|
919 | 919 | "abstraction": "Base", |
920 | 920 | "children": [] |
921 | 921 | }, |
922 | | - { |
923 | | - "id": "CWE-1242", |
924 | | - "name": "CWE-1242: Inclusion of Undocumented Features or Chicken Bits", |
925 | | - "abstraction": "Base", |
926 | | - "children": [] |
927 | | - }, |
928 | 922 | { |
929 | 923 | "id": "CWE-1252", |
930 | 924 | "name": "CWE-1252: CPU Hardware Not Configured to Support Exclusivity", |
|
1219 | 1213 | "name": "CWE-119: Improper Restriction of Operations within the Boun", |
1220 | 1214 | "abstraction": "Class", |
1221 | 1215 | "children": [ |
1222 | | - { |
1223 | | - "id": "CWE-120", |
1224 | | - "name": "CWE-120: Buffer Copy without Checking Size of Input ('Class", |
1225 | | - "abstraction": "Base", |
1226 | | - "children": [ |
1227 | | - { |
1228 | | - "id": "CWE-785", |
1229 | | - "name": "CWE-785: Use of Path Manipulation Function without Maximum-", |
1230 | | - "abstraction": "Variant", |
1231 | | - "children": [] |
1232 | | - } |
1233 | | - ] |
1234 | | - }, |
1235 | 1216 | { |
1236 | 1217 | "id": "CWE-125", |
1237 | 1218 | "name": "CWE-125: Out-of-bounds Read", |
|
1281 | 1262 | "name": "CWE-787: Out-of-bounds Write", |
1282 | 1263 | "abstraction": "Base", |
1283 | 1264 | "children": [ |
| 1265 | + { |
| 1266 | + "id": "CWE-120", |
| 1267 | + "name": "CWE-120: Buffer Copy without Checking Size of Input ('Class", |
| 1268 | + "abstraction": "Base", |
| 1269 | + "children": [ |
| 1270 | + { |
| 1271 | + "id": "CWE-785", |
| 1272 | + "name": "CWE-785: Use of Path Manipulation Function without Maximum-", |
| 1273 | + "abstraction": "Variant", |
| 1274 | + "children": [] |
| 1275 | + } |
| 1276 | + ] |
| 1277 | + }, |
1284 | 1278 | { |
1285 | 1279 | "id": "CWE-121", |
1286 | 1280 | "name": "CWE-121: Stack-based Buffer Overflow", |
|
1407 | 1401 | "name": "CWE-778: Insufficient Logging", |
1408 | 1402 | "abstraction": "Base", |
1409 | 1403 | "children": [] |
| 1404 | + }, |
| 1405 | + { |
| 1406 | + "id": "CWE-1429", |
| 1407 | + "name": "CWE-1429: Missing Security-Relevant Feedback for Unexecuted ", |
| 1408 | + "abstraction": "Base", |
| 1409 | + "children": [] |
1410 | 1410 | } |
1411 | 1411 | ] |
1412 | 1412 | }, |
|
1790 | 1790 | { |
1791 | 1791 | "id": "CWE-410", |
1792 | 1792 | "name": "CWE-410: Insufficient Resource Pool", |
1793 | | - "abstraction": "Base", |
| 1793 | + "abstraction": "Class", |
1794 | 1794 | "children": [] |
1795 | 1795 | }, |
1796 | 1796 | { |
1797 | 1797 | "id": "CWE-471", |
1798 | 1798 | "name": "CWE-471: Modification of Assumed-Immutable Data (MAID)", |
1799 | 1799 | "abstraction": "Base", |
1800 | 1800 | "children": [ |
1801 | | - { |
1802 | | - "id": "CWE-291", |
1803 | | - "name": "CWE-291: Reliance on IP Address for Authentication", |
1804 | | - "abstraction": "Variant", |
1805 | | - "children": [] |
1806 | | - }, |
1807 | 1801 | { |
1808 | 1802 | "id": "CWE-472", |
1809 | 1803 | "name": "CWE-472: External Control of Assumed-Immutable Web Paramete", |
|
2303 | 2297 | "abstraction": "Variant", |
2304 | 2298 | "children": [] |
2305 | 2299 | }, |
2306 | | - { |
2307 | | - "id": "CWE-22", |
2308 | | - "name": "CWE-22: Improper Limitation of a Pathname to a Restricted ", |
2309 | | - "abstraction": "Base", |
2310 | | - "children": [ |
2311 | | - { |
2312 | | - "id": "CWE-23", |
2313 | | - "name": "CWE-23: Relative Path Traversal", |
2314 | | - "abstraction": "Base", |
2315 | | - "children": [ |
2316 | | - { |
2317 | | - "id": "CWE-24", |
2318 | | - "name": "CWE-24: Path Traversal: '../filedir'", |
2319 | | - "abstraction": "Variant", |
2320 | | - "children": [] |
2321 | | - }, |
2322 | | - { |
2323 | | - "id": "CWE-25", |
2324 | | - "name": "CWE-25: Path Traversal: '/../filedir'", |
2325 | | - "abstraction": "Variant", |
2326 | | - "children": [] |
2327 | | - }, |
2328 | | - { |
2329 | | - "id": "CWE-26", |
2330 | | - "name": "CWE-26: Path Traversal: '/dir/../filename'", |
2331 | | - "abstraction": "Variant", |
2332 | | - "children": [] |
2333 | | - }, |
2334 | | - { |
2335 | | - "id": "CWE-27", |
2336 | | - "name": "CWE-27: Path Traversal: 'dir/../../filename'", |
2337 | | - "abstraction": "Variant", |
2338 | | - "children": [] |
2339 | | - }, |
2340 | | - { |
2341 | | - "id": "CWE-28", |
2342 | | - "name": "CWE-28: Path Traversal: '..\\filedir'", |
2343 | | - "abstraction": "Variant", |
2344 | | - "children": [] |
2345 | | - }, |
2346 | | - { |
2347 | | - "id": "CWE-29", |
2348 | | - "name": "CWE-29: Path Traversal: '\\..\\filename'", |
2349 | | - "abstraction": "Variant", |
2350 | | - "children": [] |
2351 | | - }, |
2352 | | - { |
2353 | | - "id": "CWE-30", |
2354 | | - "name": "CWE-30: Path Traversal: '\\dir\\..\\filename'", |
2355 | | - "abstraction": "Variant", |
2356 | | - "children": [] |
2357 | | - }, |
2358 | | - { |
2359 | | - "id": "CWE-31", |
2360 | | - "name": "CWE-31: Path Traversal: 'dir\\..\\..\\filename'", |
2361 | | - "abstraction": "Variant", |
2362 | | - "children": [] |
2363 | | - }, |
2364 | | - { |
2365 | | - "id": "CWE-32", |
2366 | | - "name": "CWE-32: Path Traversal: '...' (Triple Dot)", |
2367 | | - "abstraction": "Variant", |
2368 | | - "children": [] |
2369 | | - }, |
2370 | | - { |
2371 | | - "id": "CWE-33", |
2372 | | - "name": "CWE-33: Path Traversal: '....' (Multiple Dot)", |
2373 | | - "abstraction": "Variant", |
2374 | | - "children": [] |
2375 | | - }, |
2376 | | - { |
2377 | | - "id": "CWE-34", |
2378 | | - "name": "CWE-34: Path Traversal: '....//'", |
2379 | | - "abstraction": "Variant", |
2380 | | - "children": [] |
2381 | | - }, |
2382 | | - { |
2383 | | - "id": "CWE-35", |
2384 | | - "name": "CWE-35: Path Traversal: '.../...//'", |
2385 | | - "abstraction": "Variant", |
2386 | | - "children": [] |
2387 | | - } |
2388 | | - ] |
2389 | | - }, |
2390 | | - { |
2391 | | - "id": "CWE-36", |
2392 | | - "name": "CWE-36: Absolute Path Traversal", |
2393 | | - "abstraction": "Base", |
2394 | | - "children": [ |
2395 | | - { |
2396 | | - "id": "CWE-37", |
2397 | | - "name": "CWE-37: Path Traversal: '/absolute/pathname/here'", |
2398 | | - "abstraction": "Variant", |
2399 | | - "children": [] |
2400 | | - }, |
2401 | | - { |
2402 | | - "id": "CWE-38", |
2403 | | - "name": "CWE-38: Path Traversal: '\\absolute\\pathname\\here'", |
2404 | | - "abstraction": "Variant", |
2405 | | - "children": [] |
2406 | | - }, |
2407 | | - { |
2408 | | - "id": "CWE-39", |
2409 | | - "name": "CWE-39: Path Traversal: 'C:dirname'", |
2410 | | - "abstraction": "Variant", |
2411 | | - "children": [] |
2412 | | - }, |
2413 | | - { |
2414 | | - "id": "CWE-40", |
2415 | | - "name": "CWE-40: Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC S", |
2416 | | - "abstraction": "Variant", |
2417 | | - "children": [] |
2418 | | - } |
2419 | | - ] |
2420 | | - } |
2421 | | - ] |
2422 | | - }, |
2423 | 2300 | { |
2424 | 2301 | "id": "CWE-134", |
2425 | 2302 | "name": "CWE-134: Use of Externally-Controlled Format String", |
|
2650 | 2527 | "name": "CWE-1295: Debug Messages Revealing Unnecessary Information", |
2651 | 2528 | "abstraction": "Base", |
2652 | 2529 | "children": [] |
| 2530 | + }, |
| 2531 | + { |
| 2532 | + "id": "CWE-1431", |
| 2533 | + "name": "CWE-1431: Driving Intermediate Cryptographic State/Results t", |
| 2534 | + "abstraction": "Base", |
| 2535 | + "children": [] |
2653 | 2536 | } |
2654 | 2537 | ] |
2655 | 2538 | }, |
|
4273 | 4156 | "abstraction": "Base", |
4274 | 4157 | "children": [] |
4275 | 4158 | }, |
| 4159 | + { |
| 4160 | + "id": "CWE-1279", |
| 4161 | + "name": "CWE-1279: Cryptographic Operations are run Before Supporting", |
| 4162 | + "abstraction": "Base", |
| 4163 | + "children": [] |
| 4164 | + }, |
4276 | 4165 | { |
4277 | 4166 | "id": "CWE-1280", |
4278 | 4167 | "name": "CWE-1280: Access Control Check Implemented After Asset is Ac", |
|
4412 | 4301 | "abstraction": "Base", |
4413 | 4302 | "children": [] |
4414 | 4303 | }, |
4415 | | - { |
4416 | | - "id": "CWE-1279", |
4417 | | - "name": "CWE-1279: Cryptographic Operations are run Before Supporting", |
4418 | | - "abstraction": "Base", |
4419 | | - "children": [] |
4420 | | - }, |
4421 | 4304 | { |
4422 | 4305 | "id": "CWE-1281", |
4423 | 4306 | "name": "CWE-1281: Sequence of Processor Instructions Leads to Unexpe", |
|
4431 | 4314 | "name": "CWE-693: Protection Mechanism Failure", |
4432 | 4315 | "abstraction": "Pillar", |
4433 | 4316 | "children": [ |
4434 | | - { |
4435 | | - "id": "CWE-182", |
4436 | | - "name": "CWE-182: Collapse of Data into Unsafe Value", |
4437 | | - "abstraction": "Base", |
4438 | | - "children": [] |
4439 | | - }, |
4440 | 4317 | { |
4441 | 4318 | "id": "CWE-184", |
4442 | 4319 | "name": "CWE-184: Incomplete List of Disallowed Inputs", |
|
4520 | 4397 | "name": "CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure'", |
4521 | 4398 | "abstraction": "Variant", |
4522 | 4399 | "children": [] |
| 4400 | + }, |
| 4401 | + { |
| 4402 | + "id": "CWE-1428", |
| 4403 | + "name": "CWE-1428: Reliance on HTTP instead of HTTPS", |
| 4404 | + "abstraction": "Base", |
| 4405 | + "children": [] |
4523 | 4406 | } |
4524 | 4407 | ] |
4525 | 4408 | } |
|
5000 | 4883 | "abstraction": "Base", |
5001 | 4884 | "children": [] |
5002 | 4885 | }, |
5003 | | - { |
5004 | | - "id": "CWE-778", |
5005 | | - "name": "CWE-778: Insufficient Logging", |
5006 | | - "abstraction": "Base", |
5007 | | - "children": [] |
5008 | | - }, |
5009 | 4886 | { |
5010 | 4887 | "id": "CWE-807", |
5011 | 4888 | "name": "CWE-807: Reliance on Untrusted Inputs in a Security Decisio", |
|
5033 | 4910 | }, |
5034 | 4911 | { |
5035 | 4912 | "id": "CWE-1039", |
5036 | | - "name": "CWE-1039: Automated Recognition Mechanism with Inadequate De", |
| 4913 | + "name": "CWE-1039: Inadequate Detection or Handling of Adversarial In", |
5037 | 4914 | "abstraction": "Class", |
5038 | 4915 | "children": [] |
5039 | 4916 | }, |
|
5215 | 5092 | }, |
5216 | 5093 | { |
5217 | 5094 | "id": "CWE-1039", |
5218 | | - "name": "CWE-1039: Automated Recognition Mechanism with Inadequate De", |
| 5095 | + "name": "CWE-1039: Inadequate Detection or Handling of Adversarial In", |
5219 | 5096 | "abstraction": "Class", |
5220 | 5097 | "children": [] |
5221 | 5098 | }, |
|
6419 | 6296 | } |
6420 | 6297 | ] |
6421 | 6298 | }, |
| 6299 | + { |
| 6300 | + "id": "CWE-182", |
| 6301 | + "name": "CWE-182: Collapse of Data into Unsafe Value", |
| 6302 | + "abstraction": "Base", |
| 6303 | + "children": [] |
| 6304 | + }, |
6422 | 6305 | { |
6423 | 6306 | "id": "CWE-228", |
6424 | 6307 | "name": "CWE-228: Improper Handling of Syntactically Invalid Structu", |
|
7134 | 7017 | "children": [] |
7135 | 7018 | } |
7136 | 7019 | ] |
| 7020 | + }, |
| 7021 | + { |
| 7022 | + "id": "CWE-1242", |
| 7023 | + "name": "CWE-1242: Inclusion of Undocumented Features or Chicken Bits", |
| 7024 | + "abstraction": "Base", |
| 7025 | + "children": [] |
7137 | 7026 | } |
7138 | 7027 | ] |
7139 | 7028 | }, |
|
0 commit comments