit/checking behavior for imports that are only used for types */ - // "downlevelIteration": true, /* Emit more compliant, but verbose and less performant JavaScript for iteration. */ - // "sourceRoot": "", /* Specify the root path for debuggers to find the reference source code. */ - // "mapRoot": "", /* Specify the location where debugger should locate map files instead of generated locations. */ - // "inlineSourceMap": true, /* Include sourcemap files inside the emitted JavaScript. */ - // "inlineSources": true, /* Include source code in the sourcemaps inside the emitted JavaScript. */ - // "emitBOM": true, /* Emit a UTF-8 Byte Order Mark (BOM) in the beginning of output files. */ - // "newLine": "crlf", /* Set the newline character for emitting files. */ - // "stripInternal": true, /* Disable emitting declarations that have `@internal` in their JSDoc comments. */ - // "noEmitHelpers": true, /* Disable generating custom helper functions like `__extends` in compiled output. */ - // "noEmitOnError": true, /* Disable emitting files if any type checking errors are reported. */ - // "preserveConstEnums": true, /* Disable erasing `const enum` declarations in generated code. */ - // "declarationDir": "./", /* Specify the output directory for generated declaration files. */ - // "preserveValueImports": true, /* Preserve unused imported values in the JavaScript output that would otherwise be removed. */ - - /* Interop Constraints */ - // "isolatedModules": true, /* Ensure that each file can be safely transpiled without relying on other imports. */ - // "allowSyntheticDefaultImports": true, /* Allow 'import x from y' when a module doesn't have a default export. */ - "esModuleInterop": true /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables `allowSyntheticDefaultImports` for type compatibility. */, - // "preserveSymlinks": true, /* Disable resolving symlinks to their realpath. This correlates to the same flag in node. */ - "forceConsistentCasingInFileNames": true /* Ensure that casing is correct in imports. */, - - /* Type Checking */ - "strict": true /* Enable all strict type-checking options. */, - // "noImplicitAny": true, /* Enable error reporting for expressions and declarations with an implied `any` type.. */ - // "strictNullChecks": true, /* When type checking, take into account `null` and `undefined`. */ - // "strictFunctionTypes": true, /* When assigning functions, check to ensure parameters and the return values are subtype-compatible. */ - // "strictBindCallApply": true, /* Check that the arguments for `bind`, `call`, and `apply` methods match the original function. */ - // "strictPropertyInitialization": true, /* Check for class properties that are declared but not set in the constructor. */ - // "noImplicitThis": true, /* Enable error reporting when `this` is given the type `any`. */ - // "useUnknownInCatchVariables": true, /* Type catch clause variables as 'unknown' instead of 'any'. */ - // "alwaysStrict": true, /* Ensure 'use strict' is always emitted. */ - // "noUnusedLocals": true, /* Enable error reporting when a local variables aren't read. */ - // "noUnusedParameters": true, /* Raise an error when a function parameter isn't read */ - // "exactOptionalPropertyTypes": true, /* Interpret optional property types as written, rather than adding 'undefined'. */ - // "noImplicitReturns": true, /* Enable error reporting for codepaths that do not explicitly return in a function. */ - // "noFallthroughCasesInSwitch": true, /* Enable error reporting for fallthrough cases in switch statements. */ - // "noUncheckedIndexedAccess": true, /* Include 'undefined' in index signature results */ - // "noImplicitOverride": true, /* Ensure overriding members in derived classes are marked with an override modifier. */ - // "noPropertyAccessFromIndexSignature": true, /* Enforces using indexed accessors for keys declared using an indexed type */ - // "allowUnusedLabels": true, /* Disable error reporting for unused labels. */ - // "allowUnreachableCode": true, /* Disable error reporting for unreachable code. */ - - /* Completeness */ - // "skipDefaultLibCheck": true, /* Skip type checking .d.ts files that are included with TypeScript. */ - "skipLibCheck": true /* Skip type checking all .d.ts files. */ - }, - "include": ["**/*.js", "**/*.ts", "**/*.cjs"], - "exclude": ["node_modules", "build", "csaf"] -} diff --git a/csaf-validator-lib/types.d.ts b/csaf-validator-lib/types.d.ts deleted file mode 100644 index 58bcb00..0000000 --- a/csaf-validator-lib/types.d.ts +++ /dev/null @@ -1,29 +0,0 @@ -declare module 'bcp47' { - const bcp47: { - parse: (tag: string) => { - langtag: { - language: { - language: string | null - extlang: string[] - } - script: string | null - region: string | null - variant: string[] - extension: Array<{ singleton: string }> - privateuse: string[] - } - } | null - } - - export default bcp47 -} - -declare module 'cvss2js' { - const cvss2js: { - getBaseScore: (input: string | {}) => number - getTemporalScore: (input: string | {}) => number - getEnvironmentalScore: (input: string | {}) => number - } - - export default cvss2js -} diff --git a/csaf-validator-lib/validate.js b/csaf-validator-lib/validate.js deleted file mode 100644 index 90dcb36..0000000 --- a/csaf-validator-lib/validate.js +++ /dev/null @@ -1 +0,0 @@ -export { default } from './lib/validate.js' diff --git a/csaf-validator-lib/validateStrict.js b/csaf-validator-lib/validateStrict.js deleted file mode 100644 index f974fd4..0000000 --- a/csaf-validator-lib/validateStrict.js +++ /dev/null @@ -1,29 +0,0 @@ -import * as mandatory from './lib/mandatoryTests.js' -import * as optional from './lib/optionalTests.js' -import * as informative from './lib/informativeTests.js' -import * as schema from './lib/schemaTests.js' -import validate from './lib/validate.js' - -const validTests = - /** @type {import('./lib/shared/types.js').DocumentTest[]} */ ( - Object.values(mandatory) - ) - .concat(Object.values(optional)) - .concat(Object.values(informative)) - .concat(Object.values(schema)) - -/** - * @param {Array} tests - * @param {any} doc - */ -export default async function (tests, doc) { - for (const test of tests) { - if (!validTests.includes(test)) { - throw new Error( - 'Execution of test functions not defined in the library is prohibited. See https://github.com/secvisogram/csaf-validator-lib#strict-mode for more details.' - ) - } - } - - return validate(tests, doc) -} diff --git a/package.json b/package.json index 18e374c..0e8bbed 100644 --- a/package.json +++ b/package.json @@ -8,8 +8,7 @@ "test:typescript": "tsc -b .", "test:backend": "cd backend && npm test", "dev": "cd backend && npm run dev", - "preinstall": "npm run install:csaf-validator-lib && npm run install:backend", - "install:csaf-validator-lib": "cd csaf-validator-lib && npm ci", + "preinstall": "npm run install:backend", "install:backend": "cd backend && npm ci", "dist": "./scripts/dist.sh", "preversion": "", diff --git a/scripts/dist.sh b/scripts/dist.sh index 3b0ecda..84f7a79 100755 --- a/scripts/dist.sh +++ b/scripts/dist.sh @@ -1,10 +1,8 @@ #!/bin/sh -cd csaf-validator-lib && npm ci --omit=dev -cd ../backend && npm ci --omit=dev +cd backend && npm ci --omit=dev cd .. mkdir -p dist -cp -r csaf-validator-lib dist/ cp -r backend dist/