From 9ac967b4733baa43eff1dd77e62271d6a6d3cbd4 Mon Sep 17 00:00:00 2001 From: notshivansh Date: Wed, 18 Oct 2023 13:59:23 +0530 Subject: [PATCH 1/3] add code for cve support --- .../action/testing_issues/IssuesAction.java | 1 + .../components/editor_config/keywords.js | 2 +- .../pages/testing/ExportHtml/ExportHtml.jsx | 87 +------- .../TestRunResultPage/TestRunResultPage.jsx | 10 +- .../apps/dashboard/pages/testing/transform.js | 209 +++++++++++++----- .../src/apps/dashboard/tools/TextEditor.vue | 2 +- .../testing/components/PDFExportHTML.vue | 14 ++ .../testing/components/TestResultsDialog.vue | 21 +- .../java/com/akto/dto/test_editor/Info.java | 13 +- 9 files changed, 215 insertions(+), 144 deletions(-) diff --git a/apps/dashboard/src/main/java/com/akto/action/testing_issues/IssuesAction.java b/apps/dashboard/src/main/java/com/akto/action/testing_issues/IssuesAction.java index fe8aab3ec7..a7b3b59f9f 100644 --- a/apps/dashboard/src/main/java/com/akto/action/testing_issues/IssuesAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/testing_issues/IssuesAction.java @@ -197,6 +197,7 @@ public static BasicDBObject createSubcategoriesInfoObj(TestConfig testConfig) { infoObj.put("testName", info.getName()); infoObj.put("references", info.getReferences()); infoObj.put("cwe", info.getCwe()); + infoObj.put("cve", info.getCve()); infoObj.put("name", testConfig.getId()); infoObj.put("_name", testConfig.getId()); infoObj.put("content", testConfig.getContent()); diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/components/editor_config/keywords.js b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/components/editor_config/keywords.js index 61e6bb94cb..4b6271e482 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/components/editor_config/keywords.js +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/components/editor_config/keywords.js @@ -12,7 +12,7 @@ const keywords = [ "api_selection_filters", "execute", "type", "auth", "validate", "authenticated", "private_variable_context", "param_context", "endpoint_in_traffic_context", "sample_request_payload", "sample_response_payload", "sample_request_headers", "sample_response_headers", - "test_request_payload", "test_response_payload", "test_request_headers", "test_response_headers", "cwe" + "test_request_payload", "test_response_payload", "test_request_headers", "test_response_headers", "cwe", "cve" ] export default keywords \ No newline at end of file diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/ExportHtml/ExportHtml.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/ExportHtml/ExportHtml.jsx index 5f69572f69..7b30503376 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/ExportHtml/ExportHtml.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/ExportHtml/ExportHtml.jsx @@ -4,7 +4,7 @@ import issuesApi from '../../issues/api'; import api from '../api'; import PersistStore from '../../../../main/PersistStore'; import { Avatar, Box, Button,Frame, HorizontalGrid, HorizontalStack, LegacyCard, Text, TopBar, VerticalStack, Icon, Badge, List, Link } from '@shopify/polaris' -import {FlagMajor, CollectionsMajor, ResourcesMajor, InfoMinor, CreditCardSecureMajor} from "@shopify/polaris-icons" +import {FlagMajor, CollectionsMajor, ResourcesMajor, InfoMinor, CreditCardSecureMajor, FraudProtectMajor} from "@shopify/polaris-icons" import func from '@/util/func' import './styles.css' import transform from '../transform'; @@ -34,6 +34,11 @@ function ExportHtml() { title: "CWE", content: "" }, + { + icon: FraudProtectMajor, + title: "CVE", + content: "" + }, { icon: ResourcesMajor, title: "References", @@ -183,85 +188,7 @@ function ExportHtml() { } const fillContent = (item) => { - let filledSection = [] - moreInfoSections.forEach((section) => { - let sectionLocal = {} - sectionLocal.icon = section.icon - sectionLocal.title = section.title - switch(section.title) { - case "Description": - sectionLocal.content = ( - - {replaceTags(item.category.issueDetails, item.category.vulnerableTestingRunResults) || "No impact found"} - - ) - break; - case "Impact": - sectionLocal.content = ( - - {item.category.issueImpact || "No impact found"} - - ) - break; - case "Tags": - sectionLocal.content = ( - - { - item?.category?.issueTags?.map((tag, index) => { - return ( - {tag} - ) - }) - } - - ) - - break; - case "CWE": - sectionLocal.content = ( - - { - transform.tagList(item?.category?.cwe, true) - } - - ) - break; - case "References": - sectionLocal.content = ( - - { - item?.category?.references?.map((reference) => { - return ( - - - - {reference} - - - - ) - }) - } - - ) - break; - } - filledSection.push(sectionLocal) - }) - return filledSection - } - - const replaceTags = (details, vulnerableRequests) => { - let percentageMatch = 0; - vulnerableRequests?.forEach((request) => { - let testRun = request['testResults'] - testRun?.forEach((runResult) => { - if (percentageMatch < runResult.percentageMatch) { - percentageMatch = runResult.percentageMatch - } - }) - }) - return details.replace(/{{percentageMatch}}/g, func.prettifyShort(percentageMatch)) + return transform.fillMoreInformation(item.category, moreInfoSections); } diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/TestRunResultPage/TestRunResultPage.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/TestRunResultPage/TestRunResultPage.jsx index 6bca26bcbc..a14a195040 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/TestRunResultPage/TestRunResultPage.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/TestRunResultPage/TestRunResultPage.jsx @@ -7,7 +7,8 @@ import { CollectionsMajor, FlagMajor, CreditCardSecureMajor, - MarketingMajor} from '@shopify/polaris-icons'; + MarketingMajor, + FraudProtectMajor} from '@shopify/polaris-icons'; import { Text, Button, @@ -83,6 +84,11 @@ let moreInfoSections = [ title: "CWE", content: "" }, + { + icon: FraudProtectMajor, + title: "CVE", + content: "" + }, { icon: MarketingMajor, title: "API endpoints affected", @@ -185,7 +191,7 @@ function TestRunResultPage(props) { await api.fetchAffectedEndpoints(runIssues.id).then((resp1) => { runIssuesArr = resp1['similarlyAffectedIssues']; }) - setInfoState(transform.fillMoreInformation(runIssues, runIssuesArr,subCategoryMap, moreInfoSections)) + setInfoState(transform.fillMoreInformation(subCategoryMap[runIssues?.id?.testSubCategory],moreInfoSections, runIssuesArr)) } else { setIssueDetails(...[{}]); } diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/transform.js b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/transform.js index b0e7a4c866..b5e45e78e9 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/transform.js +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/transform.js @@ -99,17 +99,32 @@ function checkTestFailure(summaryState, testRunState){ return false; } +function getCweLink(item){ + let linkUrl = "" + let cwe = item.split("-") + if(cwe[1]){ + linkUrl = `https://cwe.mitre.org/data/definitions/${cwe[1]}.html` + } + return linkUrl; +} + +function getCveLink(item){ + return `https://nvd.nist.gov/vuln/detail/${item}` +} + const transform = { - tagList : (list, cweLink) => { + tagList : (list, linkType) => { let ret = list?.map((tag, index) => { let linkUrl = "" - if(cweLink){ - let cwe = tag.split("-") - if(cwe[1]){ - linkUrl = `https://cwe.mitre.org/data/definitions/${cwe[1]}.html` - } + switch(linkType){ + case "CWE": + linkUrl = getCweLink(tag) + break; + case "CVE": + linkUrl = getCveLink(tag) + break; } return ( @@ -214,6 +229,8 @@ const transform = { obj['nextUrl'] = "/dashboard/testing/"+ hexId + "/result/" + data.hexId; obj['cwe'] = subCategoryMap[data.testSubType]?.cwe ? subCategoryMap[data.testSubType]?.cwe : [] obj['cweDisplay'] = minimizeTagList(obj['cwe']) + obj['cve'] = subCategoryMap[data.testSubType]?.cve ? subCategoryMap[data.testSubType]?.cve : [] + obj['cveDisplay'] = minimizeTagList(obj['cve']) return obj; }, prepareTestRunResults : (hexId, testingRunResults, subCategoryMap, subCategoryFromSourceConfigMap) => { @@ -256,58 +273,140 @@ const transform = { } return [] }, - fillMoreInformation(runIssues, runIssuesArr, subCategoryMap, moreInfoSections){ - moreInfoSections[0].content = ( - - {subCategoryMap[runIssues.id?.testSubCategory]?.issueImpact || "No impact found"} - - ) - moreInfoSections[1].content = ( - - { - transform.tagList(subCategoryMap[runIssues.id.testSubCategory]?.issueTags) + + replaceTags(details, vulnerableRequests) { + let percentageMatch = 0; + vulnerableRequests?.forEach((request) => { + let testRun = request['testResults'] + testRun?.forEach((runResult) => { + if (percentageMatch < runResult.percentageMatch) { + percentageMatch = runResult.percentageMatch + } + }) + }) + return details.replace(/{{percentageMatch}}/g, func.prettifyShort(percentageMatch)) + }, + + fillMoreInformation(category, moreInfoSections, affectedEndpoints) { + + let filledSection = [] + moreInfoSections.forEach((section) => { + let sectionLocal = {} + sectionLocal.icon = section.icon + sectionLocal.title = section.title + switch (section.title) { + case "Description": + + if(category?.issueDetails == null || category?.issueDetails == undefined){ + return; + } + + sectionLocal.content = ( + + {transform.replaceTags(category?.issueDetails, category?.vulnerableTestingRunResults) || "No impact found"} + + ) + break; + case "Impact": + + if(category?.issueImpact == null || category?.issueImpact == undefined){ + return; } - - ) - moreInfoSections[2].content = ( - - { - transform.tagList(subCategoryMap[runIssues.id.testSubCategory]?.cwe, true) + + sectionLocal.content = ( + + {category?.issueImpact || "No impact found"} + + ) + break; + case "Tags": + if (category?.issueTags == null || category?.issueTags == undefined || category?.issueTags.length == 0) { + return; } - - ) - moreInfoSections[4].content = ( - - { - subCategoryMap[runIssues.id?.testSubCategory]?.references?.map((reference) => { - return ( - - - - {reference} - - - - ) - }) + + sectionLocal.content = ( + + { + transform.tagList(category?.issueTags) + } + + ) + + break; + case "CWE": + if (category?.cwe == null || category?.cwe == undefined || category?.cwe.length == 0) { + return; } - - ) - moreInfoSections[3].content = ( - - { - runIssuesArr?.map((item, index) => { - return ( - - - {item.id.apiInfoKey.method} {item.id.apiInfoKey.url} - - ) - }) - } - - ) - return moreInfoSections; + sectionLocal.content = ( + + { + transform.tagList(category?.cwe, "CWE") + } + + ) + break; + case "CVE": + if (category?.cve == null || category?.cve == undefined || category?.cve.length == 0) { + return; + } + sectionLocal.content = ( + + { + transform.tagList(category?.cve, "CVE") + } + + ) + break; + case "References": + + if (category?.references == null || category?.references == undefined || category?.references.length == 0) { + return; + } + + sectionLocal.content = ( + + { + category?.references?.map((reference) => { + return ( + + + + {reference} + + + + ) + }) + } + + ) + break; + case "API endpoints affected": + + if (affectedEndpoints == null || affectedEndpoints == undefined || affectedEndpoints.length == 0) { + return; + } + + sectionLocal.content = ( + + { + affectedEndpoints?.map((item, index) => { + return ( + + + {item.id.apiInfoKey.method} {item.id.apiInfoKey.url} + + ) + }) + } + + ) + break; + } + filledSection.push(sectionLocal) + }) + + return filledSection; }, filterContainsConditions(conditions, operator) { //operator is string as 'OR' or 'AND' diff --git a/apps/dashboard/web/src/apps/dashboard/tools/TextEditor.vue b/apps/dashboard/web/src/apps/dashboard/tools/TextEditor.vue index 83927bf7c4..4931f4b7a0 100644 --- a/apps/dashboard/web/src/apps/dashboard/tools/TextEditor.vue +++ b/apps/dashboard/web/src/apps/dashboard/tools/TextEditor.vue @@ -330,7 +330,7 @@ export default { "api_selection_filters", "execute", "type", "auth", "validate", "authenticated", "private_variable_context", "param_context", "endpoint_in_traffic_context", "sample_request_payload", "sample_response_payload", "sample_request_headers", "sample_response_headers", - "test_request_payload", "test_response_payload", "test_request_headers", "test_response_headers", "cwe" + "test_request_payload", "test_response_payload", "test_request_headers", "test_response_headers", "cwe", "cve" ], textEditor: null, testCategories: [], diff --git a/apps/dashboard/web/src/apps/dashboard/views/testing/components/PDFExportHTML.vue b/apps/dashboard/web/src/apps/dashboard/views/testing/components/PDFExportHTML.vue index 50bc1f3edb..89363d47f8 100644 --- a/apps/dashboard/web/src/apps/dashboard/views/testing/components/PDFExportHTML.vue +++ b/apps/dashboard/web/src/apps/dashboard/views/testing/components/PDFExportHTML.vue @@ -76,6 +76,20 @@ + + + CVE + + + + {{ chipItem }} + + + diff --git a/apps/dashboard/web/src/apps/dashboard/views/testing/components/TestResultsDialog.vue b/apps/dashboard/web/src/apps/dashboard/views/testing/components/TestResultsDialog.vue index 36fe681636..1d0f401f01 100644 --- a/apps/dashboard/web/src/apps/dashboard/views/testing/components/TestResultsDialog.vue +++ b/apps/dashboard/web/src/apps/dashboard/views/testing/components/TestResultsDialog.vue @@ -40,7 +40,13 @@ + @@ -190,14 +196,21 @@ export default { return highlightPaths }, - goToCwePage(item){ + getCweLink(item){ let cwe = item.split("-") if(cwe[1]){ cwe = cwe[1] } else { - return; + return ""; } - return window.open(`https://cwe.mitre.org/data/definitions/${cwe}.html`, "_blank") + return `https://cwe.mitre.org/data/definitions/${cwe}.html` + }, + getCveLink(item){ + console.log(item); + return `https://nvd.nist.gov/vuln/detail/${item}` + }, + goToPage(link){ + return window.open(link, "_blank") } }, watch: { diff --git a/libs/dao/src/main/java/com/akto/dto/test_editor/Info.java b/libs/dao/src/main/java/com/akto/dto/test_editor/Info.java index 974504a882..3ba78bc8f6 100644 --- a/libs/dao/src/main/java/com/akto/dto/test_editor/Info.java +++ b/libs/dao/src/main/java/com/akto/dto/test_editor/Info.java @@ -24,8 +24,10 @@ public class Info { private List cwe; + private List cve; + public Info(String name, String description, String details, String impact, Category category, String subCategory, - String severity, List tags, List references, List cwe) { + String severity, List tags, List references, List cwe, List cve) { this.name = name; this.description = description; this.details = details; @@ -36,6 +38,7 @@ public Info(String name, String description, String details, String impact, Cate this.tags = tags; this.references = references; this.cwe = cwe; + this.cve = cve; } public Info() { } @@ -120,4 +123,12 @@ public void setCwe(List cwe) { this.cwe = cwe; } + public List getCve() { + return cve; + } + + public void setCve(List cve) { + this.cve = cve; + } + } From 345f4c536ee817d401e0fa9a0692d8091bafef84 Mon Sep 17 00:00:00 2001 From: arjun Date: Thu, 19 Oct 2023 23:28:38 +0530 Subject: [PATCH 2/3] CVEs added to templates --- .../inbuilt_test_yaml_files/AbusingCRLFInHeaders.yaml | 3 +++ .../main/resources/inbuilt_test_yaml_files/AddUserId.yaml | 2 ++ .../AirflowConfigurationExposure.yaml | 2 ++ .../inbuilt_test_yaml_files/AmazonDockerConfig.yaml | 2 ++ .../main/resources/inbuilt_test_yaml_files/ApacheConfig.yaml | 2 ++ .../main/resources/inbuilt_test_yaml_files/AppendXSS.yaml | 4 ++++ .../inbuilt_test_yaml_files/BOLAByChangingAuthToken.yaml | 2 ++ .../src/main/resources/inbuilt_test_yaml_files/BasicXSS.yaml | 3 +++ .../inbuilt_test_yaml_files/BypassCaptchaRemovingCookie.yaml | 3 +++ .../inbuilt_test_yaml_files/BypassCaptchaUsingHeader.yaml | 3 +++ .../CORSMisconfigurationInvalidOrigin.yaml | 3 +++ .../CORSMisconfigurationWhitelistOrigin.yaml | 2 ++ .../resources/inbuilt_test_yaml_files/CSRFLoginAttack.yaml | 3 +++ .../main/resources/inbuilt_test_yaml_files/CgiPrintEnv.yaml | 2 ++ .../CommandInjectionByAddingQueryParams.yaml | 3 +++ .../main/resources/inbuilt_test_yaml_files/ConfigJson.yaml | 3 +++ .../main/resources/inbuilt_test_yaml_files/ConfigRuby.yaml | 2 ++ .../inbuilt_test_yaml_files/ConfigurationListing.yaml | 3 +++ .../inbuilt_test_yaml_files/ContentTypeHeaderMissing.yaml | 3 +++ .../inbuilt_test_yaml_files/CookieMisconfiguration.yaml | 3 +++ .../inbuilt_test_yaml_files/DefaultLoginCredentials.yml | 3 +++ .../DescriptiveErrorMessageInvalidPayloads.yaml | 3 +++ .../resources/inbuilt_test_yaml_files/DjangoUrlExposed.yaml | 2 ++ .../inbuilt_test_yaml_files/DockerComposeConfig.yaml | 2 ++ .../inbuilt_test_yaml_files/FetchSensitiveFilesViaSSRF.yaml | 2 ++ .../inbuilt_test_yaml_files/FirebaseConfigExposure.yaml | 3 +++ .../inbuilt_test_yaml_files/FirebaseUnauthenticated.yaml | 3 +++ .../inbuilt_test_yaml_files/FlaskDebugModeEnabled.yaml | 2 ++ .../inbuilt_test_yaml_files/FtpCredentialsExposure.yaml | 3 +++ .../main/resources/inbuilt_test_yaml_files/GitConfig.yaml | 2 ++ .../inbuilt_test_yaml_files/GitConfigNginxoffbyslash.yaml | 3 +++ .../inbuilt_test_yaml_files/GitCredentialsDisclosure.yaml | 2 ++ .../inbuilt_test_yaml_files/GithubWorkflowsDisclosure.yaml | 3 +++ .../GraphqlDevelopmentConsoleExposed.yaml | 2 ++ .../GraphqlFieldSuggestionEnabled.yaml | 2 ++ .../inbuilt_test_yaml_files/GraphqlIntrospectionEnabled.yaml | 2 ++ .../GraphqlTypeIntrospectionAllowed.yaml | 2 ++ .../resources/inbuilt_test_yaml_files/HeadMethodTest.yaml | 2 ++ .../inbuilt_test_yaml_files/HeaderReflectedInInvalidUrl.yaml | 4 +++- .../inbuilt_test_yaml_files/HttpResponseSplitting.yaml | 2 ++ .../resources/inbuilt_test_yaml_files/InvalidFileInput.yaml | 2 ++ .../main/resources/inbuilt_test_yaml_files/JwtAddJku.yaml | 2 ++ .../inbuilt_test_yaml_files/JwtInvalidSignature.yaml | 3 +++ .../main/resources/inbuilt_test_yaml_files/JwtNoneAlgo.yaml | 5 ++++- .../inbuilt_test_yaml_files/KernelOpenCommandInjection.yaml | 3 +++ .../KubernetesKustomizationDisclosure.yaml | 2 ++ .../resources/inbuilt_test_yaml_files/LFIAddingNewParam.yaml | 3 +++ .../resources/inbuilt_test_yaml_files/LFIInParameter.yaml | 2 ++ .../main/resources/inbuilt_test_yaml_files/LFIInPath.yaml | 2 ++ .../inbuilt_test_yaml_files/LaravelDebugModeEnabled.yaml | 2 ++ .../main/resources/inbuilt_test_yaml_files/LaravelEnv.yaml | 2 ++ .../inbuilt_test_yaml_files/MassAssignmentChangeAccount.yaml | 3 +++ .../inbuilt_test_yaml_files/MassAssignmentChangeAdmin.yaml | 3 +++ .../inbuilt_test_yaml_files/MassAssignmentChangeRole.yaml | 3 +++ .../MassAssignmentCreateAdminUser.yaml | 3 +++ .../inbuilt_test_yaml_files/MisconfiguredDocker.yaml | 3 +++ .../main/resources/inbuilt_test_yaml_files/MsmtpConfig.yaml | 2 ++ .../inbuilt_test_yaml_files/MustContainResponseHeaders.yaml | 3 +++ .../main/resources/inbuilt_test_yaml_files/NginxConfig.yaml | 3 +++ .../inbuilt_test_yaml_files/NginxDefaultPageEnabled.yaml | 2 ++ .../inbuilt_test_yaml_files/NginxServerVersionDisclosed.yaml | 2 ++ .../inbuilt_test_yaml_files/NginxStatusVisible.yaml | 3 +++ .../src/main/resources/inbuilt_test_yaml_files/NoAuth.yaml | 2 ++ .../resources/inbuilt_test_yaml_files/OldApiVersion.yaml | 2 ++ .../main/resources/inbuilt_test_yaml_files/OpenRedirect.yaml | 3 +++ .../OpenRedirectHostHeaderInjection.yaml | 3 +++ .../inbuilt_test_yaml_files/OpenRedirectInPath.yaml | 2 ++ .../OpenRedirectSubdomainWhitelist.yaml | 2 ++ .../inbuilt_test_yaml_files/OracleEbsCredentials.yaml | 3 +++ .../src/main/resources/inbuilt_test_yaml_files/PageDos.yaml | 3 +++ .../inbuilt_test_yaml_files/ParameterPollution.yaml | 2 ++ .../resources/inbuilt_test_yaml_files/ParametersConfig.yaml | 4 +++- .../inbuilt_test_yaml_files/PortScanningViaSSRF.yaml | 3 +++ .../inbuilt_test_yaml_files/RailsDebugModeEnabled.yaml | 2 ++ .../inbuilt_test_yaml_files/RailsDefaultHomepageEnabled.yaml | 2 ++ .../resources/inbuilt_test_yaml_files/RandomMethodTest.yaml | 3 +++ .../main/resources/inbuilt_test_yaml_files/RedisConfig.yaml | 3 +++ .../main/resources/inbuilt_test_yaml_files/RemoveCSRF.yaml | 3 +++ .../resources/inbuilt_test_yaml_files/RemoveCaptcha.yaml | 2 ++ .../main/resources/inbuilt_test_yaml_files/ReplaceCSRF.yaml | 3 +++ .../resources/inbuilt_test_yaml_files/ReplayCaptcha.yaml | 3 +++ .../inbuilt_test_yaml_files/RobomongoCredential.yaml | 3 +++ .../SSRFOnAWSMetaEndpointAbusingEnclosedAlphanumerics.yaml | 3 +++ .../inbuilt_test_yaml_files/SSRFOnAwsMetaEndpoint.yaml | 2 ++ .../resources/inbuilt_test_yaml_files/SSRFOnCSVUpload.yaml | 2 ++ .../main/resources/inbuilt_test_yaml_files/SSRFOnFiles.yaml | 3 +++ .../resources/inbuilt_test_yaml_files/SSRFOnImageUpload.yaml | 2 ++ .../resources/inbuilt_test_yaml_files/SSRFOnLocalhost.yaml | 2 ++ .../inbuilt_test_yaml_files/SSRFOnLocalhostDNSPinning.yaml | 2 ++ .../inbuilt_test_yaml_files/SSRFOnLocalhostEncoded.yaml | 2 ++ .../resources/inbuilt_test_yaml_files/SSRFOnPDFUpload.yaml | 2 ++ .../resources/inbuilt_test_yaml_files/SSRFOnXMLUpload.yaml | 2 ++ .../inbuilt_test_yaml_files/SSTIInFlaskAndJinja.yaml | 3 +++ .../resources/inbuilt_test_yaml_files/SSTIInFreemarker.yaml | 3 +++ .../main/resources/inbuilt_test_yaml_files/SSTIInTwig.yaml | 3 +++ .../resources/inbuilt_test_yaml_files/ServerPrivateKeys.yaml | 3 +++ .../inbuilt_test_yaml_files/ServerVersionExposedInvalid.yaml | 2 ++ .../inbuilt_test_yaml_files/ServerVersionExposedValid.yaml | 2 ++ .../resources/inbuilt_test_yaml_files/SessionFixation.yaml | 3 +++ .../inbuilt_test_yaml_files/SftpConfigExposure.yaml | 2 ++ .../inbuilt_test_yaml_files/SonarqubePublicProjects.yaml | 2 ++ .../SpringBootBeansActuatorExposed.yaml | 3 +++ .../SpringBootConfigPropsActuatorExposed.yaml | 3 +++ .../SpringBootEnvActuatorExposed.yaml | 3 +++ .../SpringBootHttpTraceActuatorExposed.yaml | 3 +++ .../SpringBootThreadDumpActuatorExposed.yaml | 3 +++ .../resources/inbuilt_test_yaml_files/SshAuthorizedKeys.yaml | 3 +++ .../resources/inbuilt_test_yaml_files/SshKnownHosts.yaml | 2 ++ .../inbuilt_test_yaml_files/TextInjectionViaInvalidUrls.yaml | 3 +++ .../resources/inbuilt_test_yaml_files/TraceMethodTest.yaml | 3 +++ .../resources/inbuilt_test_yaml_files/TrackMethodTest.yaml | 2 ++ .../inbuilt_test_yaml_files/UnauthenticatedMongoExpress.yaml | 3 +++ .../inbuilt_test_yaml_files/UnwantedResponseHeaders.yaml | 4 ++++ .../resources/inbuilt_test_yaml_files/WpconfigAwsKeys.yaml | 3 +++ .../main/resources/inbuilt_test_yaml_files/XSSInPath.yaml | 2 ++ .../resources/inbuilt_test_yaml_files/XSSViaFilename.yaml | 3 +++ 116 files changed, 298 insertions(+), 3 deletions(-) diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AbusingCRLFInHeaders.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AbusingCRLFInHeaders.yaml index d341aea33a..56b0339ab7 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AbusingCRLFInHeaders.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AbusingCRLFInHeaders.yaml @@ -24,6 +24,9 @@ info: - CWE-93 - CWE-74 - CWE-20 + cve: + - CVE-2020-15693 + - CVE-2023-0040 api_selection_filters: query_param: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AddUserId.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AddUserId.yaml index 9183922eb9..f03515a02a 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AddUserId.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AddUserId.yaml @@ -28,6 +28,8 @@ info: - CWE-639 - CWE-284 - CWE-285 + cve: + - CVE-2022-34621 auth: authenticated: true diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AirflowConfigurationExposure.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AirflowConfigurationExposure.yaml index a62fd6c5d1..f9564ce42e 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AirflowConfigurationExposure.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AirflowConfigurationExposure.yaml @@ -18,6 +18,8 @@ info: cwe: - CWE-200 - CWE-213 + cve: + - CVE-2023-35005 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AmazonDockerConfig.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AmazonDockerConfig.yaml index e97a30c606..6a130f5efd 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AmazonDockerConfig.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AmazonDockerConfig.yaml @@ -16,6 +16,8 @@ info: cwe: - CWE-200 - CWE-213 + cve: + - CVE-2020-14329 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ApacheConfig.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ApacheConfig.yaml index e8e1b29a88..db17034c57 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ApacheConfig.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ApacheConfig.yaml @@ -16,6 +16,8 @@ info: cwe: - CWE-200 - CWE-213 + cve: + - CVE-2018-10245 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AppendXSS.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AppendXSS.yaml index 7439d816fa..1610595208 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AppendXSS.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AppendXSS.yaml @@ -21,6 +21,10 @@ info: - "https://hackerone.com/reports/840759" cwe: - CWE-79 + cve: + - CVE-2015-1159 + - CVE-2023-24737 + - CVE-2020-25495 api_selection_filters: method: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BOLAByChangingAuthToken.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BOLAByChangingAuthToken.yaml index 0fdddbb559..1e54705636 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BOLAByChangingAuthToken.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BOLAByChangingAuthToken.yaml @@ -32,6 +32,8 @@ info: - CWE-284 - CWE-285 - CWE-639 + cve: + - CVE-2023-39349 auth: authenticated: true diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BasicXSS.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BasicXSS.yaml index 88e676c2fb..48320b3373 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BasicXSS.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BasicXSS.yaml @@ -20,6 +20,9 @@ info: - "https://owasp.org/www-community/attacks/xss/" cwe: - CWE-79 + cve: + - CVE-2022-34196 + - CVE-2023-44764 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BypassCaptchaRemovingCookie.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BypassCaptchaRemovingCookie.yaml index fc9e74388a..f78b3ab81b 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BypassCaptchaRemovingCookie.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BypassCaptchaRemovingCookie.yaml @@ -19,6 +19,9 @@ info: references: cwe: - CWE-307 + cve: + - CVE-2023-0085 + - CVE-2021-37417 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BypassCaptchaUsingHeader.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BypassCaptchaUsingHeader.yaml index 1cd5c54eb8..b1941989a8 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BypassCaptchaUsingHeader.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BypassCaptchaUsingHeader.yaml @@ -20,6 +20,9 @@ info: - "https://hackerone.com/reports/210417" cwe: - CWE-287 + cve: + - CVE-2022-39955 + - CVE-2023-0085 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationInvalidOrigin.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationInvalidOrigin.yaml index 0523a9f4a1..2377296956 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationInvalidOrigin.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationInvalidOrigin.yaml @@ -24,6 +24,9 @@ info: - "https://crashtest-security.com/cors-misconfiguration/" cwe: - CWE-16 + cve: + - CVE-2021-27786 + - CVE-2021-26991 auth: authenticated: true diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationWhitelistOrigin.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationWhitelistOrigin.yaml index b4af904478..02cb20967e 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationWhitelistOrigin.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationWhitelistOrigin.yaml @@ -23,6 +23,8 @@ info: - "https://crashtest-security.com/cors-misconfiguration/" cwe: - CWE-16 + cve: + - CVE-2021-27786 auth: authenticated: true diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CSRFLoginAttack.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CSRFLoginAttack.yaml index 838cdba9a1..255c020849 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CSRFLoginAttack.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CSRFLoginAttack.yaml @@ -23,6 +23,9 @@ info: - "https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/cross-site-request-forgery-in-login-form-invicti/" cwe: - CWE-352 + cve: + - CVE-2023-33212 + - CVE-2023-42270 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CgiPrintEnv.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CgiPrintEnv.yaml index 5841473a47..7e3121ed54 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CgiPrintEnv.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CgiPrintEnv.yaml @@ -15,6 +15,8 @@ info: - https://www.acunetix.com/vulnerabilities/web/test-cgi-script-leaking-environment-variables/ cwe: - CWE-16 + cve: + - CVE-2023-22897 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CommandInjectionByAddingQueryParams.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CommandInjectionByAddingQueryParams.yaml index 7cb93b2f8a..d3f2fcdf30 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CommandInjectionByAddingQueryParams.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CommandInjectionByAddingQueryParams.yaml @@ -21,6 +21,9 @@ info: - "https://twitter.com/trbughunters/status/1283133356922884096" cwe: - CWE-77 + cve: + - CVE-2023-25826 + - CVE-2023-41031 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigJson.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigJson.yaml index 527776a077..2894021caf 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigJson.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigJson.yaml @@ -16,6 +16,9 @@ info: cwe: - CWE-200 - CWE-213 + cve: + - CVE-2021-31567 + - CVE-2023-35005 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigRuby.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigRuby.yaml index 0bfdacac6f..aba7d85308 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigRuby.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigRuby.yaml @@ -16,6 +16,8 @@ info: - https://www.acunetix.com/vulnerabilities/web/ruby-on-rails-database-configuration-file/ cwe: - CWE-538 + cve: + - CVE-2019-5418 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigurationListing.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigurationListing.yaml index 97368833f3..09e15f96f3 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigurationListing.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigurationListing.yaml @@ -15,6 +15,9 @@ info: - https://www.exploit-db.com/ghdb/7014 cwe: - CWE-16 + cve: + - CVE-2021-1126 + - CVE-2021-33214 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ContentTypeHeaderMissing.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ContentTypeHeaderMissing.yaml index 8c2d1ead21..fd41930845 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ContentTypeHeaderMissing.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ContentTypeHeaderMissing.yaml @@ -28,6 +28,9 @@ info: - "https://cwe.mitre.org/data/definitions/639.html" cwe: - CWE-16 + cve: + - CVE-2023-38199 + - CVE-2023-26130 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CookieMisconfiguration.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CookieMisconfiguration.yaml index f2ad85ba3b..0c6e5f174f 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CookieMisconfiguration.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CookieMisconfiguration.yaml @@ -19,6 +19,9 @@ info: - "https://hackerone.com/reports/58679" cwe: - CWE-16 + cve: + - CVE-2023-4654 + - CVE-2023-28708 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DefaultLoginCredentials.yml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DefaultLoginCredentials.yml index 1c540f58c9..a75a9a6f60 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DefaultLoginCredentials.yml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DefaultLoginCredentials.yml @@ -25,6 +25,9 @@ info: - "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/" cwe: - CWE-1392 + cve: + - CVE-2023-41878 + - CVE-2023-37755 wordLists: usernames: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DescriptiveErrorMessageInvalidPayloads.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DescriptiveErrorMessageInvalidPayloads.yaml index c351fcf86a..f064b69244 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DescriptiveErrorMessageInvalidPayloads.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DescriptiveErrorMessageInvalidPayloads.yaml @@ -20,6 +20,9 @@ info: - "https://owasp.org/www-community/Improper_Error_Handling" cwe: - CWE-209 + cve: + - CVE-2020-11883 + - CVE-2020-15652 api_selection_filters: method: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DjangoUrlExposed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DjangoUrlExposed.yaml index a26d73a629..db5a84fd34 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DjangoUrlExposed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DjangoUrlExposed.yaml @@ -24,6 +24,8 @@ info: - "https://hackerone.com/reports/1033423" cwe: - CWE-16 + cve: + - CVE-2017-12794 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DockerComposeConfig.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DockerComposeConfig.yaml index 65b6619475..7afe668612 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DockerComposeConfig.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DockerComposeConfig.yaml @@ -16,6 +16,8 @@ info: - https://secapps.com/vulndb/docker-compose-exposure cwe: - CWE-16 + cve: + - CVE-2023-37273 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FetchSensitiveFilesViaSSRF.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FetchSensitiveFilesViaSSRF.yaml index 5d18935634..d5499069c8 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FetchSensitiveFilesViaSSRF.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FetchSensitiveFilesViaSSRF.yaml @@ -26,6 +26,8 @@ info: - "https://www.cobalt.io/blog/from-ssrf-to-port-scanner" cwe: - CWE-918 + cve: + - CVE-2023-27163 api_selection_filters: or: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseConfigExposure.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseConfigExposure.yaml index 75da4d9732..bcaa80650b 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseConfigExposure.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseConfigExposure.yaml @@ -15,6 +15,9 @@ info: - https://github.com/firebase/firebaseui-web/blob/master/demo/public/sample-config.js cwe: - CWE-16 + cve: + - CVE-2020-7765 + - CVE-2021-46743 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseUnauthenticated.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseUnauthenticated.yaml index c2a540d5b6..fbf37552bb 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseUnauthenticated.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseUnauthenticated.yaml @@ -20,6 +20,9 @@ info: - "http://ghostlulz.com/google-exposed-firebase-database/" cwe: - CWE-16 + cve: + - CVE-2020-7765 + - CVE-2021-46743 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FlaskDebugModeEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FlaskDebugModeEnabled.yaml index 5fce26995e..285d58af44 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FlaskDebugModeEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FlaskDebugModeEnabled.yaml @@ -28,6 +28,8 @@ info: - "http://ghostlulz.com/flask-rce-debug-mode/" cwe: - CWE-16 + cve: + - CVE-2015-5306 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FtpCredentialsExposure.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FtpCredentialsExposure.yaml index 73064deab1..e114f36aa9 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FtpCredentialsExposure.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FtpCredentialsExposure.yaml @@ -16,6 +16,9 @@ info: cwe: - CWE-200 - CWE-213 + cve: + - CVE-2023-2061 + - CVE-2018-18371 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitConfig.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitConfig.yaml index 4152bf4a6a..96643281e7 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitConfig.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitConfig.yaml @@ -15,6 +15,8 @@ info: - https://pentester.land/blog/source-code-disclosure-via-exposed-git-folder/ cwe: - CWE-16 + cve: + - CVE-2023-29007 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitConfigNginxoffbyslash.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitConfigNginxoffbyslash.yaml index 009dc2e5e4..ef332fd62a 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitConfigNginxoffbyslash.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitConfigNginxoffbyslash.yaml @@ -17,6 +17,9 @@ info: - https://github.com/PortSwigger/nginx-alias-traversal/blob/master/off-by-slash.py cwe: - CWE-16 + cve: + - CVE-2021-23017 + api_selection_filters: response_code: gte: 200 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitCredentialsDisclosure.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitCredentialsDisclosure.yaml index b187ec1acd..6fd0257c98 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitCredentialsDisclosure.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitCredentialsDisclosure.yaml @@ -16,6 +16,8 @@ info: cwe: - CWE-200 - CWE-213 + cve: + - CVE-2020-5260 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GithubWorkflowsDisclosure.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GithubWorkflowsDisclosure.yaml index 02448faaf4..5b631299d6 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GithubWorkflowsDisclosure.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GithubWorkflowsDisclosure.yaml @@ -15,6 +15,9 @@ info: - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/github-workflows-disclosure.json cwe: - CWE-16 + cve: + - CVE-2023-34111 + - CVE-2022-46258 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlDevelopmentConsoleExposed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlDevelopmentConsoleExposed.yaml index 26b8b49476..984608c6f9 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlDevelopmentConsoleExposed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlDevelopmentConsoleExposed.yaml @@ -27,6 +27,8 @@ info: - "https://0xn3va.gitbook.io/cheat-sheets/web-application/graphql-vulnerabilities" cwe: - CWE-16 + cve: + - CVE-2021-41248 api_selection_filters: url: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlFieldSuggestionEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlFieldSuggestionEnabled.yaml index 6ffd3c989e..133d47d974 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlFieldSuggestionEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlFieldSuggestionEnabled.yaml @@ -24,6 +24,8 @@ info: - "https://0xn3va.gitbook.io/cheat-sheets/web-application/graphql-vulnerabilities" cwe: - CWE-16 + cve: + - CVE-2023-5192 api_selection_filters: url: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlIntrospectionEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlIntrospectionEnabled.yaml index 1c898e5949..b7a980263e 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlIntrospectionEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlIntrospectionEnabled.yaml @@ -26,6 +26,8 @@ info: - "https://www.apollographql.com/blog/graphql/security/why-you-should-disable-graphql-introspection-in-production/" cwe: - CWE-16 + cve: + - CVE-2023-5192 api_selection_filters: url: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlTypeIntrospectionAllowed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlTypeIntrospectionAllowed.yaml index 2d2b25cd11..f16f568795 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlTypeIntrospectionAllowed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlTypeIntrospectionAllowed.yaml @@ -25,6 +25,8 @@ info: - "https://www.apollographql.com/blog/graphql/security/why-you-should-disable-graphql-introspection-in-production/" cwe: - CWE-16 + cve: + - CVE-2021-41248 api_selection_filters: url: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeadMethodTest.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeadMethodTest.yaml index 624f37b9f5..edbec8cbcd 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeadMethodTest.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeadMethodTest.yaml @@ -35,6 +35,8 @@ info: - "https://cwe.mitre.org/data/definitions/639.html" cwe: - CWE-16 + cve: + - CVE-2022-45956 auth: authenticated: true diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeaderReflectedInInvalidUrl.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeaderReflectedInInvalidUrl.yaml index b47a79b64f..7b9d5d51e0 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeaderReflectedInInvalidUrl.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeaderReflectedInInvalidUrl.yaml @@ -19,7 +19,9 @@ info: references: - "https://hackerone.com/reports/792998" cwe: - - "CWE-16" + - CWE-16 + cve: + - CVE-2022-37724 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HttpResponseSplitting.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HttpResponseSplitting.yaml index 7179d16c99..1f452600ae 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HttpResponseSplitting.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HttpResponseSplitting.yaml @@ -21,6 +21,8 @@ info: - "https://www.invicti.com/blog/web-security/crlf-http-header/" cwe: - CWE-93 + cve: + - CVE-2023-41834 api_selection_filters: query_param: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/InvalidFileInput.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/InvalidFileInput.yaml index 1809512235..479c8a77ef 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/InvalidFileInput.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/InvalidFileInput.yaml @@ -27,6 +27,8 @@ info: cwe: - CWE-728 - CWE-388 + cve: + - CVE-2020-10097 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtAddJku.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtAddJku.yaml index d09a252e30..ab37b27a90 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtAddJku.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtAddJku.yaml @@ -29,6 +29,8 @@ info: - "https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-jku-header-injection" cwe: - CWE-287 + cve: + - CVE-2018-0114 auth: authenticated: true diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtInvalidSignature.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtInvalidSignature.yaml index 97923cb9aa..dfdccf89c0 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtInvalidSignature.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtInvalidSignature.yaml @@ -27,6 +27,9 @@ info: - "https://portswigger.net/kb/issues/00200900_jwt-signature-not-verified#:~:text=Description%3A%20JWT%20signature%20not%20verified&text=However%2C%20some%20servers%20fail%20to,privileges%20or%20impersonate%20other%20users." cwe: - CWE-287 + cve: + - CVE-2022-25898 + - CVE-2021-29455 auth: authenticated: true diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtNoneAlgo.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtNoneAlgo.yaml index 43825f03df..ac10724845 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtNoneAlgo.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtNoneAlgo.yaml @@ -25,7 +25,10 @@ info: - "https://redhuntlabs.com/a-practical-guide-to-attack-jwt-json-web-token" - "https://portswigger.net/kb/issues/00200901_jwt-none-algorithm-supported" cwe: - - CWE-287 + - CWE-287 + cve: + - CVE-2022-23540 + - CVE-2015-9235 auth: authenticated: true diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/KernelOpenCommandInjection.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/KernelOpenCommandInjection.yaml index a33484aedb..9c749b3512 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/KernelOpenCommandInjection.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/KernelOpenCommandInjection.yaml @@ -19,6 +19,9 @@ info: - HackerOne top 10 cwe: - CWE-77 + cve: + - CVE-2021-31799 + api_selection_filters: or: - request_payload: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/KubernetesKustomizationDisclosure.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/KubernetesKustomizationDisclosure.yaml index bb2d366cb6..7be9ec26b0 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/KubernetesKustomizationDisclosure.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/KubernetesKustomizationDisclosure.yaml @@ -15,6 +15,8 @@ info: - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/kubernetes-kustomization-disclosure.json cwe: - CWE-16 + cve: + - CVE-2021-41254 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIAddingNewParam.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIAddingNewParam.yaml index 2e238bce01..507ec4b97c 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIAddingNewParam.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIAddingNewParam.yaml @@ -21,6 +21,9 @@ info: - "https://raw.githubusercontent.com/emadshanab/LFI-Payload-List/master/LFI%20payloads.txt" cwe: - CWE-98 + cve: + - CVE-2021-39433 + - CVE-2023-22973 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIInParameter.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIInParameter.yaml index 7c932fbd02..22e10a4bcf 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIInParameter.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIInParameter.yaml @@ -21,6 +21,8 @@ info: - "https://raw.githubusercontent.com/emadshanab/LFI-Payload-List/master/LFI%20payloads.txt" cwe: - CWE-98 + cve: + - CVE-2022-29597 api_selection_filters: or: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIInPath.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIInPath.yaml index 1661bd0039..30d54cc9d0 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIInPath.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIInPath.yaml @@ -21,6 +21,8 @@ info: - "https://raw.githubusercontent.com/emadshanab/LFI-Payload-List/master/LFI%20payloads.txt" cwe: - CWE-98 + cve: + - CVE-2023-2453 api_selection_filters: url: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelDebugModeEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelDebugModeEnabled.yaml index 221b353a7b..f20c4bbdf0 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelDebugModeEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelDebugModeEnabled.yaml @@ -28,6 +28,8 @@ info: - "https://laravel.com/docs/10.x/deployment#debug-mode" cwe: - CWE-16 + cve: + - CVE-2021-3129 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelEnv.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelEnv.yaml index 665fe3a58f..d855a79880 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelEnv.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelEnv.yaml @@ -16,6 +16,8 @@ info: - https://stackoverflow.com/questions/38331397/how-to-protect-env-file-in-laravel cwe: - CWE-16 + cve: + - CVE-2017-16894 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MassAssignmentChangeAccount.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MassAssignmentChangeAccount.yaml index 7541168d48..b541f076e7 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MassAssignmentChangeAccount.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MassAssignmentChangeAccount.yaml @@ -26,6 +26,9 @@ info: - "https://github.com/OWASP/API-Security/blob/master/2019/en/src/0xa6-mass-assignment.md" cwe: - CWE-915 + cve: + - CVE-2023-32079 + - CVE-2023-42768 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MassAssignmentChangeAdmin.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MassAssignmentChangeAdmin.yaml index 9045ed126c..9e5dc000b8 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MassAssignmentChangeAdmin.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MassAssignmentChangeAdmin.yaml @@ -26,6 +26,9 @@ info: - "https://github.com/OWASP/API-Security/blob/master/2019/en/src/0xa6-mass-assignment.md" cwe: - CWE-915 + cve: + - CVE-2023-32079 + - CVE-2023-42768 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MassAssignmentChangeRole.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MassAssignmentChangeRole.yaml index 6f472c8de5..f1e89a23e6 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MassAssignmentChangeRole.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MassAssignmentChangeRole.yaml @@ -26,6 +26,9 @@ info: - "https://github.com/OWASP/API-Security/blob/master/2019/en/src/0xa6-mass-assignment.md" cwe: - CWE-915 + cve: + - CVE-2023-32079 + - CVE-2023-42768 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MassAssignmentCreateAdminUser.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MassAssignmentCreateAdminUser.yaml index 4fd3cd087a..7e4a7aa39e 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MassAssignmentCreateAdminUser.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MassAssignmentCreateAdminUser.yaml @@ -26,6 +26,9 @@ info: - "https://github.com/OWASP/API-Security/blob/master/2019/en/src/0xa6-mass-assignment.md" cwe: - CWE-915 + cve: + - CVE-2023-32079 + - CVE-2023-42768 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MisconfiguredDocker.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MisconfiguredDocker.yaml index 3ae8094931..a2923bb09a 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MisconfiguredDocker.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MisconfiguredDocker.yaml @@ -15,6 +15,9 @@ info: - https://madhuakula.com/content/attacking-and-auditing-docker-containers-using-opensource/attacking-docker-containers/misconfiguration.html cwe: - CWE-16 + cve: + - CVE-2021-41092 + - CVE-2023-5165 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MsmtpConfig.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MsmtpConfig.yaml index 257630d297..c429f5a5b9 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MsmtpConfig.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MsmtpConfig.yaml @@ -15,6 +15,8 @@ info: - https://wiki.archlinux.org/title/Msmtp cwe: - CWE-16 + cve: + - CVE-2019-8337 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MustContainResponseHeaders.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MustContainResponseHeaders.yaml index 381a852ce5..18ed0054fa 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MustContainResponseHeaders.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MustContainResponseHeaders.yaml @@ -27,6 +27,9 @@ info: - "https://www.invicti.com/white-papers/whitepaper-http-security-headers" cwe: - CWE-16 + cve: + - CVE-2022-41915 + - CVE-2022-37436 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxConfig.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxConfig.yaml index da91b0e985..e21dcd1a12 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxConfig.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxConfig.yaml @@ -15,6 +15,9 @@ info: - https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/nginx cwe: - CWE-16 + cve: + - CVE-2020-11959 + api_selection_filters: response_code: gte: 200 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxDefaultPageEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxDefaultPageEnabled.yaml index 2b8fa9dda7..eb77c5d518 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxDefaultPageEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxDefaultPageEnabled.yaml @@ -25,6 +25,8 @@ info: - "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/" cwe: - CWE-16 + cve: + - CVE-2013-0337 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxServerVersionDisclosed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxServerVersionDisclosed.yaml index 091587cc83..5b74383440 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxServerVersionDisclosed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxServerVersionDisclosed.yaml @@ -25,6 +25,8 @@ info: - "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/" cwe: - CWE-16 + cve: + - CVE-2017-7529 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxStatusVisible.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxStatusVisible.yaml index d677bb3ef2..dd0fed34dd 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxStatusVisible.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxStatusVisible.yaml @@ -21,6 +21,9 @@ info: - "https://www.acunetix.com/vulnerabilities/web/unrestricted-access-to-nginx-status-module/" cwe: - CWE-16 + cve: + - CVE-2022-41741 + - CVE-2019-20372 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NoAuth.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NoAuth.yaml index 75b42bb581..6113f17848 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NoAuth.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NoAuth.yaml @@ -25,6 +25,8 @@ info: - "https://cwe.mitre.org/data/definitions/798.html" cwe: - CWE-287 + cve: + - CVE-2023-22501 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OldApiVersion.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OldApiVersion.yaml index 80e32349ae..9ba59b1f5e 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OldApiVersion.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OldApiVersion.yaml @@ -31,6 +31,8 @@ info: - "https://cwe.mitre.org/data/definitions/639.html" cwe: - CWE-937 + cve: + - CVE-2022-31690 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OpenRedirect.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OpenRedirect.yaml index 092a8e82a7..e1d4efb795 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OpenRedirect.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OpenRedirect.yaml @@ -22,6 +22,9 @@ info: cwe: - CWE-601 - CWE-610 + cve: + - CVE-2023-45909 + - CVE-2022-46683 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OpenRedirectHostHeaderInjection.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OpenRedirectHostHeaderInjection.yaml index f12ffacdce..d4b8845069 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OpenRedirectHostHeaderInjection.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OpenRedirectHostHeaderInjection.yaml @@ -23,6 +23,9 @@ info: cwe: - CWE-601 - CWE-610 + cve: + - CVE-2023-24044 + - CVE-2022-23237 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OpenRedirectInPath.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OpenRedirectInPath.yaml index a8ce69e654..8462021cc3 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OpenRedirectInPath.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OpenRedirectInPath.yaml @@ -23,6 +23,8 @@ info: cwe: - CWE-601 - CWE-610 + cve: + - CVE-2021-28861 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OpenRedirectSubdomainWhitelist.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OpenRedirectSubdomainWhitelist.yaml index 6d78794976..1b45b317e1 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OpenRedirectSubdomainWhitelist.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OpenRedirectSubdomainWhitelist.yaml @@ -22,6 +22,8 @@ info: cwe: - CWE-601 - CWE-610 + cve: + - CVE-2021-21291 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OracleEbsCredentials.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OracleEbsCredentials.yaml index 5e745731b6..2069d4b060 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OracleEbsCredentials.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OracleEbsCredentials.yaml @@ -17,6 +17,9 @@ info: - http://www.davidlitchfield.com/AssessingOraclee-BusinessSuite11i.pdf cwe: - CWE-16 + cve: + - CVE-2023-21849 + - CVE-2023-21847 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/PageDos.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/PageDos.yaml index b8d2056f42..86bff2a6f8 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/PageDos.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/PageDos.yaml @@ -18,6 +18,9 @@ info: - "https://github.com/OWASP/API-Security/blob/master/2019/en/src/0xa4-lack-of-resources-and-rate-limiting.md#scenario-2" cwe: - CWE-400 + cve: + - CVE-2023-4647 + - CVE-2023-38254 api_selection_filters: query_param: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ParameterPollution.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ParameterPollution.yaml index 3161cae808..cf54b230ad 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ParameterPollution.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ParameterPollution.yaml @@ -26,6 +26,8 @@ info: cwe: - CWE-88 - CWE-235 + cve: + - CVE-2019-13143 auth: authenticated: true diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ParametersConfig.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ParametersConfig.yaml index c4566038bd..e3ebe87fa6 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ParametersConfig.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ParametersConfig.yaml @@ -14,7 +14,9 @@ info: references: - https://www.exploit-db.com/ghdb/5986 cwe: - - CWE-16 + - CWE-16 + cve: + - CVE-2015-4050 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/PortScanningViaSSRF.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/PortScanningViaSSRF.yaml index 4ddb1c5089..306af484a2 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/PortScanningViaSSRF.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/PortScanningViaSSRF.yaml @@ -26,6 +26,9 @@ info: - "https://www.cobalt.io/blog/from-ssrf-to-port-scanner" cwe: - CWE-918 + cve: + - CVE-2023-26492 + - CVE-2023-45152 api_selection_filters: or: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RailsDebugModeEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RailsDebugModeEnabled.yaml index 02fd7cc3a4..75f5c58659 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RailsDebugModeEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RailsDebugModeEnabled.yaml @@ -28,6 +28,8 @@ info: - "https://beaglesecurity.com/blog/vulnerability/rails-debug-mode-enabled.html" cwe: - CWE-16 + cve: + - CVE-2019-5420 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RailsDefaultHomepageEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RailsDefaultHomepageEnabled.yaml index 4ec1071c36..a41904b6ec 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RailsDefaultHomepageEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RailsDefaultHomepageEnabled.yaml @@ -26,6 +26,8 @@ info: - "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/" cwe: - CWE-16 + cve: + - CVE-2019-5418 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RandomMethodTest.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RandomMethodTest.yaml index 2a8afab483..dac0785014 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RandomMethodTest.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RandomMethodTest.yaml @@ -32,6 +32,9 @@ info: - "https://capec.mitre.org/data/definitions/274.html" cwe: - CWE-274 + cve: + - CVE-2020-35239 + - CVE-2018-19908 auth: authenticated: true diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RedisConfig.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RedisConfig.yaml index 5868ac47a5..6a1f1f4622 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RedisConfig.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RedisConfig.yaml @@ -15,6 +15,9 @@ info: - https://redis.io/docs/manual/config/ cwe: - CWE-16 + cve: + - CVE-2023-36824 + - CVE-2022-0543 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RemoveCSRF.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RemoveCSRF.yaml index 97f9b57df2..a0ffdf40f6 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RemoveCSRF.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RemoveCSRF.yaml @@ -24,6 +24,9 @@ info: - "https://owasp.org/www-community/attacks/csrf" cwe: - CWE-352 + cve: + - CVE-2023-41942 + - CVE-2022-26180 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RemoveCaptcha.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RemoveCaptcha.yaml index 450327e5e5..183b24f433 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RemoveCaptcha.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RemoveCaptcha.yaml @@ -20,6 +20,8 @@ info: - "https://hackerone.com/reports/124173" cwe: - CWE-287 + cve: + - CVE-2021-37417 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ReplaceCSRF.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ReplaceCSRF.yaml index 2cd8ea832d..9c8319f5b6 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ReplaceCSRF.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ReplaceCSRF.yaml @@ -24,6 +24,9 @@ info: - "https://owasp.org/www-community/attacks/csrf" cwe: - CWE-352 + cve: + - CVE-2023-27495 + - CVE-2020-27379 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ReplayCaptcha.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ReplayCaptcha.yaml index f4afe86fe9..acdf9e7d5d 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ReplayCaptcha.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ReplayCaptcha.yaml @@ -19,6 +19,9 @@ info: - "https://hackerone.com/reports/223324" cwe: - CWE-287 + cve: + - CVE-2021-29047 + - CVE-2022-34983 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RobomongoCredential.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RobomongoCredential.yaml index 3d955a989b..64167c378d 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RobomongoCredential.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RobomongoCredential.yaml @@ -15,6 +15,9 @@ info: - https://web.cystack.net/vulnerability/cystack.remote.robomongo_cred_disclosure cwe: - CWE-16 + cve: + - CVE-2023-4009 + - CVE-2021-32039 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnAWSMetaEndpointAbusingEnclosedAlphanumerics.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnAWSMetaEndpointAbusingEnclosedAlphanumerics.yaml index 89fd3b91ec..49bdc2df25 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnAWSMetaEndpointAbusingEnclosedAlphanumerics.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnAWSMetaEndpointAbusingEnclosedAlphanumerics.yaml @@ -26,6 +26,9 @@ info: - "https://github.com/cujanovic/SSRF-Testing/tree/master#abusing-enclosed-alphanumerics" cwe: - CWE-918 + cve: + - CVE-2022-4725 + api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnAwsMetaEndpoint.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnAwsMetaEndpoint.yaml index 6b655bc3f3..b4038debbc 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnAwsMetaEndpoint.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnAwsMetaEndpoint.yaml @@ -25,6 +25,8 @@ info: - "https://www.akto.io/blog/how-to-prevent-server-side-request-forgery-ssrf-as-a-developer" cwe: - CWE-918 + cve: + - CVE-2022-4725 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnCSVUpload.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnCSVUpload.yaml index 27226df45b..63de15e456 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnCSVUpload.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnCSVUpload.yaml @@ -25,6 +25,8 @@ info: - "https://www.akto.io/blog/how-to-prevent-server-side-request-forgery-ssrf-as-a-developer" cwe: - CWE-918 + cve: + - CVE-2022-4725 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnFiles.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnFiles.yaml index 709bc47073..10e0de40bc 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnFiles.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnFiles.yaml @@ -25,6 +25,9 @@ info: - "https://www.akto.io/blog/how-to-prevent-server-side-request-forgery-ssrf-as-a-developer" cwe: - CWE-918 + cve: + - CVE-2022-4725 + api_selection_filters: response_code: and: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnImageUpload.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnImageUpload.yaml index 7943232a78..4322b045e1 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnImageUpload.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnImageUpload.yaml @@ -25,6 +25,8 @@ info: - "https://www.akto.io/blog/how-to-prevent-server-side-request-forgery-ssrf-as-a-developer" cwe: - CWE-918 + cve: + - CVE-2022-4725 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnLocalhost.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnLocalhost.yaml index 1d3c737d98..812ab62eea 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnLocalhost.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnLocalhost.yaml @@ -22,6 +22,8 @@ info: - HackerOne top 10 cwe: - CWE-918 + cve: + - CVE-2022-4725 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnLocalhostDNSPinning.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnLocalhostDNSPinning.yaml index 934437cd91..0837444872 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnLocalhostDNSPinning.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnLocalhostDNSPinning.yaml @@ -22,6 +22,8 @@ info: - HackerOne top 10 cwe: - CWE-918 + cve: + - CVE-2022-4725 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnLocalhostEncoded.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnLocalhostEncoded.yaml index e3c94d0364..19d5d1cff1 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnLocalhostEncoded.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnLocalhostEncoded.yaml @@ -22,6 +22,8 @@ info: - HackerOne top 10 cwe: - CWE-918 + cve: + - CVE-2022-4725 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnPDFUpload.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnPDFUpload.yaml index 84d17a024a..3063953dd3 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnPDFUpload.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnPDFUpload.yaml @@ -24,6 +24,8 @@ info: - "https://github.com/cujanovic/SSRF-Testing#htaccess---redirect-test-for-various-cases" cwe: - CWE-918 + cve: + - CVE-2022-4725 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnXMLUpload.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnXMLUpload.yaml index c7e26f5203..bbe1af070c 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnXMLUpload.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSRFOnXMLUpload.yaml @@ -24,6 +24,8 @@ info: - "https://github.com/cujanovic/SSRF-Testing#htaccess---redirect-test-for-various-cases" cwe: - CWE-918 + cve: + - CVE-2022-4725 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInFlaskAndJinja.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInFlaskAndJinja.yaml index 69bc89ace8..fbc58cf132 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInFlaskAndJinja.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInFlaskAndJinja.yaml @@ -20,6 +20,9 @@ info: - "https://www.cobalt.io/blog/a-pentesters-guide-to-server-side-template-injection-ssti" cwe: - CWE-1336 + cve: + - CVE-2019-8341 + - CVE-2022-34625 api_selection_filters: or: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInFreemarker.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInFreemarker.yaml index 7d8ccc4d57..c8f41b8172 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInFreemarker.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInFreemarker.yaml @@ -20,6 +20,9 @@ info: - "https://www.cobalt.io/blog/a-pentesters-guide-to-server-side-template-injection-ssti" cwe: - CWE-1336 + cve: + - CVE-2022-24442 + - CVE-2021-25770 api_selection_filters: or: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInTwig.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInTwig.yaml index 4573505a1b..dfcb50119b 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInTwig.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInTwig.yaml @@ -20,6 +20,9 @@ info: - "https://www.cobalt.io/blog/a-pentesters-guide-to-server-side-template-injection-ssti" cwe: - CWE-1336 + cve: + - CVE-2018-13818 + - CVE-2023-34448 api_selection_filters: or: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ServerPrivateKeys.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ServerPrivateKeys.yaml index 2be014f277..b1c8b6827d 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ServerPrivateKeys.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ServerPrivateKeys.yaml @@ -17,6 +17,9 @@ info: cwe: - CWE-200 - CWE-213 + cve: + - CVE-2022-22424 + - CVE-2022-23529 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ServerVersionExposedInvalid.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ServerVersionExposedInvalid.yaml index 6adbdcd8ca..471d8d0301 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ServerVersionExposedInvalid.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ServerVersionExposedInvalid.yaml @@ -29,6 +29,8 @@ info: - "https://github.com/ASRG/asrg.io/issues/200" cwe: - CWE-209 + cve: + - CVE-2017-4013 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ServerVersionExposedValid.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ServerVersionExposedValid.yaml index 737ec96be8..4bbe28838c 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ServerVersionExposedValid.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ServerVersionExposedValid.yaml @@ -29,6 +29,8 @@ info: - "https://github.com/ASRG/asrg.io/issues/200" cwe: - CWE-209 + cve: + - CVE-2020-14183 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SessionFixation.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SessionFixation.yaml index 1c83c15049..9b9d3f7fd6 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SessionFixation.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SessionFixation.yaml @@ -20,6 +20,9 @@ info: - "https://hackerone.com/reports/2421" cwe: - CWE-384 + cve: + - CVE-2021-35046 + - CVE-2021-46279 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SftpConfigExposure.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SftpConfigExposure.yaml index d0c5a85bdb..cb642d621b 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SftpConfigExposure.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SftpConfigExposure.yaml @@ -17,6 +17,8 @@ info: - https://codexns.io/products/sftp_for_sublime/settings cwe: - CWE-16 + cve: + - CVE-2023-38951 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SonarqubePublicProjects.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SonarqubePublicProjects.yaml index 38f9d8ddeb..2eb0325c6f 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SonarqubePublicProjects.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SonarqubePublicProjects.yaml @@ -15,6 +15,8 @@ info: - https://next.sonarqube.com/sonarqube/web_api/api/components/suggestions?internal=true cwe: - CWE-16 + cve: + - CVE-2020-28002 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootBeansActuatorExposed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootBeansActuatorExposed.yaml index af35ea43fc..7b8806bab7 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootBeansActuatorExposed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootBeansActuatorExposed.yaml @@ -26,6 +26,9 @@ info: - "https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html" cwe: - CWE-16 + cve: + - CVE-2021-21234 + - CVE-2023-29986 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootConfigPropsActuatorExposed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootConfigPropsActuatorExposed.yaml index 678f7dbba6..75c2738e4f 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootConfigPropsActuatorExposed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootConfigPropsActuatorExposed.yaml @@ -27,6 +27,9 @@ info: - "https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html" cwe: - CWE-16 + cve: + - CVE-2021-21234 + - CVE-2023-29986 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootEnvActuatorExposed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootEnvActuatorExposed.yaml index 2643e78618..e4f1a294b3 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootEnvActuatorExposed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootEnvActuatorExposed.yaml @@ -27,6 +27,9 @@ info: - "https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html" cwe: - CWE-16 + cve: + - CVE-2021-21234 + - CVE-2023-29986 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootHttpTraceActuatorExposed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootHttpTraceActuatorExposed.yaml index 82338fef0d..ed52f8f0c5 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootHttpTraceActuatorExposed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootHttpTraceActuatorExposed.yaml @@ -28,6 +28,9 @@ info: - "https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html" cwe: - CWE-16 + cve: + - CVE-2021-21234 + - CVE-2023-29986 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootThreadDumpActuatorExposed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootThreadDumpActuatorExposed.yaml index 50637c1e45..818d678830 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootThreadDumpActuatorExposed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootThreadDumpActuatorExposed.yaml @@ -28,6 +28,9 @@ info: - "https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html" cwe: - CWE-16 + cve: + - CVE-2021-21234 + - CVE-2023-29986 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SshAuthorizedKeys.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SshAuthorizedKeys.yaml index c0d924b75e..eadd66d43d 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SshAuthorizedKeys.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SshAuthorizedKeys.yaml @@ -15,6 +15,9 @@ info: - https://www.ssh.com/academy/ssh/authorized-key cwe: - CWE-16 + cve: + - CVE-2023-43619 + - CVE-2022-29154 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SshKnownHosts.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SshKnownHosts.yaml index 5aaf20232d..d06786477e 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SshKnownHosts.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SshKnownHosts.yaml @@ -15,6 +15,8 @@ info: - https://datacadamia.com/ssh/known_hosts cwe: - CWE-16 + cve: + - CVE-2005-2666 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TextInjectionViaInvalidUrls.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TextInjectionViaInvalidUrls.yaml index 57c6af53d6..6f74771242 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TextInjectionViaInvalidUrls.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TextInjectionViaInvalidUrls.yaml @@ -21,6 +21,9 @@ info: - "https://infosecwriteups.com/text-based-injection-content-spoofing-96e9eb1615d8" cwe: - CWE-345 + cve: + - CVE-2019-1680 + - CVE-2022-42889 api_selection_filters: url: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TraceMethodTest.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TraceMethodTest.yaml index c7c4232331..adb974a3d9 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TraceMethodTest.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TraceMethodTest.yaml @@ -24,6 +24,9 @@ info: - "https://hackerone.com/reports/109054" cwe: - CWE-274 + cve: + - CVE-2022-38115 + - CVE-2018-11039 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TrackMethodTest.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TrackMethodTest.yaml index f9cd534767..dca25972d9 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TrackMethodTest.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TrackMethodTest.yaml @@ -24,6 +24,8 @@ info: - "https://hackerone.com/reports/83837" cwe: - CWE-274 + cve: + - CVE-2021-35233 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/UnauthenticatedMongoExpress.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/UnauthenticatedMongoExpress.yaml index 01fc128cd6..0edfc7fa38 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/UnauthenticatedMongoExpress.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/UnauthenticatedMongoExpress.yaml @@ -15,6 +15,9 @@ info: - https://www.exploit-db.com/ghdb/5684 cwe: - CWE-16 + cve: + - CVE-2020-7925 + - CVE-2021-21422 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/UnwantedResponseHeaders.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/UnwantedResponseHeaders.yaml index 32e8b52221..ea2d32027e 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/UnwantedResponseHeaders.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/UnwantedResponseHeaders.yaml @@ -24,6 +24,10 @@ info: - "https://blog.yeswehack.com/yeswerhackers/http-header-exploitation/" cwe: - CWE-16 + cve: + - CVE-2022-3215 + - CVE-2020-5247 + - CVE-2023-38039 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/WpconfigAwsKeys.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/WpconfigAwsKeys.yaml index fcbdf82ce5..1f14cc36bb 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/WpconfigAwsKeys.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/WpconfigAwsKeys.yaml @@ -16,6 +16,9 @@ info: cwe: - CWE-200 - CWE-213 + cve: + - CVE-2022-31159 + - CVE-2022-2582 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/XSSInPath.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/XSSInPath.yaml index d32f81632a..e372adbb87 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/XSSInPath.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/XSSInPath.yaml @@ -21,6 +21,8 @@ info: - "https://www.codegrazer.com/blog/7-reflected-xss.html" cwe: - CWE-79 + cve: + - CVE-2021-35976 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/XSSViaFilename.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/XSSViaFilename.yaml index 810472147c..d93b8c5128 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/XSSViaFilename.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/XSSViaFilename.yaml @@ -21,6 +21,9 @@ info: - "https://infosecwriteups.com/all-about-file-upload-xss-c72c797aaba3" cwe: - CWE-79 + cve: + - CVE-2023-43309 + - CVE-2021-38143 api_selection_filters: and: From c5848b9f9c5b3e85a49da6888decf000f46dbbee Mon Sep 17 00:00:00 2001 From: arjun Date: Thu, 26 Oct 2023 13:43:39 +0530 Subject: [PATCH 3/3] CWEs updated --- .../inbuilt_test_yaml_files/AbusingCRLFInHeaders.yaml | 1 + .../CORSMisconfigurationInvalidOrigin.yaml | 2 +- .../CORSMisconfigurationWhitelistOrigin.yaml | 2 +- .../inbuilt_test_yaml_files/ConfigurationListing.yaml | 2 +- .../inbuilt_test_yaml_files/ContentTypeHeaderMissing.yaml | 3 ++- .../inbuilt_test_yaml_files/CookieMisconfiguration.yaml | 4 +++- .../main/resources/inbuilt_test_yaml_files/DebugVars.yaml | 3 ++- .../inbuilt_test_yaml_files/DefaultLoginCredentials.yml | 1 + .../DescriptiveErrorMessageInvalidPayloads.yaml | 1 + .../resources/inbuilt_test_yaml_files/DjangoUrlExposed.yaml | 3 ++- .../inbuilt_test_yaml_files/DockerComposeConfig.yaml | 3 +++ .../inbuilt_test_yaml_files/DockerfileHiddenDisclosure.yaml | 2 ++ .../resources/inbuilt_test_yaml_files/EsmtprcConfig.yaml | 2 ++ .../inbuilt_test_yaml_files/ExpressStackTraceEnabled.yaml | 2 +- .../inbuilt_test_yaml_files/FirebaseConfigExposure.yaml | 1 + .../inbuilt_test_yaml_files/FirebaseUnauthenticated.yaml | 1 + .../inbuilt_test_yaml_files/FlaskDebugModeEnabled.yaml | 2 ++ .../inbuilt_test_yaml_files/FtpCredentialsExposure.yaml | 2 +- .../inbuilt_test_yaml_files/GitConfigNginxoffbyslash.yaml | 2 +- .../inbuilt_test_yaml_files/GitCredentialsDisclosure.yaml | 3 +-- .../inbuilt_test_yaml_files/GithubWorkflowsDisclosure.yaml | 1 + .../inbuilt_test_yaml_files/GraphqlDebugModeEnabled.yaml | 1 + .../GraphqlDevelopmentConsoleExposed.yaml | 1 + .../GraphqlFieldSuggestionEnabled.yaml | 1 + .../inbuilt_test_yaml_files/GraphqlIntrospectionEnabled.yaml | 1 + .../GraphqlTypeIntrospectionAllowed.yaml | 1 + .../resources/inbuilt_test_yaml_files/HeadMethodTest.yaml | 2 +- .../inbuilt_test_yaml_files/HeaderReflectedInInvalidUrl.yaml | 1 + .../inbuilt_test_yaml_files/HttpResponseSplitting.yaml | 1 + .../resources/inbuilt_test_yaml_files/InvalidFileInput.yaml | 5 +++-- .../inbuilt_test_yaml_files/JWTSigningInClientSide.yaml | 1 + .../main/resources/inbuilt_test_yaml_files/JwtAddJku.yaml | 1 + .../inbuilt_test_yaml_files/JwtInvalidSignature.yaml | 1 + .../main/resources/inbuilt_test_yaml_files/JwtNoneAlgo.yaml | 1 + .../inbuilt_test_yaml_files/KernelOpenCommandInjection.yaml | 2 +- .../KubernetesKustomizationDisclosure.yaml | 1 + .../resources/inbuilt_test_yaml_files/LFIAddingNewParam.yaml | 1 + .../resources/inbuilt_test_yaml_files/LFIInParameter.yaml | 1 + .../main/resources/inbuilt_test_yaml_files/LFIInPath.yaml | 1 + .../inbuilt_test_yaml_files/LaravelDebugModeEnabled.yaml | 2 +- .../main/resources/inbuilt_test_yaml_files/LaravelEnv.yaml | 1 + .../inbuilt_test_yaml_files/LaravelTelescopeEnabled.yaml | 1 + .../inbuilt_test_yaml_files/MustContainResponseHeaders.yaml | 2 +- .../main/resources/inbuilt_test_yaml_files/NginxConfig.yaml | 1 + .../inbuilt_test_yaml_files/NginxDefaultPageEnabled.yaml | 1 + .../inbuilt_test_yaml_files/NginxServerVersionDisclosed.yaml | 1 + .../inbuilt_test_yaml_files/NginxStatusVisible.yaml | 1 + .../src/main/resources/inbuilt_test_yaml_files/NoAuth.yaml | 1 + .../resources/inbuilt_test_yaml_files/OldApiVersion.yaml | 2 ++ .../inbuilt_test_yaml_files/OracleEbsCredentials.yaml | 1 + .../resources/inbuilt_test_yaml_files/ParametersConfig.yaml | 1 + .../resources/inbuilt_test_yaml_files/PrometheusMetrics.yaml | 1 + .../inbuilt_test_yaml_files/RailsDebugModeEnabled.yaml | 2 +- .../inbuilt_test_yaml_files/RailsDefaultHomepageEnabled.yaml | 1 + .../resources/inbuilt_test_yaml_files/RandomMethodTest.yaml | 4 +++- .../main/resources/inbuilt_test_yaml_files/RedisConfig.yaml | 1 + .../resources/inbuilt_test_yaml_files/RemoveCaptcha.yaml | 1 + .../resources/inbuilt_test_yaml_files/ReplayCaptcha.yaml | 1 + .../inbuilt_test_yaml_files/RobomongoCredential.yaml | 1 + .../inbuilt_test_yaml_files/SSTIInFlaskAndJinja.yaml | 1 + .../resources/inbuilt_test_yaml_files/SSTIInFreemarker.yaml | 1 + .../main/resources/inbuilt_test_yaml_files/SSTIInTwig.yaml | 1 + .../inbuilt_test_yaml_files/SftpConfigExposure.yaml | 1 + .../inbuilt_test_yaml_files/SonarqubePublicProjects.yaml | 1 + .../SpringBootBeansActuatorExposed.yaml | 1 + .../SpringBootConfigPropsActuatorExposed.yaml | 1 + .../SpringBootEnvActuatorExposed.yaml | 1 + .../SpringBootHttpTraceActuatorExposed.yaml | 1 + .../SpringBootThreadDumpActuatorExposed.yaml | 1 + .../resources/inbuilt_test_yaml_files/SshAuthorizedKeys.yaml | 1 + .../resources/inbuilt_test_yaml_files/SshKnownHosts.yaml | 1 + .../inbuilt_test_yaml_files/StrutsDebugModeEnabled.yaml | 2 +- .../inbuilt_test_yaml_files/StrutsOgnlConsoleEnabled.yaml | 2 +- .../inbuilt_test_yaml_files/TextInjectionViaInvalidUrls.yaml | 2 +- .../resources/inbuilt_test_yaml_files/TraceMethodTest.yaml | 2 +- .../resources/inbuilt_test_yaml_files/TrackMethodTest.yaml | 2 +- .../inbuilt_test_yaml_files/UnauthenticatedMongoExpress.yaml | 2 +- .../inbuilt_test_yaml_files/UnwantedResponseHeaders.yaml | 1 + .../main/resources/inbuilt_test_yaml_files/WgetrcConfig.yaml | 1 + 79 files changed, 94 insertions(+), 26 deletions(-) diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AbusingCRLFInHeaders.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AbusingCRLFInHeaders.yaml index 56b0339ab7..bf32b55e8b 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AbusingCRLFInHeaders.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AbusingCRLFInHeaders.yaml @@ -24,6 +24,7 @@ info: - CWE-93 - CWE-74 - CWE-20 + - CWE-113 cve: - CVE-2020-15693 - CVE-2023-0040 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationInvalidOrigin.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationInvalidOrigin.yaml index 2377296956..e6a16b1d13 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationInvalidOrigin.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationInvalidOrigin.yaml @@ -23,7 +23,7 @@ info: references: - "https://crashtest-security.com/cors-misconfiguration/" cwe: - - CWE-16 + - CWE-942 cve: - CVE-2021-27786 - CVE-2021-26991 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationWhitelistOrigin.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationWhitelistOrigin.yaml index 02cb20967e..3c58e06899 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationWhitelistOrigin.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationWhitelistOrigin.yaml @@ -22,7 +22,7 @@ info: references: - "https://crashtest-security.com/cors-misconfiguration/" cwe: - - CWE-16 + - CWE-942 cve: - CVE-2021-27786 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigurationListing.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigurationListing.yaml index 09e15f96f3..9cbb14d6e6 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigurationListing.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigurationListing.yaml @@ -14,7 +14,7 @@ info: references: - https://www.exploit-db.com/ghdb/7014 cwe: - - CWE-16 + - CWE-548 cve: - CVE-2021-1126 - CVE-2021-33214 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ContentTypeHeaderMissing.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ContentTypeHeaderMissing.yaml index fd41930845..0722e92dde 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ContentTypeHeaderMissing.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ContentTypeHeaderMissing.yaml @@ -27,7 +27,8 @@ info: - "https://cwe.mitre.org/data/definitions/285.html" - "https://cwe.mitre.org/data/definitions/639.html" cwe: - - CWE-16 + - CWE-116 + - CWE-430 cve: - CVE-2023-38199 - CVE-2023-26130 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CookieMisconfiguration.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CookieMisconfiguration.yaml index 0c6e5f174f..ca79c25db7 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CookieMisconfiguration.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CookieMisconfiguration.yaml @@ -18,7 +18,9 @@ info: references: - "https://hackerone.com/reports/58679" cwe: - - CWE-16 + - CWE-614 + - CWE-1004 + - CWE-315 cve: - CVE-2023-4654 - CVE-2023-28708 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DebugVars.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DebugVars.yaml index cc67c0ac8d..e4767aef0c 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DebugVars.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DebugVars.yaml @@ -14,7 +14,8 @@ info: references: - https://hackerone.com/reports/1650035 cwe: - - CWE-16 + - CWE-200 + - CWE-538 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DefaultLoginCredentials.yml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DefaultLoginCredentials.yml index a75a9a6f60..17607acae1 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DefaultLoginCredentials.yml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DefaultLoginCredentials.yml @@ -25,6 +25,7 @@ info: - "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/" cwe: - CWE-1392 + - CWE-521 cve: - CVE-2023-41878 - CVE-2023-37755 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DescriptiveErrorMessageInvalidPayloads.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DescriptiveErrorMessageInvalidPayloads.yaml index f064b69244..7afe67d964 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DescriptiveErrorMessageInvalidPayloads.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DescriptiveErrorMessageInvalidPayloads.yaml @@ -20,6 +20,7 @@ info: - "https://owasp.org/www-community/Improper_Error_Handling" cwe: - CWE-209 + - CWE-200 cve: - CVE-2020-11883 - CVE-2020-15652 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DjangoUrlExposed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DjangoUrlExposed.yaml index db5a84fd34..cf30a49b35 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DjangoUrlExposed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DjangoUrlExposed.yaml @@ -23,7 +23,8 @@ info: - "https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling" - "https://hackerone.com/reports/1033423" cwe: - - CWE-16 + - CWE-215 + - CWE-489 cve: - CVE-2017-12794 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DockerComposeConfig.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DockerComposeConfig.yaml index 7afe668612..a021855cfa 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DockerComposeConfig.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DockerComposeConfig.yaml @@ -16,6 +16,9 @@ info: - https://secapps.com/vulndb/docker-compose-exposure cwe: - CWE-16 + - CWE-530 + - CWE-538 + - CWE-552 cve: - CVE-2023-37273 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DockerfileHiddenDisclosure.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DockerfileHiddenDisclosure.yaml index a6bdbc0e10..bb490ff207 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DockerfileHiddenDisclosure.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DockerfileHiddenDisclosure.yaml @@ -15,6 +15,8 @@ info: - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/dockerfile-hidden-disclosure.json cwe: - CWE-16 + - CWE-200 + - CWE-552 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/EsmtprcConfig.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/EsmtprcConfig.yaml index 21fd976a6c..86cd33c67b 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/EsmtprcConfig.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/EsmtprcConfig.yaml @@ -15,6 +15,8 @@ info: - https://linux.die.net/man/5/esmtprc cwe: - CWE-16 + - CWE-200 + - CWE-538 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ExpressStackTraceEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ExpressStackTraceEnabled.yaml index ec95bc0c35..8060c8302a 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ExpressStackTraceEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ExpressStackTraceEnabled.yaml @@ -23,7 +23,7 @@ info: references: - "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/" cwe: - - CWE-16 + - CWE-209 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseConfigExposure.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseConfigExposure.yaml index bcaa80650b..30fb6626e0 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseConfigExposure.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseConfigExposure.yaml @@ -15,6 +15,7 @@ info: - https://github.com/firebase/firebaseui-web/blob/master/demo/public/sample-config.js cwe: - CWE-16 + - CWE-200 cve: - CVE-2020-7765 - CVE-2021-46743 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseUnauthenticated.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseUnauthenticated.yaml index fbf37552bb..387ffdbb80 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseUnauthenticated.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseUnauthenticated.yaml @@ -20,6 +20,7 @@ info: - "http://ghostlulz.com/google-exposed-firebase-database/" cwe: - CWE-16 + - CWE-200 cve: - CVE-2020-7765 - CVE-2021-46743 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FlaskDebugModeEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FlaskDebugModeEnabled.yaml index 285d58af44..590ad92a81 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FlaskDebugModeEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FlaskDebugModeEnabled.yaml @@ -28,6 +28,8 @@ info: - "http://ghostlulz.com/flask-rce-debug-mode/" cwe: - CWE-16 + - CWE-11 + - CWE-215 cve: - CVE-2015-5306 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FtpCredentialsExposure.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FtpCredentialsExposure.yaml index e114f36aa9..901c9e716b 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FtpCredentialsExposure.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FtpCredentialsExposure.yaml @@ -15,7 +15,7 @@ info: - https://www.acunetix.com/vulnerabilities/web/sftp-ftp-credentials-exposure/ cwe: - CWE-200 - - CWE-213 + - CWE-256 cve: - CVE-2023-2061 - CVE-2018-18371 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitConfigNginxoffbyslash.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitConfigNginxoffbyslash.yaml index ef332fd62a..26c522f294 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitConfigNginxoffbyslash.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitConfigNginxoffbyslash.yaml @@ -16,7 +16,7 @@ info: - https://twitter.com/Random_Robbie/status/1262676628167110656 - https://github.com/PortSwigger/nginx-alias-traversal/blob/master/off-by-slash.py cwe: - - CWE-16 + - CWE-22 cve: - CVE-2021-23017 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitCredentialsDisclosure.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitCredentialsDisclosure.yaml index 6fd0257c98..38096a241f 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitCredentialsDisclosure.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitCredentialsDisclosure.yaml @@ -14,8 +14,7 @@ info: references: - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/git-credentials-disclosure.json cwe: - - CWE-200 - - CWE-213 + - CWE-256 cve: - CVE-2020-5260 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GithubWorkflowsDisclosure.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GithubWorkflowsDisclosure.yaml index 5b631299d6..64a68292b4 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GithubWorkflowsDisclosure.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GithubWorkflowsDisclosure.yaml @@ -15,6 +15,7 @@ info: - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/github-workflows-disclosure.json cwe: - CWE-16 + - CWE-200 cve: - CVE-2023-34111 - CVE-2022-46258 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlDebugModeEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlDebugModeEnabled.yaml index e748048fe6..98fd23531d 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlDebugModeEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlDebugModeEnabled.yaml @@ -30,6 +30,7 @@ info: - "https://0xn3va.gitbook.io/cheat-sheets/web-application/graphql-vulnerabilities" cwe: - CWE-16 + - CWE-200 api_selection_filters: url: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlDevelopmentConsoleExposed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlDevelopmentConsoleExposed.yaml index 984608c6f9..6dbcaac1f3 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlDevelopmentConsoleExposed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlDevelopmentConsoleExposed.yaml @@ -27,6 +27,7 @@ info: - "https://0xn3va.gitbook.io/cheat-sheets/web-application/graphql-vulnerabilities" cwe: - CWE-16 + - CWE-200 cve: - CVE-2021-41248 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlFieldSuggestionEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlFieldSuggestionEnabled.yaml index 133d47d974..2b9062aea6 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlFieldSuggestionEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlFieldSuggestionEnabled.yaml @@ -24,6 +24,7 @@ info: - "https://0xn3va.gitbook.io/cheat-sheets/web-application/graphql-vulnerabilities" cwe: - CWE-16 + - CWE-200 cve: - CVE-2023-5192 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlIntrospectionEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlIntrospectionEnabled.yaml index b7a980263e..db2f73d23c 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlIntrospectionEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlIntrospectionEnabled.yaml @@ -26,6 +26,7 @@ info: - "https://www.apollographql.com/blog/graphql/security/why-you-should-disable-graphql-introspection-in-production/" cwe: - CWE-16 + - CWE-200 cve: - CVE-2023-5192 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlTypeIntrospectionAllowed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlTypeIntrospectionAllowed.yaml index f16f568795..a2c4af8af5 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlTypeIntrospectionAllowed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlTypeIntrospectionAllowed.yaml @@ -25,6 +25,7 @@ info: - "https://www.apollographql.com/blog/graphql/security/why-you-should-disable-graphql-introspection-in-production/" cwe: - CWE-16 + - CWE-200 cve: - CVE-2021-41248 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeadMethodTest.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeadMethodTest.yaml index edbec8cbcd..8933149431 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeadMethodTest.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeadMethodTest.yaml @@ -34,7 +34,7 @@ info: - "https://cwe.mitre.org/data/definitions/285.html" - "https://cwe.mitre.org/data/definitions/639.html" cwe: - - CWE-16 + - CWE-284 cve: - CVE-2022-45956 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeaderReflectedInInvalidUrl.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeaderReflectedInInvalidUrl.yaml index 7b9d5d51e0..5400750c95 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeaderReflectedInInvalidUrl.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeaderReflectedInInvalidUrl.yaml @@ -19,6 +19,7 @@ info: references: - "https://hackerone.com/reports/792998" cwe: + - CWE-113 - CWE-16 cve: - CVE-2022-37724 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HttpResponseSplitting.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HttpResponseSplitting.yaml index 1f452600ae..3dc90628f8 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HttpResponseSplitting.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HttpResponseSplitting.yaml @@ -21,6 +21,7 @@ info: - "https://www.invicti.com/blog/web-security/crlf-http-header/" cwe: - CWE-93 + - CWE-113 cve: - CVE-2023-41834 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/InvalidFileInput.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/InvalidFileInput.yaml index 479c8a77ef..7ae9d7befd 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/InvalidFileInput.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/InvalidFileInput.yaml @@ -25,8 +25,9 @@ info: - "https://owasp.org/www-community/Improper_Error_Handling" - "https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling" cwe: - - CWE-728 - - CWE-388 + - CWE-209 + - CWE-200 + - CWE-22 cve: - CVE-2020-10097 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JWTSigningInClientSide.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JWTSigningInClientSide.yaml index bbbe10562f..f8f57928b6 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JWTSigningInClientSide.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JWTSigningInClientSide.yaml @@ -20,6 +20,7 @@ info: - "https://hackerone.com/reports/638635" cwe: - CWE-287 + - CWE-347 api_selection_filters: response_payload: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtAddJku.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtAddJku.yaml index ab37b27a90..6baf07ec79 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtAddJku.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtAddJku.yaml @@ -29,6 +29,7 @@ info: - "https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-jku-header-injection" cwe: - CWE-287 + - CWE-295 cve: - CVE-2018-0114 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtInvalidSignature.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtInvalidSignature.yaml index dfdccf89c0..34b84d1979 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtInvalidSignature.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtInvalidSignature.yaml @@ -27,6 +27,7 @@ info: - "https://portswigger.net/kb/issues/00200900_jwt-signature-not-verified#:~:text=Description%3A%20JWT%20signature%20not%20verified&text=However%2C%20some%20servers%20fail%20to,privileges%20or%20impersonate%20other%20users." cwe: - CWE-287 + - CWE-295 cve: - CVE-2022-25898 - CVE-2021-29455 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtNoneAlgo.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtNoneAlgo.yaml index ac10724845..d090fdac57 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtNoneAlgo.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/JwtNoneAlgo.yaml @@ -26,6 +26,7 @@ info: - "https://portswigger.net/kb/issues/00200901_jwt-none-algorithm-supported" cwe: - CWE-287 + - CWE-347 cve: - CVE-2022-23540 - CVE-2015-9235 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/KernelOpenCommandInjection.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/KernelOpenCommandInjection.yaml index 9c749b3512..65ba614b1c 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/KernelOpenCommandInjection.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/KernelOpenCommandInjection.yaml @@ -18,7 +18,7 @@ info: - OWASP top 10 - HackerOne top 10 cwe: - - CWE-77 + - CWE-78 cve: - CVE-2021-31799 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/KubernetesKustomizationDisclosure.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/KubernetesKustomizationDisclosure.yaml index 7be9ec26b0..6e02efc49f 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/KubernetesKustomizationDisclosure.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/KubernetesKustomizationDisclosure.yaml @@ -15,6 +15,7 @@ info: - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/kubernetes-kustomization-disclosure.json cwe: - CWE-16 + - CWE-200 cve: - CVE-2021-41254 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIAddingNewParam.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIAddingNewParam.yaml index 507ec4b97c..c5a5a2cda9 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIAddingNewParam.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIAddingNewParam.yaml @@ -21,6 +21,7 @@ info: - "https://raw.githubusercontent.com/emadshanab/LFI-Payload-List/master/LFI%20payloads.txt" cwe: - CWE-98 + - CWE-22 cve: - CVE-2021-39433 - CVE-2023-22973 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIInParameter.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIInParameter.yaml index 22e10a4bcf..63d72761c7 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIInParameter.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIInParameter.yaml @@ -21,6 +21,7 @@ info: - "https://raw.githubusercontent.com/emadshanab/LFI-Payload-List/master/LFI%20payloads.txt" cwe: - CWE-98 + - CWE-22 cve: - CVE-2022-29597 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIInPath.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIInPath.yaml index 30d54cc9d0..c914a348c9 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIInPath.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LFIInPath.yaml @@ -21,6 +21,7 @@ info: - "https://raw.githubusercontent.com/emadshanab/LFI-Payload-List/master/LFI%20payloads.txt" cwe: - CWE-98 + - CWE-22 cve: - CVE-2023-2453 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelDebugModeEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelDebugModeEnabled.yaml index f20c4bbdf0..32412afb7e 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelDebugModeEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelDebugModeEnabled.yaml @@ -27,7 +27,7 @@ info: - "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/" - "https://laravel.com/docs/10.x/deployment#debug-mode" cwe: - - CWE-16 + - CWE-215 cve: - CVE-2021-3129 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelEnv.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelEnv.yaml index d855a79880..9008f9b9d8 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelEnv.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelEnv.yaml @@ -15,6 +15,7 @@ info: - https://laravel.com/docs/master/configuration#environment-configuration - https://stackoverflow.com/questions/38331397/how-to-protect-env-file-in-laravel cwe: + - CWE-200 - CWE-16 cve: - CVE-2017-16894 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelTelescopeEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelTelescopeEnabled.yaml index 0737c6cd0d..827fb2c2a3 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelTelescopeEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/LaravelTelescopeEnabled.yaml @@ -28,6 +28,7 @@ info: - "https://laravel.com/docs/10.x/telescope" cwe: - CWE-16 + - CWE-215 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MustContainResponseHeaders.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MustContainResponseHeaders.yaml index 18ed0054fa..6921fb9772 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MustContainResponseHeaders.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/MustContainResponseHeaders.yaml @@ -26,7 +26,7 @@ info: - "https://www.keycdn.com/blog/http-security-headers" - "https://www.invicti.com/white-papers/whitepaper-http-security-headers" cwe: - - CWE-16 + - CWE-693 cve: - CVE-2022-41915 - CVE-2022-37436 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxConfig.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxConfig.yaml index e21dcd1a12..e63cacaf7f 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxConfig.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxConfig.yaml @@ -15,6 +15,7 @@ info: - https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/nginx cwe: - CWE-16 + - CWE-200 cve: - CVE-2020-11959 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxDefaultPageEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxDefaultPageEnabled.yaml index eb77c5d518..d0cb1da8ba 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxDefaultPageEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxDefaultPageEnabled.yaml @@ -25,6 +25,7 @@ info: - "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/" cwe: - CWE-16 + - CWE-276 cve: - CVE-2013-0337 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxServerVersionDisclosed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxServerVersionDisclosed.yaml index 5b74383440..d4396e2651 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxServerVersionDisclosed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxServerVersionDisclosed.yaml @@ -25,6 +25,7 @@ info: - "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/" cwe: - CWE-16 + - CWE-200 cve: - CVE-2017-7529 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxStatusVisible.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxStatusVisible.yaml index dd0fed34dd..361990f884 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxStatusVisible.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NginxStatusVisible.yaml @@ -21,6 +21,7 @@ info: - "https://www.acunetix.com/vulnerabilities/web/unrestricted-access-to-nginx-status-module/" cwe: - CWE-16 + - CWE-200 cve: - CVE-2022-41741 - CVE-2019-20372 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NoAuth.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NoAuth.yaml index 6113f17848..2219c5ec2f 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NoAuth.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/NoAuth.yaml @@ -25,6 +25,7 @@ info: - "https://cwe.mitre.org/data/definitions/798.html" cwe: - CWE-287 + - CWE-306 cve: - CVE-2023-22501 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OldApiVersion.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OldApiVersion.yaml index 9ba59b1f5e..1576bbf077 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OldApiVersion.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OldApiVersion.yaml @@ -31,6 +31,8 @@ info: - "https://cwe.mitre.org/data/definitions/639.html" cwe: - CWE-937 + - CWE-285 + - CWE-862 cve: - CVE-2022-31690 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OracleEbsCredentials.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OracleEbsCredentials.yaml index 2069d4b060..412b5ad781 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OracleEbsCredentials.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/OracleEbsCredentials.yaml @@ -17,6 +17,7 @@ info: - http://www.davidlitchfield.com/AssessingOraclee-BusinessSuite11i.pdf cwe: - CWE-16 + - CWE-200 cve: - CVE-2023-21849 - CVE-2023-21847 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ParametersConfig.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ParametersConfig.yaml index e3ebe87fa6..0b1e982bf9 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ParametersConfig.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ParametersConfig.yaml @@ -15,6 +15,7 @@ info: - https://www.exploit-db.com/ghdb/5986 cwe: - CWE-16 + - CWE-200 cve: - CVE-2015-4050 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/PrometheusMetrics.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/PrometheusMetrics.yaml index aed63c6dcb..7723f706e8 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/PrometheusMetrics.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/PrometheusMetrics.yaml @@ -16,6 +16,7 @@ info: - https://hackerone.com/reports/1026196 cwe: - CWE-16 + - CWE-200 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RailsDebugModeEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RailsDebugModeEnabled.yaml index 75f5c58659..319bbce287 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RailsDebugModeEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RailsDebugModeEnabled.yaml @@ -27,7 +27,7 @@ info: - "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/" - "https://beaglesecurity.com/blog/vulnerability/rails-debug-mode-enabled.html" cwe: - - CWE-16 + - CWE-215 cve: - CVE-2019-5420 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RailsDefaultHomepageEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RailsDefaultHomepageEnabled.yaml index a41904b6ec..a2711c9ed6 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RailsDefaultHomepageEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RailsDefaultHomepageEnabled.yaml @@ -26,6 +26,7 @@ info: - "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/" cwe: - CWE-16 + - CWE-276 cve: - CVE-2019-5418 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RandomMethodTest.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RandomMethodTest.yaml index dac0785014..28cf733c70 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RandomMethodTest.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RandomMethodTest.yaml @@ -31,7 +31,9 @@ info: - "https://web.archive.org/web/20081116154150/http://www.aspectsecurity.com/documents/Bypassing_VBAAC_with_HTTP_Verb_Tampering.pdf" - "https://capec.mitre.org/data/definitions/274.html" cwe: - - CWE-274 + - CWE-288 + - CWE-287 + - CWE-285 cve: - CVE-2020-35239 - CVE-2018-19908 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RedisConfig.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RedisConfig.yaml index 6a1f1f4622..f16193e80c 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RedisConfig.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RedisConfig.yaml @@ -15,6 +15,7 @@ info: - https://redis.io/docs/manual/config/ cwe: - CWE-16 + - CWE-200 cve: - CVE-2023-36824 - CVE-2022-0543 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RemoveCaptcha.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RemoveCaptcha.yaml index 183b24f433..4db363a924 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RemoveCaptcha.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RemoveCaptcha.yaml @@ -20,6 +20,7 @@ info: - "https://hackerone.com/reports/124173" cwe: - CWE-287 + - CWE-294 cve: - CVE-2021-37417 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ReplayCaptcha.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ReplayCaptcha.yaml index acdf9e7d5d..b3e6a9cdd6 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ReplayCaptcha.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ReplayCaptcha.yaml @@ -19,6 +19,7 @@ info: - "https://hackerone.com/reports/223324" cwe: - CWE-287 + - CWE-294 cve: - CVE-2021-29047 - CVE-2022-34983 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RobomongoCredential.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RobomongoCredential.yaml index 64167c378d..b8372d90c6 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RobomongoCredential.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/RobomongoCredential.yaml @@ -15,6 +15,7 @@ info: - https://web.cystack.net/vulnerability/cystack.remote.robomongo_cred_disclosure cwe: - CWE-16 + - CWE-200 cve: - CVE-2023-4009 - CVE-2021-32039 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInFlaskAndJinja.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInFlaskAndJinja.yaml index fbc58cf132..bad31d4d8f 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInFlaskAndJinja.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInFlaskAndJinja.yaml @@ -20,6 +20,7 @@ info: - "https://www.cobalt.io/blog/a-pentesters-guide-to-server-side-template-injection-ssti" cwe: - CWE-1336 + - CWE-94 cve: - CVE-2019-8341 - CVE-2022-34625 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInFreemarker.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInFreemarker.yaml index c8f41b8172..0aa75b536e 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInFreemarker.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInFreemarker.yaml @@ -20,6 +20,7 @@ info: - "https://www.cobalt.io/blog/a-pentesters-guide-to-server-side-template-injection-ssti" cwe: - CWE-1336 + - CWE-94 cve: - CVE-2022-24442 - CVE-2021-25770 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInTwig.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInTwig.yaml index dfcb50119b..802acfeb1b 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInTwig.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SSTIInTwig.yaml @@ -20,6 +20,7 @@ info: - "https://www.cobalt.io/blog/a-pentesters-guide-to-server-side-template-injection-ssti" cwe: - CWE-1336 + - CWE-94 cve: - CVE-2018-13818 - CVE-2023-34448 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SftpConfigExposure.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SftpConfigExposure.yaml index cb642d621b..2d2468f313 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SftpConfigExposure.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SftpConfigExposure.yaml @@ -17,6 +17,7 @@ info: - https://codexns.io/products/sftp_for_sublime/settings cwe: - CWE-16 + - CWE-200 cve: - CVE-2023-38951 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SonarqubePublicProjects.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SonarqubePublicProjects.yaml index 2eb0325c6f..04e9d7a16b 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SonarqubePublicProjects.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SonarqubePublicProjects.yaml @@ -15,6 +15,7 @@ info: - https://next.sonarqube.com/sonarqube/web_api/api/components/suggestions?internal=true cwe: - CWE-16 + - CWE-200 cve: - CVE-2020-28002 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootBeansActuatorExposed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootBeansActuatorExposed.yaml index 7b8806bab7..5e90fb92ae 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootBeansActuatorExposed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootBeansActuatorExposed.yaml @@ -26,6 +26,7 @@ info: - "https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html" cwe: - CWE-16 + - CWE-200 cve: - CVE-2021-21234 - CVE-2023-29986 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootConfigPropsActuatorExposed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootConfigPropsActuatorExposed.yaml index 75c2738e4f..19017fff3a 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootConfigPropsActuatorExposed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootConfigPropsActuatorExposed.yaml @@ -27,6 +27,7 @@ info: - "https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html" cwe: - CWE-16 + - CWE-200 cve: - CVE-2021-21234 - CVE-2023-29986 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootEnvActuatorExposed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootEnvActuatorExposed.yaml index e4f1a294b3..a891493074 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootEnvActuatorExposed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootEnvActuatorExposed.yaml @@ -27,6 +27,7 @@ info: - "https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html" cwe: - CWE-16 + - CWE-200 cve: - CVE-2021-21234 - CVE-2023-29986 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootHttpTraceActuatorExposed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootHttpTraceActuatorExposed.yaml index ed52f8f0c5..55a91eedbe 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootHttpTraceActuatorExposed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootHttpTraceActuatorExposed.yaml @@ -28,6 +28,7 @@ info: - "https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html" cwe: - CWE-16 + - CWE-200 cve: - CVE-2021-21234 - CVE-2023-29986 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootThreadDumpActuatorExposed.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootThreadDumpActuatorExposed.yaml index 818d678830..395e90ab71 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootThreadDumpActuatorExposed.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SpringBootThreadDumpActuatorExposed.yaml @@ -28,6 +28,7 @@ info: - "https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html" cwe: - CWE-16 + - CWE-200 cve: - CVE-2021-21234 - CVE-2023-29986 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SshAuthorizedKeys.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SshAuthorizedKeys.yaml index eadd66d43d..43d57d6c10 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SshAuthorizedKeys.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SshAuthorizedKeys.yaml @@ -15,6 +15,7 @@ info: - https://www.ssh.com/academy/ssh/authorized-key cwe: - CWE-16 + - CWE-200 cve: - CVE-2023-43619 - CVE-2022-29154 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SshKnownHosts.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SshKnownHosts.yaml index d06786477e..cc9641e74e 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SshKnownHosts.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/SshKnownHosts.yaml @@ -15,6 +15,7 @@ info: - https://datacadamia.com/ssh/known_hosts cwe: - CWE-16 + - CWE-200 cve: - CVE-2005-2666 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/StrutsDebugModeEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/StrutsDebugModeEnabled.yaml index 0f03a1d63d..f3c72b3ad3 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/StrutsDebugModeEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/StrutsDebugModeEnabled.yaml @@ -26,7 +26,7 @@ info: - "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/" - "https://struts.apache.org/core-developers/development-mode" cwe: - - CWE-16 + - CWE-215 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/StrutsOgnlConsoleEnabled.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/StrutsOgnlConsoleEnabled.yaml index c9234390e7..270a784418 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/StrutsOgnlConsoleEnabled.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/StrutsOgnlConsoleEnabled.yaml @@ -26,7 +26,7 @@ info: - "https://struts.apache.org/core-developers/development-mode" - "https://nvd.nist.gov/vuln/detail/CVE-2020-17530" cwe: - - CWE-16 + - CWE-215 api_selection_filters: response_code: diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TextInjectionViaInvalidUrls.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TextInjectionViaInvalidUrls.yaml index 6f74771242..c4557d59ef 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TextInjectionViaInvalidUrls.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TextInjectionViaInvalidUrls.yaml @@ -20,7 +20,7 @@ info: - "https://owasp.org/www-community/attacks/Content_Spoofing" - "https://infosecwriteups.com/text-based-injection-content-spoofing-96e9eb1615d8" cwe: - - CWE-345 + - CWE-74 cve: - CVE-2019-1680 - CVE-2022-42889 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TraceMethodTest.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TraceMethodTest.yaml index adb974a3d9..8edb74aa26 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TraceMethodTest.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TraceMethodTest.yaml @@ -23,7 +23,7 @@ info: - "https://www.onwebsecurity.com/security/unsafe-http-methods.html" - "https://hackerone.com/reports/109054" cwe: - - CWE-274 + - CWE-16 cve: - CVE-2022-38115 - CVE-2018-11039 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TrackMethodTest.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TrackMethodTest.yaml index dca25972d9..11e20c1c57 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TrackMethodTest.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/TrackMethodTest.yaml @@ -23,7 +23,7 @@ info: - "https://www.onwebsecurity.com/security/unsafe-http-methods.html" - "https://hackerone.com/reports/83837" cwe: - - CWE-274 + - CWE-16 cve: - CVE-2021-35233 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/UnauthenticatedMongoExpress.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/UnauthenticatedMongoExpress.yaml index 0edfc7fa38..f7d32fe8e9 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/UnauthenticatedMongoExpress.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/UnauthenticatedMongoExpress.yaml @@ -14,7 +14,7 @@ info: references: - https://www.exploit-db.com/ghdb/5684 cwe: - - CWE-16 + - CWE-306 cve: - CVE-2020-7925 - CVE-2021-21422 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/UnwantedResponseHeaders.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/UnwantedResponseHeaders.yaml index ea2d32027e..cdfe1dcaaf 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/UnwantedResponseHeaders.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/UnwantedResponseHeaders.yaml @@ -23,6 +23,7 @@ info: - "https://portswigger.net/web-security/host-header/exploiting" - "https://blog.yeswehack.com/yeswerhackers/http-header-exploitation/" cwe: + - CWE-200 - CWE-16 cve: - CVE-2022-3215 diff --git a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/WgetrcConfig.yaml b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/WgetrcConfig.yaml index fff2298b92..3748e247e1 100644 --- a/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/WgetrcConfig.yaml +++ b/apps/dashboard/src/main/resources/inbuilt_test_yaml_files/WgetrcConfig.yaml @@ -15,6 +15,7 @@ info: - https://ubuntu.com/security/notices/USN-982-1 cwe: - CWE-16 + - CWE-200 api_selection_filters: response_code: