Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
patterns: | |
- metavariable-regex: | |
metavariable: $FUNC | |
regex: (NOTSET) | |
- pattern-either: | |
- patterns: | |
- pattern-either: | |
- pattern: $IMPORT.$FUNC(...) | |
- pattern: $IMPORT.$FUNC.call(...) | |
- pattern: $F(...,$IMPORT.$FUNC,...) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
A01:2021 - Broken Access Control: | |
- 'CWE CATEGORY: OWASP Top Ten 2021 Category A01:2021 - Broken Access Control' | |
- 'CWE-22: Improper Limitation of a Pathname to a Restricted Directory (''Path Traversal'')' | |
- 'CWE-23: Relative Path Traversal' | |
- 'CWE-35: Path Traversal: ''.../...//''' | |
- 'CWE-59: Improper Link Resolution Before File Access (''Link Following'')' | |
- 'CWE-200: Exposure of Sensitive Information to an Unauthorized Actor' | |
- 'CWE-201: Insertion of Sensitive Information Into Sent Data' | |
- 'CWE-219: Storage of File with Sensitive Data Under Web Root' | |
- 'CWE CATEGORY: Permissions, Privileges, and Access Controls' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
A01:2017 - Injection: | |
- 'CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection' | |
- 'CWE-77: Improper Neutralization of Special Elements used in a Command (''Command | |
Injection'')' | |
- 'CWE-78: Improper Neutralization of Special Elements used in an OS Command (''OS | |
Command Injection'')' | |
- 'CWE-88: Improper Neutralization of Argument Delimiters in a Command (''Argument | |
Injection'')' | |
- 'CWE-89: Improper Neutralization of Special Elements used in an SQL Command (''SQL | |
Injection'')' |