Skip to content

Commit

Permalink
Loading
Loading status checks…
Added all CWE category and fixed ROLIE "feed_url" options
Browse files Browse the repository at this point in the history
@giterlizzi
giterlizzi committed Apr 16, 2024
1 parent 7c93f1b commit e5312b7
Showing 3 changed files with 424 additions and 5 deletions.
2 changes: 1 addition & 1 deletion lib/CSAF.pm
View file
Original file line number Diff line number Diff line change
@@ -17,7 +17,7 @@ use overload '""' => \&to_string, fallback => 1;

use Moo;

our $VERSION = '0.20';
our $VERSION = '0.21';

our $CACHE = {};

5 changes: 2 additions & 3 deletions lib/CSAF/Options/ROLIE.pm
View file
Original file line number Diff line number Diff line change
@@ -13,11 +13,10 @@ use constant FALSE => !!0;

has csaf_directory => (is => 'rw');
has base_url => (is => 'rw', trigger => 1, default => 'https://psirt.domain.tld/advisories/csaf');
has feed_filename => (is => 'rw');
has feed_filename => (is => 'rw', default => 'csaf-feed-tlp-white.json');
has feed_id => (is => 'rw', trigger => 1, default => 'csaf-feed-tlp-white');
has feed_link => (is => 'rw', default => sub { [] });
has feed_title => (is => 'rw', default => 'CSAF feed (TLP:WHITE)');
has feed_url => (is => 'lazy');
has tlp_label => (is => 'rw', trigger => 1, default => 'WHITE', coerce => sub { uc $_[0] });

sub _trigger_base_url {
@@ -43,7 +42,7 @@ sub _trigger_feed_id {

}

sub _build_feed_url {
sub feed_url {
my $self = shift;
return join('/', $self->base_url, $self->feed_filename);
}
422 changes: 421 additions & 1 deletion lib/CSAF/Util/CWE.pm
View file
Original file line number Diff line number Diff line change
@@ -9,6 +9,8 @@ use Exporter 'import';
our @EXPORT_OK = (qw[get_weakness_name weakness_exists]);

use constant WEAKNESSES => (

# WEAKNESS
'CWE-5' => q"J2EE Misconfiguration: Data Transmission Without Encryption",
'CWE-6' => q"J2EE Misconfiguration: Insufficient Session-ID Length",
'CWE-7' => q"J2EE Misconfiguration: Missing Custom Error Page",
@@ -978,7 +980,425 @@ use constant WEAKNESSES => (
"Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution",
'CWE-1422' => q"Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution",
'CWE-1423' =>
"Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution"
"Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution",

# CATEGORY
'CWE-1' => q"DEPRECATED: Location",
'CWE-2' => q"7PK - Environment",
'CWE-3' => q"DEPRECATED: Technology-specific Environment Issues",
'CWE-4' => q"DEPRECATED: J2EE Environment Issues",
'CWE-10' => q"DEPRECATED: ASP.NET Environment Issues",
'CWE-16' => q"Configuration",
'CWE-17' => q"DEPRECATED: Code",
'CWE-18' => q"DEPRECATED: Source Code",
'CWE-19' => q"Data Processing Errors",
'CWE-21' => q"DEPRECATED: Pathname Traversal and Equivalence Errors",
'CWE-60' => q"DEPRECATED: UNIX Path Link Problems",
'CWE-63' => q"DEPRECATED: Windows Path Link Problems",
'CWE-68' => q"DEPRECATED: Windows Virtual File Problems",
'CWE-70' => q"DEPRECATED: Mac Virtual File Problems",
'CWE-100' => q"DEPRECATED: Technology-Specific Input Validation Problems",
'CWE-101' => q"DEPRECATED: Struts Validation Problems",
'CWE-133' => q"String Errors",
'CWE-136' => q"Type Errors",
'CWE-137' => q"Data Neutralization Issues",
'CWE-139' => q"DEPRECATED: General Special Element Problems",
'CWE-169' => q"DEPRECATED: Technology-Specific Special Elements",
'CWE-171' => q"DEPRECATED: Cleansing, Canonicalization, and Comparison Errors",
'CWE-189' => q"Numeric Errors",
'CWE-199' => q"Information Management Errors",
'CWE-227' => q"7PK - API Abuse",
'CWE-251' => q"Often Misused: String Management",
'CWE-254' => q"7PK - Security Features",
'CWE-255' => q"Credentials Management Errors",
'CWE-264' => q"Permissions, Privileges, and Access Controls",
'CWE-265' => q"Privilege Issues",
'CWE-275' => q"Permission Issues",
'CWE-310' => q"Cryptographic Issues",
'CWE-320' => q"Key Management Errors",
'CWE-355' => q"User Interface Security Issues",
'CWE-361' => q"7PK - Time and State",
'CWE-371' => q"State Issues",
'CWE-376' => q"DEPRECATED: Temporary File Issues",
'CWE-380' => q"DEPRECATED: Technology-Specific Time and State Issues",
'CWE-381' => q"DEPRECATED: J2EE Time and State Issues",
'CWE-387' => q"Signal Errors",
'CWE-388' => q"7PK - Errors",
'CWE-389' => q"Error Conditions, Return Values, Status Codes",
'CWE-398' => q"7PK - Code Quality",
'CWE-399' => q"Resource Management Errors",
'CWE-411' => q"Resource Locking Problems",
'CWE-417' => q"Communication Channel Errors",
'CWE-418' => q"DEPRECATED: Channel Errors",
'CWE-429' => q"Handler Errors",
'CWE-438' => q"Behavioral Problems",
'CWE-442' => q"DEPRECATED: Web Problems",
'CWE-445' => q"DEPRECATED: User Interface Errors",
'CWE-452' => q"Initialization and Cleanup Errors",
'CWE-461' => q"DEPRECATED: Data Structure Issues",
'CWE-465' => q"Pointer Issues",
'CWE-485' => q"7PK - Encapsulation",
'CWE-490' => q"DEPRECATED: Mobile Code Issues",
'CWE-503' => q"DEPRECATED: Byte/Object Code",
'CWE-504' => q"DEPRECATED: Motivation/Intent",
'CWE-505' => q"DEPRECATED: Intentionally Introduced Weakness",
'CWE-513' => q"DEPRECATED: Intentionally Introduced Nonmalicious Weakness",
'CWE-517' => q"DEPRECATED: Other Intentional, Nonmalicious Weakness",
'CWE-518' => q"DEPRECATED: Inadvertently Introduced Weakness",
'CWE-519' => q"DEPRECATED: .NET Environment Issues",
'CWE-557' => q"Concurrency Issues",
'CWE-559' => q"DEPRECATED: Often Misused: Arguments and Parameters",
'CWE-569' => q"Expression Issues",
'CWE-632' => q"DEPRECATED: Weaknesses that Affect Files or Directories",
'CWE-633' => q"DEPRECATED: Weaknesses that Affect Memory",
'CWE-634' => q"DEPRECATED: Weaknesses that Affect System Processes",
'CWE-712' => q"OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS)",
'CWE-713' => q"OWASP Top Ten 2007 Category A2 - Injection Flaws",
'CWE-714' => q"OWASP Top Ten 2007 Category A3 - Malicious File Execution",
'CWE-715' => q"OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference",
'CWE-716' => q"OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF)",
'CWE-717' => q"OWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error Handling",
'CWE-718' => q"OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management",
'CWE-719' => q"OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage",
'CWE-720' => q"OWASP Top Ten 2007 Category A9 - Insecure Communications",
'CWE-721' => q"OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access",
'CWE-722' => q"OWASP Top Ten 2004 Category A1 - Unvalidated Input",
'CWE-723' => q"OWASP Top Ten 2004 Category A2 - Broken Access Control",
'CWE-724' => q"OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management",
'CWE-725' => q"OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws",
'CWE-726' => q"OWASP Top Ten 2004 Category A5 - Buffer Overflows",
'CWE-727' => q"OWASP Top Ten 2004 Category A6 - Injection Flaws",
'CWE-728' => q"OWASP Top Ten 2004 Category A7 - Improper Error Handling",
'CWE-729' => q"OWASP Top Ten 2004 Category A8 - Insecure Storage",
'CWE-730' => q"OWASP Top Ten 2004 Category A9 - Denial of Service",
'CWE-731' => q"OWASP Top Ten 2004 Category A10 - Insecure Configuration Management",
'CWE-735' => q"CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE)",
'CWE-736' => q"CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL)",
'CWE-737' => q"CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP)",
'CWE-738' => q"CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT)",
'CWE-739' => q"CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP)",
'CWE-740' => q"CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR)",
'CWE-741' => q"CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR)",
'CWE-742' => q"CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM)",
'CWE-743' => q"CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO)",
'CWE-744' => q"CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV)",
'CWE-745' => q"CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG)",
'CWE-746' => q"CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR)",
'CWE-747' => q"CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC)",
'CWE-748' => q"CERT C Secure Coding Standard (2008) Appendix - POSIX (POS)",
'CWE-751' => q"2009 Top 25 - Insecure Interaction Between Components",
'CWE-752' => q"2009 Top 25 - Risky Resource Management",
'CWE-753' => q"2009 Top 25 - Porous Defenses",
'CWE-801' => q"2010 Top 25 - Insecure Interaction Between Components",
'CWE-802' => q"2010 Top 25 - Risky Resource Management",
'CWE-803' => q"2010 Top 25 - Porous Defenses",
'CWE-808' => q"2010 Top 25 - Weaknesses On the Cusp",
'CWE-810' => q"OWASP Top Ten 2010 Category A1 - Injection",
'CWE-811' => q"OWASP Top Ten 2010 Category A2 - Cross-Site Scripting (XSS)",
'CWE-812' => q"OWASP Top Ten 2010 Category A3 - Broken Authentication and Session Management",
'CWE-813' => q"OWASP Top Ten 2010 Category A4 - Insecure Direct Object References",
'CWE-814' => q"OWASP Top Ten 2010 Category A5 - Cross-Site Request Forgery(CSRF)",
'CWE-815' => q"OWASP Top Ten 2010 Category A6 - Security Misconfiguration",
'CWE-816' => q"OWASP Top Ten 2010 Category A7 - Insecure Cryptographic Storage",
'CWE-817' => q"OWASP Top Ten 2010 Category A8 - Failure to Restrict URL Access",
'CWE-818' => q"OWASP Top Ten 2010 Category A9 - Insufficient Transport Layer Protection",
'CWE-819' => q"OWASP Top Ten 2010 Category A10 - Unvalidated Redirects and Forwards",
'CWE-840' => q"Business Logic Errors",
'CWE-845' =>
q"The CERT Oracle Secure Coding Standard for Java (2011) Chapter 2 - Input Validation and Data Sanitization (IDS)",
'CWE-846' =>
q"The CERT Oracle Secure Coding Standard for Java (2011) Chapter 3 - Declarations and Initialization (DCL)",
'CWE-847' => q"The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP)",
'CWE-848' =>
q"The CERT Oracle Secure Coding Standard for Java (2011) Chapter 5 - Numeric Types and Operations (NUM)",
'CWE-849' => q"The CERT Oracle Secure Coding Standard for Java (2011) Chapter 6 - Object Orientation (OBJ)",
'CWE-850' => q"The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET)",
'CWE-851' => q"The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR)",
'CWE-852' => q"The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA)",
'CWE-853' => q"The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK)",
'CWE-854' => q"The CERT Oracle Secure Coding Standard for Java (2011) Chapter 11 - Thread APIs (THI)",
'CWE-855' => q"The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS)",
'CWE-856' =>
q"The CERT Oracle Secure Coding Standard for Java (2011) Chapter 13 - Thread-Safety Miscellaneous (TSM)",
'CWE-857' => q"The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO)",
'CWE-858' => q"The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER)",
'CWE-859' => q"The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC)",
'CWE-860' => q"The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV)",
'CWE-861' => q"The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC)",
'CWE-864' => q"2011 Top 25 - Insecure Interaction Between Components",
'CWE-865' => q"2011 Top 25 - Risky Resource Management",
'CWE-866' => q"2011 Top 25 - Porous Defenses",
'CWE-867' => q"2011 Top 25 - Weaknesses On the Cusp",
'CWE-869' => q"CERT C++ Secure Coding Section 01 - Preprocessor (PRE)",
'CWE-870' => q"CERT C++ Secure Coding Section 02 - Declarations and Initialization (DCL)",
'CWE-871' => q"CERT C++ Secure Coding Section 03 - Expressions (EXP)",
'CWE-872' => q"CERT C++ Secure Coding Section 04 - Integers (INT)",
'CWE-873' => q"CERT C++ Secure Coding Section 05 - Floating Point Arithmetic (FLP)",
'CWE-874' => q"CERT C++ Secure Coding Section 06 - Arrays and the STL (ARR)",
'CWE-875' => q"CERT C++ Secure Coding Section 07 - Characters and Strings (STR)",
'CWE-876' => q"CERT C++ Secure Coding Section 08 - Memory Management (MEM)",
'CWE-877' => q"CERT C++ Secure Coding Section 09 - Input Output (FIO)",
'CWE-878' => q"CERT C++ Secure Coding Section 10 - Environment (ENV)",
'CWE-879' => q"CERT C++ Secure Coding Section 11 - Signals (SIG)",
'CWE-880' => q"CERT C++ Secure Coding Section 12 - Exceptions and Error Handling (ERR)",
'CWE-881' => q"CERT C++ Secure Coding Section 13 - Object Oriented Programming (OOP)",
'CWE-882' => q"CERT C++ Secure Coding Section 14 - Concurrency (CON)",
'CWE-883' => q"CERT C++ Secure Coding Section 49 - Miscellaneous (MSC)",
'CWE-885' => q"SFP Primary Cluster: Risky Values",
'CWE-886' => q"SFP Primary Cluster: Unused entities",
'CWE-887' => q"SFP Primary Cluster: API",
'CWE-889' => q"SFP Primary Cluster: Exception Management",
'CWE-890' => q"SFP Primary Cluster: Memory Access",
'CWE-891' => q"SFP Primary Cluster: Memory Management",
'CWE-892' => q"SFP Primary Cluster: Resource Management",
'CWE-893' => q"SFP Primary Cluster: Path Resolution",
'CWE-894' => q"SFP Primary Cluster: Synchronization",
'CWE-895' => q"SFP Primary Cluster: Information Leak",
'CWE-896' => q"SFP Primary Cluster: Tainted Input",
'CWE-897' => q"SFP Primary Cluster: Entry Points",
'CWE-898' => q"SFP Primary Cluster: Authentication",
'CWE-899' => q"SFP Primary Cluster: Access Control",
'CWE-901' => q"SFP Primary Cluster: Privilege",
'CWE-902' => q"SFP Primary Cluster: Channel",
'CWE-903' => q"SFP Primary Cluster: Cryptography",
'CWE-904' => q"SFP Primary Cluster: Malware",
'CWE-905' => q"SFP Primary Cluster: Predictability",
'CWE-906' => q"SFP Primary Cluster: UI",
'CWE-907' => q"SFP Primary Cluster: Other",
'CWE-929' => q"OWASP Top Ten 2013 Category A1 - Injection",
'CWE-930' => q"OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management",
'CWE-931' => q"OWASP Top Ten 2013 Category A3 - Cross-Site Scripting (XSS)",
'CWE-932' => q"OWASP Top Ten 2013 Category A4 - Insecure Direct Object References",
'CWE-933' => q"OWASP Top Ten 2013 Category A5 - Security Misconfiguration",
'CWE-934' => q"OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure",
'CWE-935' => q"OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control",
'CWE-936' => q"OWASP Top Ten 2013 Category A8 - Cross-Site Request Forgery (CSRF)",
'CWE-937' => q"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities",
'CWE-938' => q"OWASP Top Ten 2013 Category A10 - Unvalidated Redirects and Forwards",
'CWE-944' => q"SFP Secondary Cluster: Access Management",
'CWE-945' => q"SFP Secondary Cluster: Insecure Resource Access",
'CWE-946' => q"SFP Secondary Cluster: Insecure Resource Permissions",
'CWE-947' => q"SFP Secondary Cluster: Authentication Bypass",
'CWE-948' => q"SFP Secondary Cluster: Digital Certificate",
'CWE-949' => q"SFP Secondary Cluster: Faulty Endpoint Authentication",
'CWE-950' => q"SFP Secondary Cluster: Hardcoded Sensitive Data",
'CWE-951' => q"SFP Secondary Cluster: Insecure Authentication Policy",
'CWE-952' => q"SFP Secondary Cluster: Missing Authentication",
'CWE-953' => q"SFP Secondary Cluster: Missing Endpoint Authentication",
'CWE-954' => q"SFP Secondary Cluster: Multiple Binds to the Same Port",
'CWE-955' => q"SFP Secondary Cluster: Unrestricted Authentication",
'CWE-956' => q"SFP Secondary Cluster: Channel Attack",
'CWE-957' => q"SFP Secondary Cluster: Protocol Error",
'CWE-958' => q"SFP Secondary Cluster: Broken Cryptography",
'CWE-959' => q"SFP Secondary Cluster: Weak Cryptography",
'CWE-960' => q"SFP Secondary Cluster: Ambiguous Exception Type",
'CWE-961' => q"SFP Secondary Cluster: Incorrect Exception Behavior",
'CWE-962' => q"SFP Secondary Cluster: Unchecked Status Condition",
'CWE-963' => q"SFP Secondary Cluster: Exposed Data",
'CWE-964' => q"SFP Secondary Cluster: Exposure Temporary File",
'CWE-965' => q"SFP Secondary Cluster: Insecure Session Management",
'CWE-966' => q"SFP Secondary Cluster: Other Exposures",
'CWE-967' => q"SFP Secondary Cluster: State Disclosure",
'CWE-968' => q"SFP Secondary Cluster: Covert Channel",
'CWE-969' => q"SFP Secondary Cluster: Faulty Memory Release",
'CWE-970' => q"SFP Secondary Cluster: Faulty Buffer Access",
'CWE-971' => q"SFP Secondary Cluster: Faulty Pointer Use",
'CWE-972' => q"SFP Secondary Cluster: Faulty String Expansion",
'CWE-973' => q"SFP Secondary Cluster: Improper NULL Termination",
'CWE-974' => q"SFP Secondary Cluster: Incorrect Buffer Length Computation",
'CWE-975' => q"SFP Secondary Cluster: Architecture",
'CWE-976' => q"SFP Secondary Cluster: Compiler",
'CWE-977' => q"SFP Secondary Cluster: Design",
'CWE-978' => q"SFP Secondary Cluster: Implementation",
'CWE-979' => q"SFP Secondary Cluster: Failed Chroot Jail",
'CWE-980' => q"SFP Secondary Cluster: Link in Resource Name Resolution",
'CWE-981' => q"SFP Secondary Cluster: Path Traversal",
'CWE-982' => q"SFP Secondary Cluster: Failure to Release Resource",
'CWE-983' => q"SFP Secondary Cluster: Faulty Resource Use",
'CWE-984' => q"SFP Secondary Cluster: Life Cycle",
'CWE-985' => q"SFP Secondary Cluster: Unrestricted Consumption",
'CWE-986' => q"SFP Secondary Cluster: Missing Lock",
'CWE-987' => q"SFP Secondary Cluster: Multiple Locks/Unlocks",
'CWE-988' => q"SFP Secondary Cluster: Race Condition Window",
'CWE-989' => q"SFP Secondary Cluster: Unrestricted Lock",
'CWE-990' => q"SFP Secondary Cluster: Tainted Input to Command",
'CWE-991' => q"SFP Secondary Cluster: Tainted Input to Environment",
'CWE-992' => q"SFP Secondary Cluster: Faulty Input Transformation",
'CWE-993' => q"SFP Secondary Cluster: Incorrect Input Handling",
'CWE-994' => q"SFP Secondary Cluster: Tainted Input to Variable",
'CWE-995' => q"SFP Secondary Cluster: Feature",
'CWE-996' => q"SFP Secondary Cluster: Security",
'CWE-997' => q"SFP Secondary Cluster: Information Loss",
'CWE-998' => q"SFP Secondary Cluster: Glitch in Computation",
'CWE-1001' => q"SFP Secondary Cluster: Use of an Improper API",
'CWE-1002' => q"SFP Secondary Cluster: Unexpected Entry Points",
'CWE-1005' => q"7PK - Input Validation and Representation",
'CWE-1006' => q"Bad Coding Practices",
'CWE-1009' => q"Audit",
'CWE-1010' => q"Authenticate Actors",
'CWE-1011' => q"Authorize Actors",
'CWE-1012' => q"Cross Cutting",
'CWE-1013' => q"Encrypt Data",
'CWE-1014' => q"Identify Actors",
'CWE-1015' => q"Limit Access",
'CWE-1016' => q"Limit Exposure",
'CWE-1017' => q"Lock Computer",
'CWE-1018' => q"Manage User Sessions",
'CWE-1019' => q"Validate Inputs",
'CWE-1020' => q"Verify Message Integrity",
'CWE-1027' => q"OWASP Top Ten 2017 Category A1 - Injection",
'CWE-1028' => q"OWASP Top Ten 2017 Category A2 - Broken Authentication",
'CWE-1029' => q"OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure",
'CWE-1030' => q"OWASP Top Ten 2017 Category A4 - XML External Entities (XXE)",
'CWE-1031' => q"OWASP Top Ten 2017 Category A5 - Broken Access Control",
'CWE-1032' => q"OWASP Top Ten 2017 Category A6 - Security Misconfiguration",
'CWE-1033' => q"OWASP Top Ten 2017 Category A7 - Cross-Site Scripting (XSS)",
'CWE-1034' => q"OWASP Top Ten 2017 Category A8 - Insecure Deserialization",
'CWE-1035' => q"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities",
'CWE-1036' => q"OWASP Top Ten 2017 Category A10 - Insufficient Logging & Monitoring",
'CWE-1129' => q"CISQ Quality Measures (2016) - Reliability",
'CWE-1130' => q"CISQ Quality Measures (2016) - Maintainability",
'CWE-1131' => q"CISQ Quality Measures (2016) - Security",
'CWE-1132' => q"CISQ Quality Measures (2016) - Performance Efficiency",
'CWE-1134' =>
q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 00. Input Validation and Data Sanitization (IDS)",
'CWE-1135' =>
q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 01. Declarations and Initialization (DCL)",
'CWE-1136' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 02. Expressions (EXP)",
'CWE-1137' =>
q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM)",
'CWE-1138' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 04. Characters and Strings (STR)",
'CWE-1139' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 05. Object Orientation (OBJ)",
'CWE-1140' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 06. Methods (MET)",
'CWE-1141' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 07. Exceptional Behavior (ERR)",
'CWE-1142' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 08. Visibility and Atomicity (VNA)",
'CWE-1143' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 09. Locking (LCK)",
'CWE-1144' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 10. Thread APIs (THI)",
'CWE-1145' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 11. Thread Pools (TPS)",
'CWE-1146' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 12. Thread-Safety Miscellaneous (TSM)",
'CWE-1147' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)",
'CWE-1148' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 14. Serialization (SER)",
'CWE-1149' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 15. Platform Security (SEC)",
'CWE-1150' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 16. Runtime Environment (ENV)",
'CWE-1151' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 17. Java Native Interface (JNI)",
'CWE-1152' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 49. Miscellaneous (MSC)",
'CWE-1153' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 50. Android (DRD)",
'CWE-1155' => q"SEI CERT C Coding Standard - Guidelines 01. Preprocessor (PRE)",
'CWE-1156' => q"SEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL)",
'CWE-1157' => q"SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP)",
'CWE-1158' => q"SEI CERT C Coding Standard - Guidelines 04. Integers (INT)",
'CWE-1159' => q"SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP)",
'CWE-1160' => q"SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR)",
'CWE-1161' => q"SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR)",
'CWE-1162' => q"SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM)",
'CWE-1163' => q"SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO)",
'CWE-1165' => q"SEI CERT C Coding Standard - Guidelines 10. Environment (ENV)",
'CWE-1166' => q"SEI CERT C Coding Standard - Guidelines 11. Signals (SIG)",
'CWE-1167' => q"SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR)",
'CWE-1168' => q"SEI CERT C Coding Standard - Guidelines 13. Application Programming Interfaces (API)",
'CWE-1169' => q"SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON)",
'CWE-1170' => q"SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC)",
'CWE-1171' => q"SEI CERT C Coding Standard - Guidelines 50. POSIX (POS)",
'CWE-1172' => q"SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN) ",
'CWE-1175' => q"SEI CERT Oracle Secure Coding Standard for Java - Guidelines 18. Concurrency (CON)",
'CWE-1179' => q"SEI CERT Perl Coding Standard - Guidelines 01. Input Validation and Data Sanitization (IDS)",
'CWE-1180' => q"SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL)",
'CWE-1181' => q"SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP)",
'CWE-1182' => q"SEI CERT Perl Coding Standard - Guidelines 04. Integers (INT)",
'CWE-1183' => q"SEI CERT Perl Coding Standard - Guidelines 05. Strings (STR)",
'CWE-1184' => q"SEI CERT Perl Coding Standard - Guidelines 06. Object-Oriented Programming (OOP)",
'CWE-1185' => q"SEI CERT Perl Coding Standard - Guidelines 07. File Input and Output (FIO)",
'CWE-1186' => q"SEI CERT Perl Coding Standard - Guidelines 50. Miscellaneous (MSC)",
'CWE-1195' => q"Manufacturing and Life Cycle Management Concerns",
'CWE-1196' => q"Security Flow Issues",
'CWE-1197' => q"Integration Issues",
'CWE-1198' => q"Privilege Separation and Access Control Issues",
'CWE-1199' => q"General Circuit and Logic Design Concerns",
'CWE-1201' => q"Core and Compute Issues",
'CWE-1202' => q"Memory and Storage Issues",
'CWE-1203' => q"Peripherals, On-chip Fabric, and Interface/IO Problems",
'CWE-1205' => q"Security Primitives and Cryptography Issues",
'CWE-1206' => q"Power, Clock, Thermal, and Reset Concerns",
'CWE-1207' => q"Debug and Test Problems",
'CWE-1208' => q"Cross-Cutting Problems",
'CWE-1210' => q"Audit / Logging Errors",
'CWE-1211' => q"Authentication Errors",
'CWE-1212' => q"Authorization Errors",
'CWE-1213' => q"Random Number Issues",
'CWE-1214' => q"Data Integrity Issues",
'CWE-1215' => q"Data Validation Issues",
'CWE-1216' => q"Lockout Mechanism Errors",
'CWE-1217' => q"User Session Errors",
'CWE-1218' => q"Memory Buffer Errors",
'CWE-1219' => q"File Handling Issues",
'CWE-1225' => q"Documentation Issues",
'CWE-1226' => q"Complexity Issues",
'CWE-1227' => q"Encapsulation Issues",
'CWE-1228' => q"API / Function Errors",
'CWE-1237' => q"SFP Primary Cluster: Faulty Resource Release",
'CWE-1238' => q"SFP Primary Cluster: Failure to Release Memory",
'CWE-1306' => q"CISQ Quality Measures - Reliability",
'CWE-1307' => q"CISQ Quality Measures - Maintainability",
'CWE-1308' => q"CISQ Quality Measures - Security",
'CWE-1309' => q"CISQ Quality Measures - Efficiency",
'CWE-1345' => q"OWASP Top Ten 2021 Category A01:2021 - Broken Access Control",
'CWE-1346' => q"OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures",
'CWE-1347' => q"OWASP Top Ten 2021 Category A03:2021 - Injection",
'CWE-1348' => q"OWASP Top Ten 2021 Category A04:2021 - Insecure Design",
'CWE-1349' => q"OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration",
'CWE-1352' => q"OWASP Top Ten 2021 Category A06:2021 - Vulnerable and Outdated Components",
'CWE-1353' => q"OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures",
'CWE-1354' => q"OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures",
'CWE-1355' => q"OWASP Top Ten 2021 Category A09:2021 - Security Logging and Monitoring Failures",
'CWE-1356' => q"OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF)",
'CWE-1359' => q"ICS Communications",
'CWE-1360' => q"ICS Dependencies (& Architecture)",
'CWE-1361' => q"ICS Supply Chain",
'CWE-1362' => q"ICS Engineering (Constructions/Deployment)",
'CWE-1363' => q"ICS Operations (& Maintenance)",
'CWE-1364' => q"ICS Communications: Zone Boundary Failures",
'CWE-1365' => q"ICS Communications: Unreliability",
'CWE-1366' => q"ICS Communications: Frail Security in Protocols",
'CWE-1367' => q"ICS Dependencies (& Architecture): External Physical Systems",
'CWE-1368' => q"ICS Dependencies (& Architecture): External Digital Systems",
'CWE-1369' => q"ICS Supply Chain: IT/OT Convergence/Expansion",
'CWE-1370' => q"ICS Supply Chain: Common Mode Frailties",
'CWE-1371' => q"ICS Supply Chain: Poorly Documented or Undocumented Features",
'CWE-1372' => q"ICS Supply Chain: OT Counterfeit and Malicious Corruption",
'CWE-1373' => q"ICS Engineering (Construction/Deployment): Trust Model Problems",
'CWE-1374' => q"ICS Engineering (Construction/Deployment): Maker Breaker Blindness",
'CWE-1375' => q"ICS Engineering (Construction/Deployment): Gaps in Details/Data",
'CWE-1376' => q"ICS Engineering (Construction/Deployment): Security Gaps in Commissioning",
'CWE-1377' => q"ICS Engineering (Construction/Deployment): Inherent Predictability in Design",
'CWE-1378' => q"ICS Operations (& Maintenance): Gaps in obligations and training",
'CWE-1379' => q"ICS Operations (& Maintenance): Human factors in ICS environments",
'CWE-1380' => q"ICS Operations (& Maintenance): Post-analysis changes",
'CWE-1381' => q"ICS Operations (& Maintenance): Exploitable Standard Operational Procedures",
'CWE-1382' => q"ICS Operations (& Maintenance): Emerging Energy Technologies",
'CWE-1383' => q"ICS Operations (& Maintenance): Compliance/Conformance with Regulatory Requirements",
'CWE-1388' => q"Physical Access Issues and Concerns",
'CWE-1396' => q"Comprehensive Categorization: Access Control",
'CWE-1397' => q"Comprehensive Categorization: Comparison",
'CWE-1398' => q"Comprehensive Categorization: Component Interaction",
'CWE-1399' => q"Comprehensive Categorization: Memory Safety",
'CWE-1401' => q"Comprehensive Categorization: Concurrency",
'CWE-1402' => q"Comprehensive Categorization: Encryption",
'CWE-1403' => q"Comprehensive Categorization: Exposed Resource",
'CWE-1404' => q"Comprehensive Categorization: File Handling",
'CWE-1405' => q"Comprehensive Categorization: Improper Check or Handling of Exceptional Conditions",
'CWE-1406' => q"Comprehensive Categorization: Improper Input Validation",
'CWE-1407' => q"Comprehensive Categorization: Improper Neutralization",
'CWE-1408' => q"Comprehensive Categorization: Incorrect Calculation",
'CWE-1409' => q"Comprehensive Categorization: Injection",
'CWE-1410' => q"Comprehensive Categorization: Insufficient Control Flow Management",
'CWE-1411' => q"Comprehensive Categorization: Insufficient Verification of Data Authenticity",
'CWE-1412' => q"Comprehensive Categorization: Poor Coding Practices",
'CWE-1413' => q"Comprehensive Categorization: Protection Mechanism Failure",
'CWE-1414' => q"Comprehensive Categorization: Randomness",
'CWE-1415' => q"Comprehensive Categorization: Resource Control",
'CWE-1416' => q"Comprehensive Categorization: Resource Lifecycle Management",
'CWE-1417' => q"Comprehensive Categorization: Sensitive Information Exposure",
'CWE-1418' => q"Comprehensive Categorization: Violation of Secure Design Principles",
);

sub get_weakness_name {

0 comments on commit e5312b7

Please sign in to comment.